• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

IEstarter 0.21 by hoax32

hoax32

hoax32

Joined
Aug 8, 2010
Messages
545 (0.11/day)
Location
TX
System Specs
System Name MSI GF63 Thin
Processor Intel® Core™ i5-10300H @4.50GHz
Motherboard MSI GF63 Thin System Board
Cooling MSI GF63 Thin Stock Cooling
Memory 8GB (1x 8GB) Hynix DDR4 2666MHz
Video Card(s) NVIDIA GeForce GTX 1650 Max-Q 4GB GDDR6 @1740MHz
Storage KIOXIA 256GB NVMe SSD
Display(s) MSI Optix G24C165Hz 1ms
Software Windows 10 Pro 64bit
Hi leutz!!!
Im still a beginner in programing so please don't ive me any comments like "you suck!!!" :slap:
I finally finished my new program called IEstarter.
It's still a BETA version so it might have some undiscovered problems.

About IEstarter:
----------------
File name: IEstarter.exe
Size: 0.035MB (35KB)
Programmer: hoax32
Programming Language: C++ and some batch
Language: English

System requirements:
---------------------
OS: XP and UP
RAM: 128MB
HDD: 2GB FREE SPACE
CPU: P3 or higher
GPU: Windows supported GPU

Following situation:
A Virus has infected your Computer and all shortcuts are distroyed / manipulated!
You have no access yo the windows explorer or "Windows + R".
But there is more than 1 problem:
You need the internet explorer to do something immportant REALLY FAST!!!!!
What to do?
Use IEstarter!
IEstarter starts your internet explorer (all versions) my executing the main file.
It also makes shure, that file is the ACTUAL iexplore.exe and not something like ieexplore.exe

It's a great tool to trick malware and I hope that you guys like it!
Like I sayed it's nothing big! :D

Please try it out!
I appreciate any feedback! :)
 

Attachments

  • IEstarter.exe
    35 KB · Views: 463
Kreij

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.20/day)
Location
Cheeseland (Wisconsin, USA)
How does one know that the virus has not compromised IEStarter.exe?
 
hoax32

hoax32

Joined
Aug 8, 2010
Messages
545 (0.11/day)
Location
TX
System Specs
System Name MSI GF63 Thin
Processor Intel® Core™ i5-10300H @4.50GHz
Motherboard MSI GF63 Thin System Board
Cooling MSI GF63 Thin Stock Cooling
Memory 8GB (1x 8GB) Hynix DDR4 2666MHz
Video Card(s) NVIDIA GeForce GTX 1650 Max-Q 4GB GDDR6 @1740MHz
Storage KIOXIA 256GB NVMe SSD
Display(s) MSI Optix G24C165Hz 1ms
Software Windows 10 Pro 64bit
It checks parts of the code, file size and background info of the exe.
Thanks for asking! :D
 
Kreij

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.20/day)
Location
Cheeseland (Wisconsin, USA)
My pleasure.
How does IEStarter know that iexplorer.exe has not been compromised?
 
hoax32

hoax32

Joined
Aug 8, 2010
Messages
545 (0.11/day)
Location
TX
System Specs
System Name MSI GF63 Thin
Processor Intel® Core™ i5-10300H @4.50GHz
Motherboard MSI GF63 Thin System Board
Cooling MSI GF63 Thin Stock Cooling
Memory 8GB (1x 8GB) Hynix DDR4 2666MHz
Video Card(s) NVIDIA GeForce GTX 1650 Max-Q 4GB GDDR6 @1740MHz
Storage KIOXIA 256GB NVMe SSD
Display(s) MSI Optix G24C165Hz 1ms
Software Windows 10 Pro 64bit
Kreij said:
My pleasure.
How does IEStarter know that iexplorer.exe has not been compromised?
Click to expand...


I am thinking of adding a function to version 0.30, which emulates the execution of iexplore.exe:
If IEstarter detects any unusual files that are connected to iexplore.exe, I will warn the user.

Thats gonna be a hard task though! :eek:
 
Kreij

Kreij

Senior Monkey Moderator
Joined
Feb 6, 2007
Messages
13,817 (2.20/day)
Location
Cheeseland (Wisconsin, USA)
If all shortcuts on the system do not work (this would include shortcuts in the start menus) and the keyboard shortcuts are hosed, how do launch IEStarter?

