Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Explorer.exe causes Iexplore to open multiple instances and high mem

09 Sep 2014   #51
mohavepc

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by gregrocker View Post
Did you start a fresh thread in Security forum and google for specialized tools for that infection? They don't always check More Help Needed.

I am starting a new thread there now. Google has few results and I am suspicious of Comodo's answer as far as this particular infection. Could it be a cidoxVBR-A infection? Maybe but there is so little available on the search engines it is either really fresh or impossible to clean. Neither answer makes me feel too hopeful.

I am of a state of mind to start fresh and look at the logs again with a clear head and see if anything stands out. Obviously Malwarebytes see's something going on just not what it is. There is so little about IE multiple instances and memory over run.


My System SpecsSystem Spec
.
09 Sep 2014   #52
gregrocker

 

Some thoughts: If you must reinstall then they should understand some infections cannot be cleaned up. They should pay a premium for such serious work and even more if they complain.

I'd Tell them you'll throw in a backup image of a perfect install so they never have to reinstall again. They should be pleased that added MBAM protection is so cheap.

Doing the right thing here: Priceless. (That's a problem I'd imagine if you do it for a living as I've never been able to price it. But some gifts I get tell me its very valuable.)
My System SpecsSystem Spec
10 Sep 2014   #53
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Quote   Quote: Originally Posted by mohavepc View Post
Quote   Quote: Originally Posted by gregrocker View Post
Did you start a fresh thread in Security forum and google for specialized tools for that infection? They don't always check More Help Needed.

I am starting a new thread there now. Google has few results and I am suspicious of Comodo's answer as far as this particular infection. Could it be a cidoxVBR-A infection? Maybe but there is so little available on the search engines it is either really fresh or impossible to clean. Neither answer makes me feel too hopeful.

I am of a state of mind to start fresh and look at the logs again with a clear head and see if anything stands out. Obviously Malwarebytes see's something going on just not what it is. There is so little about IE multiple instances and memory over run.
Without running the risk of repeating myself I would run this first
http://support.kaspersky.com/4162 it will run form power up and avoid he Windows system as such.
My System SpecsSystem Spec
.

10 Sep 2014   #54
mohavepc

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by ICit2lol View Post
Quote   Quote: Originally Posted by mohavepc View Post
Quote   Quote: Originally Posted by gregrocker View Post
Did you start a fresh thread in Security forum and google for specialized tools for that infection? They don't always check More Help Needed.

I am starting a new thread there now. Google has few results and I am suspicious of Comodo's answer as far as this particular infection. Could it be a cidoxVBR-A infection? Maybe but there is so little available on the search engines it is either really fresh or impossible to clean. Neither answer makes me feel too hopeful.

I am of a state of mind to start fresh and look at the logs again with a clear head and see if anything stands out. Obviously Malwarebytes see's something going on just not what it is. There is so little about IE multiple instances and memory over run.
Without running the risk of repeating myself I would run this first
Download Kaspersky Rescue Disk 10 it will run form power up and avoid he Windows system as such.
No problem my friend. I have run the following live cd's. Kaspersky rescue, AVG Rescue, Bit Defender rescue, Norton Rescue. All of which do not see an infection. all scans are clean. I am running rkill right now so I can look at the logs. Mbam full scan with rootkits found 4) forged physical sectors so it is definitely a rootkit involved.
My System SpecsSystem Spec
10 Sep 2014   #55
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Hi,
Did you scan all drives and all partitions with custom and rootkits ?
Post all scan reports here and on your new thread if created ?
My System SpecsSystem Spec
10 Sep 2014   #56
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Ok well GMER is fairly hefty for a scan though I have not run one for a long time you need to be careful with it
GMER - Rootkit Detector and Remover
My System SpecsSystem Spec
10 Sep 2014   #57
mohavepc

