More computer stuff -- random launchings of iexplore.exe

[Psion]

RangerWicket seems to have received some good advice on his svchost.exe issue, so I thought I'd float this one.

Situation:

WinXP
Athlon 1600 XP
256 Meg ram

Wife and I have separate logins.

I use netscape. Wife uses iexplore.

NAV (up to date), ad-aware, spybot, spyware blaster all in use, all come up clean.

Okay, here's the issue: without ever launching internet exploring, after getting online, sometimes things get extremely slow. The two things most firmly shut down by this is the java chat client (which it kills in its tracks) and some print jobs. I go to task manager and note that iexplore.exe (yup, good old internet exploder) is pulling upwards of 90% of cpu cycles in background.

Any thoughts on what this could be and how to fix it short of nuke-and-pave?

 

[Mercule]

I had something similar happen to me a few months back. I "oopsed" and turned off my firewall. Did a seach on something music related (band info, not warez, even) and got slammed by all the spyware in the universe, pretty blatantly so. Even after running several ad-aware-type things, I still had a persistent redirect that they couldn't detect. Ended up deciding that I could reformat and rebuild faster than I could reliably track down the problem.

Wish I had better input for you. My advice is to set a time limit for putzing with the issue and if you cross it, cut your losses and rebuild. This assumes you're savvy enough that rebuilding is more of an annoyance than an ordeal.

 

[schporto]

Grab HijackThis .
Run it. Try to figure out what may be wrong with the list.
I've been running into more and more spy/ad/crap ware of late. And more and more of it is getting better and better and hidding. Ad-aware (my usual tool) isn't finding half the stuff anymore. Which really sucks.
Unfortunately the only semi reliable tool to date is Human Brain 1.0.

One other thing to try - lauch IE. See where it goes. Google for that site and spyware. See if that's a likely hit for your problem.

Good luck.
-cpd

 

[Plane Sailing]

Just to clarify an issue - are you using 'fast user switching" i.e. is your wifes session still active while you are using netscape, or is the machine just switched on and only you are currently logged in to it?

FWIW I've abandoned IE almost entirely because of the ability of nasty people to auto-install unwanted stuff. WinXP Service Pack 2 has a number of updates to IE6 to mitigate this though - e.g.

a. Doesn't allow autoinstall of explorer components any more
b. Allows you to look at a list of all components and disable or delete any you don't want

So it may be that WinXP Service Pack 2 will do the job for you.

 

[Calim]

iexplore.exe is the way lots of new adware/spyware/trojans are hiding on pcs these days

your best bet to keep machine clean is to leave it off

but if you cant leave it off I would suggest finding several adware/spyware programs and running them to verify that the software is gone

the best i have found recently tho is PestPatrol

it aint free but it does get 90% of my spy ware currently which is better then adaware telling me i am clean

www.pestpatrol.com

 

[caudor]

something to check...

Might check your Winsock to see if it has been hi-jacked (and not being detected by your anti-spyware).

To do so, try this:
Start>Run
Type "msinfo32" in the box, press OK (leave off the quotes)
Double-click "components"
Double-click "network"
Double-click "protocol"

If value for the top field- NAME is anything other than:
MSAFD Tcpip [TCP/IP]
then

you've been hi-jacked. Might not be the problem, but it is easy to check.

 

[coyote6]

I second schporto's recommendation of HijackThis. Download it, run a scan, save the scan as a file, and post it at some helpful internet forum (here, if you want).

Some spyware/malware/trojans/etc. seem to be able to avoid various anti-virus & anti-spyware programs while they're running. They mark themselves as hidden & system files, and hide in multiple places, sometimes using filenames that change. I've had to boot computers at work into safe mode, safe mode w/command prompt, or even Windows Recovery Console, to kill some persistent malware. If I could just reformat the systems, that would be faster, sometimes.

Another thing to do -- empty both profiles' IE caches (go to Control Panel, Internet Options, click Delete Files, check the "Offline content" box, & click okay. If you have admin rights, you can also go to Documents and Settings\profileName\Local Settings\Temporary Internet Files and nuke the IE folder, though it will warn you about deleting system files. Note that you need to have Explorer set to show hidden files to see the Local Settings directory).

If you're feeling really bold, you can go look in your Windows directory (probably either C:\winnt or C:\windows) and the system32 directory, and see if there are any unusual .DLL, .exe, or .bat files with relatively recent dates. The dates will correspond to when the files were created by MS or whomever, so most of the files will have dates that correspond to MS patch releases & such, and won't be, say, yesterday or last week or the like. If you've got a few executables (.bat, .dll, .exe, etc.) files with dates of today or yesterday, that's a sign that those files are probably the product of some malware -- it renames or recreates the files when you boot your computer.

Google for the name of any questionable files, and see if they show up as spyware related. Again, you should have Explorer set to show hidden & system files (might as well show file extensions, too).

(NOte that a family member is about to have surgery, and I don't check this forum much anyways, so forgive me if I don't reply again.)

Hope that helps.