I'm not picking on your app, just asking questions others may be thinking too. ;)
 
qubit

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
17,865 (2.99/day)
Location
Quantum Well UK
System Specs
System Name Quantumville™
Processor Intel Core i7-2700K @ 4GHz
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (2 x 8GB Corsair Vengeance Black DDR3 PC3-12800 C9 1600MHz)
Video Card(s) MSI RTX 2080 SUPER Gaming X Trio
Storage Samsung 850 Pro 256GB | WD Black 4TB | WD Blue 6TB
Display(s) ASUS ROG Strix XG27UQR (4K, 144Hz, G-SYNC compatible) | Asus MG28UQ (4K, 60Hz, FreeSync compatible)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair AX1600i
Mouse Microsoft Intellimouse Pro - Black Shadow
Keyboard Yes
Software Windows 10 Pro 64-bit
Kreij's points are spot on.

Ultimately, with an infected system, it's not possible to guarantee that you're not running more malware. It's also not possible to guarantee that your application won't be hijacked itself, regardless of how many checks and balances you put into it - the malware can simply delete your files and replace them with something else. Game over.

My answer to having to do something on such a PC now, is to use another computer. Once you know Windows is compromised, it's foolish to do anything else.

If you want to program for security, then I suggest hanging out on security related forums and getting involved in coding projects they might have there. You'll learn a lot more and you'll make much more useful software.
 
hoax32

hoax32

Joined
Aug 8, 2010
Messages
545 (0.11/day)
Location
TX
System Specs
System Name MSI GF63 Thin
Processor Intel® Core™ i5-10300H @4.50GHz
Motherboard MSI GF63 Thin System Board
Cooling MSI GF63 Thin Stock Cooling
Memory 8GB (1x 8GB) Hynix DDR4 2666MHz
Video Card(s) NVIDIA GeForce GTX 1650 Max-Q 4GB GDDR6 @1740MHz
Storage KIOXIA 256GB NVMe SSD
Display(s) MSI Optix G24C165Hz 1ms
Software Windows 10 Pro 64bit
I am about to finish my new version of IEstarter!
Improvements:

-avaible as a ".exe" , ."bat" , ".com"
-new security features
-checks iexplorer.exe for valid coding (stops execution, if cooding is different)
-coding is protected --> program cannot be manipulated, otherwise error: "not a valid win32 application" will pop up [this prevents the infection and execution of IEstarter]
 
X

xbonez

New Member
Joined
Nov 29, 2010
Messages
1,182 (0.24/day)
Location
Philly, PA (US)
System Specs
System Name Winter
Processor AMD Phenom II x4 965 BE @ 4.0Ghz
Motherboard MSI 790FX-GD70
Cooling Corsair H50 Liquid Cooling
Memory 2 x 2Gb Gskill Ripjaws 1600Mhz (7-7-7-24@1.6V)
Video Card(s) Asus GTX 470 @ Stock (Zalman VF3000 cooler)
Storage 2 x Samsung Spinpoint F3 500GB (RAID 0)
Display(s) Hanns G 28" @ 1920x1200
Case Antec 1200
Audio Device(s) Onboard -- TosLink --> Z5500
Power Supply Corsair 850TX 850W PSU
Software Win 7 64-bit Ultimate
Kreij said:
If all shortcuts on the system do not work (this would include shortcuts in the start menus) and the keyboard shortcuts are hosed, how do launch IEStarter?

I'm not picking on your app, just asking questions others may be thinking too. ;)
Click to expand...

I'd like to know this as well. There are numerous ways to launch explorer (Win+E, Run, Task Manager etc.). If all of them have been compromised, what's keeping IEStarter from being compromised as well?
 
hoax32

hoax32

Joined
Aug 8, 2010
Messages
545 (0.11/day)
Location
TX
System Specs
System Name MSI GF63 Thin
Processor Intel® Core™ i5-10300H @4.50GHz
Motherboard MSI GF63 Thin System Board
Cooling MSI GF63 Thin Stock Cooling
Memory 8GB (1x 8GB) Hynix DDR4 2666MHz
Video Card(s) NVIDIA GeForce GTX 1650 Max-Q 4GB GDDR6 @1740MHz
Storage KIOXIA 256GB NVMe SSD
Display(s) MSI Optix G24C165Hz 1ms
Software Windows 10 Pro 64bit
I am actively experimenting with viruses and trojans in sandbox and I have never seen a virus / trojan / worm / spyware / any other malware - that disables a .bat file after booting in safe mode with network drivers.
IEstarter is ment to be started from CD / USB drive.
IEstarter can also be executed by adding it to the auto start list when a computer is clean so everytime you start your computer, it executes internet explorer and incase of an infection Internet explorer will still start and the awesome thing about this program is that it tells you prior executing of the iexplorer.exe if it is the actual file or if its infected! :)
 