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by ThrashZone View Post
Hi,
Did you scan all drives and all partitions with custom and rootkits ?
Post all scan reports here and on your new thread if created ?
Thrash I am having an issue with time on this and when I was trying to create a new thread in security It timed out 3 times and would not let it post. I am going to restore this machine right now so I will be offline a few hours. I am thinking that the infected machines hard drive might have infected this one when I scanned the drive. I'll be back later. if it isn't one thing its another.
My System SpecsSystem Spec
10 Sep 2014   #58
mohavepc

Windows 7 Professional x64
 
 

Hi all I got the S.O.B. out. Turns out I got a call from another tech here in town that has also run into this issue. after collaborating for an hour we hit on the answer. It worked for Both of us but there is a trick. Kaspersky Rescue needs to be run first. It may or may not show an issue. (mine did not but his shows minor Java issues). Then boot in safe mode with networking. Run Hitman pro. Now this seems to be a 64bit infection only. The way I figured that out is that if I kill all instances of IExplore And Explore.exe the machine mellowed out. I could then open the 32 bit version of IExplore without issue. However If I opened the 64bit version of IExplore the infection took off trying to call home again

Hitman pro was able to see a file that was in the MBR pointing to the CidoxVGR-A with a Kaspersky Icon and marked for repair.
Now why Kaspersky didn't show it or try to repair must have to do with the rootkit itself somehow. I have contacted MS and Kaspersky with the logs to see if it can be caught faster. Now all I have to do is repair the damage to IExplore and we are good.
My System SpecsSystem Spec
10 Sep 2014   #59
gregrocker

 

File in the MBR? Isn't MBR code? You mean in hidden System partition? Not scanned due to hidden? Found in memory?
My System SpecsSystem Spec
10 Sep 2014   #60
mohavepc

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by gregrocker View Post
File in the MBR? Isn't MBR code? You mean in hidden System partition? Not scanned due to hidden? Found in memory?
You are correct Greg however that is how Hitman pro listed it. I will run hitman again on another machine that is acting the same way and get a screenshot for you. I am also going to write a tutorial for brink to look at on this pita. hitman says mbr infected, the options are ignore, replace, add exception.

**edit**
I ran hitman on this machine(my main one) and found the cidoxVBR-a as well but it had not infected the coding of the mbr as yet probably because I haven't rebooted yet. I will run hitman again after I reboot to be sure
**end edit**
My System SpecsSystem Spec
Reply

 Explorer.exe causes Iexplore to open multiple instances and high mem




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
multiple iexplore instances in task manager
When looking in taskmgr, I find 14 instances of Internet Explorer running, each using around 21MB of RAM. Any ideas as to why there are so many? If I close out of IE completely, they are still there.... thanks..
Browsers & Mail
How to open two instances of Windows Explorer ?
From time to time I want to open two instances of Windows Explorer at the same time so that I can then have them run side-by-side in order to , say, copy a file from one to the other by dragging and dropping. I have the Windows Explorer icon locked to the Taskbar which enables me to quickly launch...
General Discussion
open multiple instances within the same website
I am using Windows 7 with IE 8 on a laptop with a second monitor. When I open a website e.g. http://www.co.benton.or.us/maps/bentonmaps.php and then open another instance within that site e.g. BentonMaps Tutorial, a new window opens and replaces the original and so on. I want to view the tutorial...
Browsers & Mail
Allow multiple instances of explorer
Hi When I open explorer (the filesystem application not the webbrowser), and then try to open another instance of the same directory, the old instance of the program comes to the foreground but no new instance of the program is started. I use multiple workspaces with dexpot, so this means...
General Discussion
Open multiple instances of On-Screen Keyboard
Hi, I NEED a way to open multiple instances of the Windows On-Screen Keyboard at once. Right now, if i try to open it a second time, it opens the first one (doesnt create a new instance). i have been to many forums on the internet and still cant find a clear solution. I considered getting a...
General Discussion
Easily open 2 instances of Windows Explorer
I think I just discovered another shortcut. If I have Win Explorer open and hit Ctrl+N, I get a second instance of Explorer. This has been a PITA for me up until now. :D Also works for IE and Firefox. Seems if the program with focus uses the Ctrl+N such as Mail it still does what it is supposed to...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:42.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App