Iexplore.exe is consuming huge memory

[dranjank]

My system was infected with Trojan last month and since then the performance of my system has become extremely bad particularly when the Internet Explorer starts (even a single windows). More I browse, more the ie instance consumes memory. Sometimes it consumes more than 200000K memory and thus the virtual memory needs to be increased.

It was the same with explorer.exe, but after removing the viruses (?), the explorer.exe has stopped consuming huge memory. Please guide me to rectify this problem.

 

[Bobbye]

You have malware. Please follow the Steps here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

When you have finished, attach the following 3 logs:
1. Malwarebytes
2. SuperAntispyware
3. HijackThis.

 

[dranjank]

Thanks Bobbye.

I have followed the instructions and have attached the logs.

One more symptom I would like to share: Everytime windows starts up, a message pops up saying that no firewall is turned on. your computer might be at risk. I have checked that windows firewall is set to turn on automatically.

 

[Bobbye]

Please re-open HiJackThis> click on System Scan Only and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabazar.com/wfplayer/tdserver.cab

NOTE If you have set the homepage to come up with blank page, leave the first entry for about:blank.

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and Reboot.

Then do this:

1. Open up Device Manager(Start> Control Panel> Hardware tab> Device Manager button)
2. Click 'View' and select 'Show Hidden Devices'
3. Expand the 'Non-Plug and Play' Drivers category
4. Right-click and 'Disable' clbdriver.sys, tdsserv.sys (or tdssxyz.sys where xyz.sys are random characters), and/or seneka.sys (any that are present)
5. Restart computer to Safe Mode
6. After restart, go back to Device Manager and right-click 'Uninstall' the above drivers
7. Navigate to 'C:\Windows\System32\Drivers' folder and delete these files if they exist (They will be hidden so show hidden files)***
8. Navigate to 'C:\Windows\System32\ directory, Sort By Date, and remove any recently modified traces of files that resemble clb*.*, td*.*, and seneka*.* or any suspicious looking *.exe's/*.dll's modified in the past 24 hours ***
9. Run SDFIX (see below) and Combofix in Safe Mode (see below)
10. Reboot to Normal mode, install SAS, update, and run a quick scan
12. Run an ESET (NOD32) online scan: http://www.eset.com/onlinescan/
***NOTE: Path for #7 & #8:
Right click on Start> Explore> Windows > System 32

#9: SD FIX
Quote:

1. Download SDFix.exe from HERE and Save to the Desktop.
2. Confirm that the file SDFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps.
3. Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
4. A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions as shown. Follow the instructions and screen shots on the site.

#9: ComboFix:

:
Please download ComboFix. HERE:

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.
When you have finished, the log will open in Notepad which can be attached here.

Rescan with HijackThis when through and attach all logs and reports.

 

[dranjank]

Followed your instructions and attached the logs.

Notes:

1. No files found as mentioned: clbdriver.sys, tdsserv.sys (or tdssxyz.sys where xyz.sys are random characters), and/or seneka.sys (any that are present)
2. I have used TDServerControl for a long time. This is a language translator and is published by a well known Indian newspaper. However, I have deleted the file as instructed.
3. No suspicious looking files like *.exe's/*.dll's are found which is modified in the past 24 hour. The list of exe/dll that are installed/updated after I found the Trojan in my system almost one month back are listed below:
tzchange.exe, gdi32.dll, capicom.dll, dnssd.dll, dns-sd.exe, mshtml.dll, MRT.exe and deploytk.dll
4. Could not find where to download the SAS software from. Please provide me the information.

Please let me know if I need to upload any other log file.