Mindweaver

Mindweaver

Moderato®™
Staff member
Joined
Apr 16, 2009
Messages
8,194 (1.49/day)
Location
Charleston, SC
System Specs
System Name Tower of Power / Sechs
Processor i7 14700K / i7 5820k @ 4.5ghz
Motherboard ASUS ROG Strix Z690-A Gaming WiFi D4 / X99S GAMING 7
Cooling CM MasterLiquid ML360 Mirror ARGB Close-Loop AIO / CORSAIR Hydro Series H100i Extreme
Memory CORSAIR Vengeance LPX 32GB (2 x 16GB) DDR4 3600 / G.Skill DDR4 2800 16GB 4x4GB
Video Card(s) ASUS TUF Gaming GeForce RTX 4070 Ti / ASUS TUF Gaming GeForce RTX 3070 V2 OC Edition
Storage 4x Samsung 980 Pro 1TB M.2, 2x Crucial 1TB SSD / Samsung 870 PRO 500GB M.2
Display(s) Samsung 32" Odyssy G5 Gaming 144hz 1440p, ViewSonic 32" 72hz 1440p / 2x ViewSonic 32" 72hz 1440p
Case Phantek "400A" / Phanteks “Enthoo Pro series”
Audio Device(s) Realtek ALC4080 / Azalia Realtek ALC1150
Power Supply Corsair RM Series RM750 / Corsair CXM CX600M
Mouse Glorious Gaming Model D Wireless / Razer DeathAdder Chroma
Keyboard Glorious GMMK with box-white switches / Keychron K6 pro with blue swithes
VR HMD Quest 3 (128gb) + Rift S + HTC Vive + DK1
Software Windows 11 Pro x64 / Windows 10 Pro x64
Benchmark Scores Yes
hoax32 said:
I am actively experimenting with viruses and trojans in sandbox and I have never seen a virus / trojan / worm / spyware / any other malware - that disables a .bat file after booting in safe mode with network drivers.
IEstarter is ment to be started from CD / USB drive.
IEstarter can also be executed by adding it to the auto start list when a computer is clean so everytime you start your computer, it executes internet explorer and incase of an infection Internet explorer will still start and the awesome thing about this program is that it tells you prior executing of the iexplorer.exe if it is the actual file or if its infected! :)
Click to expand...

What's to disable in a .bat file? A batch file is just a list of commands in a file that sends those commands to a command prompt (COMMAND.COM, cmd.exe). I'm not knocking your idea, but if i thought i had a virus i would use "Solaris Utility DVD" or "A linux distro CD" or to be totally sure.. whip the drive and start over... Not try to use my already compromised PC nor would I ever need to have something launch ie..... I never launch ie.. :p But good luck with your program.. I'm in no shape saying not work on it.. I just don't see the point in it.

EDIT: IE probably gave you the virus in the first place... :p
 
C

ctrain

New Member
Joined
Jan 12, 2010
Messages
393 (0.08/day)
what happens if i patch the code as it's running?

and what's with the fake load screen
 
E

erixx

Joined
Mar 24, 2010
Messages
5,047 (0.98/day)
Location
Iberian Peninsula
amazing stuff, really!

But i have never had a virus other than a funny code joke a decade back and don't know what I would do. I think turn off and reformat, and use another computer meanwhile

but... in case I had to use the infected computer, I would just run Opera or similar explorer from a pendrive.

But keep testing etc, it is really interesting :)
 
ShiBDiB

ShiBDiB

Joined
Jul 21, 2008
Messages
5,174 (0.90/day)
System Specs
System Name [Daily Driver]
Processor [Ryzen 7 5800X3D]
Motherboard [Asus TUF GAMING X570-PLUS]
Cooling [be quiet! Dark Rock Slim]
Memory [64GB Corsair Vengeance LPX 3600MHz (16GBx4)]
Video Card(s) [PNY RTX 3070Ti XLR8]
Storage [1TB SN850 NVMe, 4TB 990 Pro NVMe, 2TB 870 EVO SSD, 2TB SA510 SSD]
Display(s) [2x 27" HP X27q at 1440p]
Case [Fractal Meshify-C]
Audio Device(s) [Steelseries Arctis Pro]
Power Supply [CORSAIR RMx 1000]
Mouse [Logitech G Pro Wireless]
Keyboard [Logitech G512 Carbon (GX-Brown)]
Software [Windows 11 64-Bit]
Seems.. useless.. but dont stop cause I suppose itll be a good learning tool for coding..

Useless because my dads computer was infected with some malware AV virus that shuts down any process you try to start regardless of if its a .bat or whatever.. The best protection from viruses is not getting them in the first place. Not preparing your computer to be slightly useable when you do get one.
 
You must log in or register to reply here.
Top