Ibm00001.exe

orange · Dec 27, 2005, 10:54 AM

I keep getting this error message on start up, "Can't locate ibm00001.exe or one of its components". I've gone into msconfig, unchecked it in the start up menu, I've also done a bit of internet research about it, and tried to delete it using the methods shown, but it keeps coming back. My virus and spyware scanners don't pick it up. Any ideas on how to permanently delete it?

Curlyben · Dec 27, 2005, 11:04 AM

It looks like you have been infected with THIS Trojan

Try these for removal:
Troj/Torpig-E is an information stealing Trojan for the Windows platform.
When Troj/Torpig-E is run some or all of the following files are created either in the folder C:\Program Files\Common Files\Microsoft Shared\Web Folders or in the folder <System>\.. \temp:
ibm00001.dll
ibm00001.exe
ibm00002.dll
.tmp
The file ibm00001.exe is detected is Troj/Torpig-D. The file <random>.tmp is a clean data file. All other files are detected as Troj/Torpig-E.
The following registry entry is created to run ibm00001.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Shell
<path to ibm00001.exe>
The following registry entry may be created to run ibm00001.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe "<path to ibm00001.exe>"
An entry may be added to the file SYSTEM.INI in the "boot" section with a key name of "shell" to attempt to run ibm00001.exe on startup.
The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a remote user via HTTP.
Troj/Torpig-E automatically closes security warning messages displayed by common anti-virus and security related applications.

Hope this helps

RickJ · Dec 27, 2005, 11:07 AM

Here are some suggestions - responses to another that had your same problem:
http://help.lockergnome.com/index.php?showtopic=41388

orange · Dec 27, 2005, 11:09 AM

Thanks guys I will try your suggestions and let you know how it goes!

RickJ · Dec 27, 2005, 11:14 AM

Oops. I see I was posting while Curly was.

Follow his advice - he knows his stuff!

orange · Dec 27, 2005, 01:54 PM

It worked!! Yay! Thanks so much for your help! :)

Curlyben, you mentioned that it was a trojan that steals passwords... should I change my passwords now then?

Curlyben · Dec 27, 2005, 01:57 PM

Originally Posted by orange

It worked!!! Yay! Thanks so much for your help! :)

Curlyben, you mentioned that it was a trojan that steals passwords... should I change my passwords now then?

Certainly sounds like a plan to me ;)

Never hurts to change your password every now and again anyway, good practice.
So glad I could help.

Ravenwillow · Jan 16, 2006, 12:05 PM

All right, I tried all the methods listed in here, and both spots in the registry don't show the mentioned data. (Explorer.exe is visible from the Shell listing, but no reference.. Am I supposed to delete the Shell/Explorer.exe entry?)\

Secondly - I've done a full system scan with updated Spyware Doctor and AVG Free Virus Scanners, but can't seem t'figure out why my WinLogon.exe was eating close to 256M+ of my memory last night. Any suggestions what could cause this? (And yes, 256M not 256k)

Now -

Thank all of you for your assistance, I'm new here and hope t'be able to contribute on occasion.