IEHighutil.exe Need urgent help, something that can fry my GPU

cottonball said:

Wondering if using the Intel® Driver Update Utility would do any good:
Intel® Driver Update Utility

However, it states:

Intel provides generic versions of drivers for general purposes. Your computer manufacturer may have altered the features, incorporated customizations, or made other changes to your driver. Intel recommends you contact your computer manufacturer for the latest system specific updates and technical support information.

I ran the driver update utility and it found i was using an antique version of network drivers. Other than that, everything is up to date.

cottonball said:

Are you sill having the high CPU usage, or any BSODs?
Findings on this issue report that an infected iaStor.sys can be the cause.
This file is a RAID driver, but it is also the disk controller driver under Device Manager.

Given the circumstances, let's do the following...

Please download ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

IMPORTANT!!! Save to your Desktop <<<


If using a notebook, make sure it is connected to wall-power (AC power), or a UPS system.



Disable any AntiVirus and AntiSpyware applications, since they may interfere with ComboFix.

Info on disabling protection programs:
Topic:
How to disable your security applications - Tech Support Forum
Topic:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com


To run the program, right-click on ComboFix.exe and select: Run as Administrator
Click on Yes, to continue scanning for malware.

The scan make take a while, since it has some 50+ stages.

When finished, CF produces a report.


Please provide a copy of the C:\ComboFix.txt in your reply.
　
Notes:
1. Please do not mouse-click the ComboFix window while it is running. This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the Internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Done. Uploaded combofix log.

Can you tell me what else ComboFix changes? I saw a lot of folders i had hidden no longer hidden.

Stumbled upon this thread during a Google search for iehighutil.exe, I was in the same situation as OP and Ive never seen my GTX 480 run this hot before, it was reaching up to 95C just sitting idle at the windows desktop.

The PC kept hard locking for around 30 seconds at a time every 30 seconds or so and would unfreeze with a "Nvidia driver stopped responding and has recovered" message.

I reboot into Safe mode and ran Combofix which appears to of fixed the problem, the log file shows iehighutil.exe as being removed as well as a bunch of other files and my video card appears to of been unharmed.. but I'm guessing it has/will damage some GPUs.

Nasty virus.

mathesar said:

Stumbled upon this thread during a Google search for iehighutil.exe, I was in the same situation as OP and Ive never seen my GTX 480 run this hot before, it was reaching up to 95C just sitting idle at the windows desktop.

The PC kept hard locking for around 30 seconds at a time every 30 seconds or so and would unfreeze with a "Nvidia driver stopped responding and has recovered" message.

I reboot into Safe mode and ran Combofix which appears to of fixed the problem, the log file shows iehighutil.exe as being removed as well as a bunch of other files and my video card appears to of been unharmed.. but I'm guessing it has/will damage some GPUs.

Nasty virus.

I don't even know why they would do this. I mean, hacking i understand. They gain something.
But what do they gain from damaging someone else's GPU?

Unless.. ITS A PLOT FROM NVIDIA and ATI TO SELL MORE GPUS!!! lol

After looking over the files contained in C:\Temporary, it appears this is utilizing your GPU for Bitcoin mining using Poclbm

Poclbm (PyOpenCL bitcoin miner) is a python GPU bitcoin miner that uses the OpenCL framework to quickly perform the hashing computations. Works with AMD - 4xxx and up, Nvidia - 8xxx and up, video cards.

If you notice high GPU usage, get rid of it with Combofix!

Hi,

For those of you that have a problem with software not installing correct (or not installing at all) due to the IEhighutil.exe there is a simple fix/workaround.

1. Change the extension of the "setup.exe" to "setup.zip".
2. Open it in winrar or whatever you're using
3. You'll see two files in the archive...usually one named "install.exe" and one named "setup.exe".
4. The install.exe is evil. The setup.exe is the real deal
5. Extract only the "setup.exe" and replace/run it in the same folder as the old/renamed setup.exe
6. And there we go.

Has worked for me 9 out of 9 times when my virus scanner blocked executive of the setup due to IEhighutil.exe piggybagging on the archive.

Hope that helps. Worth checking if you suspect a malicious setup.exe

M