 

[Bobbye]

Is the iexplore.exe high resource problem resolved now? We removed it in HijackThis. I'd like you to do an online scan with Kaspersky:

Open Kaspersky Online Scanner in Internet Explorer using this link:
http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Click Accept and the web scanner will begin to load
* If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
* You will be prompted to install an ActiveX component from Kaspersky, click Install
* If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT and then Scan Settings
* In the scan settings make that the following are selected:
o Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
o Scan Options:
Scan Archives
Scan Mail Bases
* Click OK
* Now under select a target to scan:
Select My Computer
* The program will start to scan your system.
* Once the scan is complete, click on the Save as Text button and save the file to your desktop
* Attach to next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

If this scan is clean and if the original problem was resolved, we'll remove the cleaning tools and the old restore points.

 

[dranjank]

Thanks for your help bobbeye.

However, I failed to run the Kaspersky online scanner as the Java applet is failed to load. So, the virus definitions could not be upgraded. Please help me regarding this.

The performance is much better now, But, the ie still needs some time to load. Is it something to do with the add-ons?

Thanks again!

 

[Bobbye]

I just tried the Kaspersky URL and got a 404 message. Sorry.

Give this one a try: http://www.kaspersky.com/virusscanner

 

[dranjank]

I have scanned my computer with Kaspersky and the result came out clean.

Please direct me to remove the tools that I have installed and which tools I need to keep in my system.

 

[Bobbye]

So this has been resolved:

Iexplore.exe is consuming huge memory

But you still consider the system slow. You don't say whether it's slow to startup, slow to shut down or slow to surf, so I will give you a generic answer:
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK everything except the McAfee antivirus and firewall if it is included> Apply> OK.

Reboot: NOTE: ignore the nag message and close after checking 'don't show message again.'

IF you don't use the preloaded Dell support, remove it.
You did not reply to my question about having a blank homepage.

To remove the cleaning tools:

Download OTCleanIt from HERE & save it to your desktop.
Double click on OTCleanIt.exe.
Click on CleanUp!.
It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
You will receive a prompt that it needs to restart the computer to remove the files>
Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.

Clear your existing system restore points and establish a new clean restore point:

1. Go to Start > All Programs > Accessories > System Tools > System Restore
2. Select Create a restore point, and OK it.
3. Next, go to Start > Run and type in cleanmgr
4. Select the More options tab
5.Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Please let me know if I can be of further help.

 

[dranjank]

I selected the about:blank as my internet explorer default homepage.

The system was slow in opening a new application. If I clicked on the ie icon, it used to take some time to load the application. This was true for all applications, when I opened them for the first time. After following your instractions, this problem is also removed.

Right now, I have the following software loaded in system apart from the McAfee.
1. CCleaner
2. Malwarebytes' Anti-Malware
3. SUPERAntiSpyware Free Edition
4. Ad-Aware
5. Hijack This

Do I need keep all of them?

 

[Bobbye]

Blank homepage is fine- I just have to make sure you set it.

Remove any of those 5 programs you downloaded specifically for the cleaning. Any you had on before like possibly AdAware can stay.

Don't forget to drop the old restore points.

As for the Startup, you don't need to have anything else but the AV and firewall- and touchpad if on laptop. Programs and apps-and printers-can be started manually when needed.

Please let me know if I can be of any further help.

 

[dranjank]

Thanks Bobbye. Your suggestions have helped me to fix the issue.

 

[Bobbye]

You're welcome. Glad to help.

Please let us know if you need additional help in the future.

 

[dranjank]

I think I need your help right away.

Not sure if I have messed up with something in the configuration. Earlier whenever I plugged in any USB drive, including a removable external disk drive, an autoplay option dialog box used to pop up with a promt to choose an action with all the options of playing different types of files . That is not happening any more.

Although it is not mandatory, this feature is very user friendly. There is no other problem with the drives. Need your help.

 

[dranjank]

I have fixed the problem with Microsoft Aotoplay repair tool. Seems it was a registry problem after some key values are removed by CCleaner. Not sure though.

 

[Bobbye]

Many people don't understand that they have some control over what CCleaner removes.

Enlarge each image here to see what the choices are:
http://www.ccleaner.com/screenshots