Iexplorer.exe using 180000+K Memory Help?

By big_eric · 17 replies
Nov 12, 2008
  1. I've noticed that my computer has been lagging lately and i've gone into my task manager and noticed that the iexplorer.exe has been using 180000K + of my memory and i suspected a virus... I went to the online scanner housecall 6.6 and ran a complete scan of my computer it found a Troj.Wimad.AT and i had it erased right away this was yesterday... but today my computer still seems to be lagging... i'm attaching a HJT.log for further examination but some help would be much appreciated...
  2. rf6647

    rf6647 TS Maniac Posts: 829

    Please execute the 8-step malware removal guide

    The online tool did not remove all traces of an infection:
  3. big_eric

    big_eric TS Rookie Topic Starter Posts: 48

    Alright i've followed all the directions and the scans have come up clean i've attached all three files needed... my iexplorer.exe is still using up alot of my memory and when i try to click on icons ect. it doesn't click right away... its like theres a mega lag in my system... further help would be appreciated
  4. rf6647

    rf6647 TS Maniac Posts: 829

    I'll use this space to ramble.

    ComboFix takes us deeper. The 30-day file list is included, as well as, some malware removal.
    Combofix instructions courtesy of Blind Dragon

    (180,000K + of my memory ) --> 180MB
    That’s one boat-load of web pages.

    Possible sources of corruption:
    Bad IE7 load --> Control panel > add/remove programs > uninstall
    (Note: will not work if SP3 was installed after IE7)
    Takes you back to IE6. Re-apply IE7 update.

    Broken/corrupt YT add-on > uninstall or use HJT tick-fix (easy to undo; advance)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    RIES - reset IE setting. Not likely to fix this. Extra work to re-link add-ons/plugins
    Link courtesy of kimsland

    My 'express' notation may confuse. Post back for clarification.

    I recommend posting the ComboFix log. You cite prior infection. Your did not mention IF MBAM or SAS detected infections prior to submitting clean logs.

    The incremental approach to corrupted IE
    Unlink plugins/toolbars --> RIES --> re-install ie7
    Unlinking can be accomplished with HJT tick/fix and be brought back via advance menu to undo changes.
  5. big_eric

    big_eric TS Rookie Topic Starter Posts: 48

    Okay i've included a scan i did the day before yesterday using malwarebytes and it did find a registry key but deleted it successfully and as i stated previously the online scan found an Trojan.Wimad.AT but it was also successfully deleted... the combo log requested is also attached but about your rambling i have no idea what your talking about....
  6. rf6647

    rf6647 TS Maniac Posts: 829


    Thank you for the ComboFix log. I will seek the assistance of another specialist to confirm my views. The 1 file deleted does not appear to be significant. Suspects on the 30-day list fall outside the create-date criteria.

    Conclusion (tentative): No malware involvement.

    ComboFix does not fully report all of what it fixes.

    Any changes to the symptoms? 180000K+ memory usage? Computer lagging? Click delay icon response?

    Perhaps you realize that I am working in one dimension - malware removal. So it takes effort to consider the functioning of the browser. My express notation leaves crumbs for me to pick up where I left it.

    These crumbs are pointers for the user to evaluate the apparent effort to follow my approach.

    RIES - easy to execute; immediate results to evaluate; effort to re-link plugin & toolbars. Follow the link.

    Re-installing software is another approach. Limitations are noted.

    You have the option to submit new thread, with different title, to re-focus the description and reference this thread to acknowledge the malware component was considered.

    Please remain subscribed to this thread should the ComboFix log suggest corrective action.

    So let's focus on the application.
  7. big_eric

    big_eric TS Rookie Topic Starter Posts: 48

    It seems that my computer is more responsive which is good and that it doesn't take a bunch of clicks to change windows and such, in my task manager i've noticed a spike of 120000 with the iexplorer.exe with only two windows open so i'm still unsure about whats going on with that also there have been a couple of spikes with my CPU usage staying in the 65% + range for long periods of time... how does the HJT.log i attached look? is it clean or do i need to fix some of the found problems i'll attach another... but i think if nothing is wrong with the combofix log and nothing was found in the scanners that it is fine and if not i'll create a new forum...

    thanks for you help
  8. rf6647

    rf6647 TS Maniac Posts: 829

    I believe that Spelling Counts. Differences in spelling between the log files caught my attention. This type of virus is so old that I question my sanity! Did these logs come from the same load of XP? This is the most logical explanation.

  9. big_eric

    big_eric TS Rookie Topic Starter Posts: 48

    i'm not sure what you mean by same load of xp but i gave you two scans of my HJT.log and i two noticed that both of these are spelt different as far as uppercase and lower case... i'm not exactly sure what to do though... can you give me some guidance?
  10. rf6647

    rf6647 TS Maniac Posts: 829

    Guidance - not really.

    I've seen this problem before

    At that time I re-loaded XP to solve the concern over different spellings.

