Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

iexplore.exe high memory usage [Solved]


  • This topic is locked This topic is locked

#31
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello, 

 

We'll start by updating your vulnerable software. 

 

Your computer was bogged down with adware, and a Trojan.Agent (as labelled by Malwarebytes) that was automatically run each time your computer booted. It's difficult to determine the cause of infection. Any number of actions could have been the cause. Adware is usually contracted by quickly clicking through the installation process of new software, and thus inadvertently installing the adware. 

 

In my final post I will include a list of useful resources and tools that will minimize the risk of infection in future.

 

STEP 1
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Remove Outdated Software

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Shockwave Player 11.6 
  • Follow the prompts and reboot if necessary.
     

STEP 3
xzANS9oB.png.pagespeed.ic.nXxwTg2de3.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png.pagespeed.ce.C25V2YBM3k.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes update OK?
  • checkup.txt

  • 0

Advertisements


#32
azuarainoz

azuarainoz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi Adam,

For step 1, I updated the programs (although I'm not sure why we have Google Chrome) without any issues. For step 2, the program was not listed (a new version was, so I left it). For step 3, I followed the instructions but could not find the Java program so I assume it is not installed on the machine. I went ahead and restarted and still did not find it. For step 4, the log is below:

 

 Results of screen317's Security Check version 0.99.87 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader XI 
 Google Chrome 37.0.2062.120 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 


  • 0

#33
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Louis, 
 
If you do not use Chrome, you may wish to uninstall the programme. 
 
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Uninstall Software

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
     

For step 2, the program was not listed (a new version was, so I left it).

Yes, sometimes the updated versions "overwrites" the outdated version. But sometimes this doesn't happen, so I include the outdated version for uninstall to be on the safe side.  
 

For step 3, I followed the instructions but could not find the Java program so I assume it is not installed on the machine.

It would appear Java is no longer installed on your computer. This is for the best in my opinion. If you have no specific purpose for the programme, I would not reinstall it for the reasons below. 
 
Using xzANS9oB.png.pagespeed.ic.nXxwTg2de3.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)

If you don't have a Solid State Drive (SSD), you may wish to perform a defrag. 
Instructions can be found here.

 
All Clean!
Congratulations, your computer appears clean!  xsmile.png.pagespeed.ic.CwSpBGGvqN.png
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png.pagespeed.ce.vPjGp_AkW3.png
 
 
STEP 1
x9SN2ePL.png.pagespeed.ic.DrTMlTygmY.png ComboFix Uninstall

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
     

STEP 2
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • xEG85Vjt.png.pagespeed.ic.3itacBrobj.jpg Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png.pagespeed.ce.0ubSznu3ZV.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Geeks to Go.
 
Safe Surfing.  xthumbup.gif.pagespeed.ic.7aXFW0A4z_.png
Adam (LiquidTension).


  • 0

#34
azuarainoz

azuarainoz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Adam,
OK, I will implement the next steps tonight and let you know how it goes. Thanks.
  • 0

#35
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Sounds good. Keep me informed. 


  • 0

#36
azuarainoz

azuarainoz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi Adam,

I think there are no other issues but I don't know because now I have an apparent hardware issue. I'm getting a "cooling fan" error message which states not to use the computer as-is. So I need to repair that before I can finish implementing the last steps you recommended. I don't much about computers but I'm mechanically inclined so I will take the apart the laptop and have a look at the cooling fan. I'll let you know when it's up and running again. Thanks again.


  • 0

#37
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hello Louis, 
 
We can take a look at your computer's temperature now if you like.
 
AmtAKcP.png CoreTemp

  • Please download CoreTemp and save the file to your Desktop.
  • Double-click the CoreTemp icon to run the programme.
  • Monitor the core temperature at computer idle and take a screenshot. 
  • Monitor the core temperature whist performing tasks and take a screenshot.
  • Instructions on how to take a screenshot can be found in this article
  • Upload the image to Imgur.com and paste the URL in your next reply. 

  • 0

#38
azuarainoz

azuarainoz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi Adam,

OK, I will do tonight. For now the latop is off and not being used. I'll get back to you. Thanks.


  • 0

#39
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

No problem, Louis.


  • 0

#40
azuarainoz

azuarainoz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi Adam,

I attempted to download Coretemp and my AV software said "coretemp_d7632790.exe is unsafe to download and was blocked..." It also said a "Trojan" was quarantined. So I did not download the program. In any case I was able to run the computer with the fan not working and it is running better/quicker than before we started this whole process. So thank you very much again. Unless you think we need to do something else I would say the issue has been resolved and this thread can be closed. Now I'll work on replacing the cooling fan.


  • 0

Advertisements


#41
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts

Hi Louis, 

 

CoreTemp is not malicious. The detection by your Anti-Virus is a false-positive, and nothing to be concerned by. 

 

As all seems to be well I will go ahead and close this thread. 

 

All the best, 

Adam


  • 0

#42
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 1,064 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP