IEDLL.EXE

[bhath19]

I just noticed this file running in the background in XP. For the description of the file it says "hole". I already ran a scan on the computer to make sure it didn't have a virus and it didn't. Does anyone know what this file is and does?

Quote:

iedll.exe



With MUCH thanks to Rick from "The MacKinzie Family" (who sent me a copy of iedll.exe for examination) and Galen (aka KGIII and GotRoot etc) who took pity on me, decompiled the file and told me what it does........



Its a BHO ("browser helper object"), affecting Internet Explorer, that tries to write to the registry "..looks like a fragmented version of SearchBar.."



The problem: error message when starting Windows - " C:\windows\IEDLL.EXE\ file appears to be corrupt. Reinstall the file and try again."



Search engine/option hijackings:



global-finder.com (in the registry as out.true-counter.com/.../?344012)

searchalot.com

coolwebsearch (appearing in the registry as approvedlinks.com/hp.htm) (coolwebsearch is also mentioned HERE)


The cleanup: Use Task Manager (ctrl, alt, del) to make sure iedll.exe is not running. If it is, shut it down. Rename iedll.exe to iedll.old.



Export then delete the following registry keys:



HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKLM\Software\Microsoft\Internet Explorer\Main\Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\HomeOldSP
HKCU\Software\Microsoft\Internet Connection Wizard\Shellnext
HKLM\Software\Microsoft\Internet Connection Wizard\Shellnext



HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run [iedll] C:\WINDOWS\iedll.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run [loader] C:\WINDOWS\LOADER.EXE



NOTE: Loader.exe can be a legitimate Windows file. Do NOT delete or rename the file - just delete the entry above from the registry!!

From here

[Kevin W]

Thank you. Took me a while to figure out the directions (English Degree), but it seems to have taken care of the problem.

[wuorange]

error window at boot up ...

can i do the same as with iedll.exe (this file also is started) ?!

or is there any other way to get rid of it?!