    At another time on a different computer, a 'hung' window with IE was tied to a PID using a smaller amount of memory compared to working instances, Upgrade to IE7 solved that problem.

    It appears the universal solution is to re-install something. That is a heck of an answer.

    P.S. I held back the personal experience from the initial response to get your input first,
  11. big_eric

    big_eric TS Rookie Topic Starter Posts: 48

    well thanks for the no help... maybe someone more fit for what i'm looking for can assist me................................
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    hey eric,

    welcome back.

    Obviously we recommend against P2P file sharing as far as security is concerned.

    **P2P programs = Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation. see


    Run CFScript

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.


    • Download from HERE
    • Close all browsers.
    • Run the programme and make sure all the boxes are ticked under the Windows and Applications tabs, Also check All Advanced tabs(except for the Old prefetch Data option, this should be unticked)
    • Click the run cleaner button.


    [​IMG]Run Kaspersky Online AV Scanner

    In order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

    Attach the report into your next reply
  13. NunjaBusiness

    NunjaBusiness TS Rookie Posts: 36

    Spelling does NOT count in windows

    rf647 -

    Actually, in Windows:


    are exactly the same filename and are treated the same.

    However, you are definitely showing two different versions of Internet Explorer in the two folders. Explore to each of them and right-click, choose properties and click on Version.
  14. NunjaBusiness

    NunjaBusiness TS Rookie Posts: 36

    Memory usage by Internet Explorer

    big_eric - I hate to tell you this but that is really not that unusual if you are really using a lot of the browser's functionality. Using 180MB with multiple tabs open is not necessarily an indication of a problem. I understand you found a trojan, but that may not be the cause of your issue.

    I routinely push 200MB of RAM used by IE8. I used to use WAAAY more than that with IE7 and Firefox is the worst of the bunch (IMO) as it gets up in the 300MB range fairly often. Of course I usually have 8-10 tabs open in each browser too! You just need to have enough physical RAM and a large enough swapfile to handle it all. Flushing your temp internet files and cutting back on the Addons or BHOs will help some. I found a lot of lag and excess memory usage was from so-called helper objects that I rarely use.
  15. big_eric

    big_eric TS Rookie Topic Starter Posts: 48

    Okay i've done as you asked and i've attached the three log files you've requested. I had to make my own .txt file for the online scanner since it wouldn't let me save it for some reason but all the information is there. Looking forward to your reply.
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Looks good, all 3 things kaspersky found were music downloads that must have been malicious.

    Delete these 3 files then we can cleanup:

    C:\Documents and Settings\Eric\.housecall6.6\Quarantine\3oh3 - still around.mp3.bac_a0164
    C:\Documents and Settings\Eric\.housecall6.6\Quarantine\benny at dispatch.mp3.bac_a0164
    C:\Kelsey's Folder\Incomplete\Preview-T-5745425-bounce with me kresah turner.mp3

    Actually delete anything in the quarantine folder of housecall


    Uninstall Combofix
    * Click START then RUN
    * Now type Combofix /u in the runbox
    * Make sure there's a space between Combofix and /u
    * Then hit Enter.

    * The above procedure will:
    * Delete the following:
    * ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.


    OTCleanit! by Oldtimer
    • Download OTCleanIt
    • Click the CleanUp! button.
      • It will go thorugh the list and remove all of the tools it finds and then delete itself (requiring a reboot).


    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    1. Set correct settings for files
      • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
      • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check "Display content of system folders"
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK

      clear system restore points

      • This is a good time to clear your existing system restore points and establish a new clean restore point:
        • Go to Start > All Programs > Accessories > System Tools > System Restore
        • Select Create a restore point, and Ok it.
        • Next, go to Start > Run and type in cleanmgr
        • Select the More options tab
        • Choose the option to clean up system restore and OK it.
        This will remove all restore points except the new one you just created.

    2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialize and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.

    3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

      See this link for a listing of some online & their stand-alone antivirus programs:

      Virus, Spyware, and Malware Protection and Removal Resources

    4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

      For a tutorial on Firewalls and a listing of some available ones see the link below:

      Understanding and Using Firewalls

    6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.This is done in Vista through control panel -> windows updates.

    7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:

      Using SpywareBlaster to protect your computer from Spyware and Malware

    8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety

    • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to which is your local computer
    • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
  17. big_eric

    big_eric TS Rookie Topic Starter Posts: 48

    thank your for your help my computer seems more responsive all ready =) thats why i come to this site because you no what your talk about
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    For performance, when was the last time you defragmented your hard drive.

    check out this program, after you analyze - you can select files and only defrag the files that need it which saves time over defragging a whole drive.

    • You can download defraggler from HERE
    • Select download latest version in the top right corner
    • Save the installer to your Desktop or someplace easy to find it.
    • Double click the installer and follow the prompts to install.
    • It's a good idea to run a temp file cleaner first to reduce scan times (CCleaner or ATF Cleaner)
    • Once you Launch the program you will see the following GUI
    • After you click analyze you can select file list to simply defrag just the files that need it.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...