Active Network Forums New User  |  Login  |  Any forum problems? E-mail us
Back to Forums > "Windows 95/98/SE/ME"
<- Previous Thread  |  Next Thread ->

The time is 11:46:19 PM

Locked Thread Multiple Iexplore In Task Manager
  User Icon fryfry

Newbie (1 Posts)
Newbie (1 Posts)

1/6/2007 5:49:50 PM


i have tried everthing on this thread. still geting multiple iexplore.exe !!! desperatly need help
  User Icon Pmales

Newbie (3 Posts)
Newbie (3 Posts)

1/12/2007 2:58:58 PM


    QUOTE:

    Originally Posted by fryfry:
    i have tried everthing on this thread. still geting multiple iexplore.exe !!! desperatly need help




I tryed this thing called Remote Task Manager at work, (A lawyer had this problem) and noticed the Google ToolbarNotifier.exe would start 2 new processes before a new IExplore.exe would start up. I tried to disable the tool bar but it would start right up again. So i just uninstalled it and it works. He can get on and surf the web again with no problems.

We think becuase he does not have permistions to DL anything and what not when the toolbar tried to update it broke it some how. Or that somthing bigger is attaching itself to it and causing the issue. Also it never used the whole cpu, it ran normal. Just when IE was launching it would not work, just go to the homepage and would do nothing else. Then have about 20 or so IExplore.exe.

Glad i found this site though, it helped out alot. Thanks for all the advice guys.
  User Icon jwyatt8171

Newbie (1 Posts)
Newbie (1 Posts)

1/13/2007 8:02:44 AM


    QUOTE:

    Originally Posted by Pmales:
      QUOTE:

      Originally Posted by fryfry:
      i have tried everthing on this thread. still geting multiple iexplore.exe !!! desperatly need help




    I tryed this thing called Remote Task Manager at work, (A lawyer had this problem) and noticed the Google ToolbarNotifier.exe would start 2 new processes before a new IExplore.exe would start up. I tried to disable the tool bar but it would start right up again. So i just uninstalled it and it works. He can get on and surf the web again with no problems.

    We think becuase he does not have permistions to DL anything and what not when the toolbar tried to update it broke it some how. Or that somthing bigger is attaching itself to it and causing the issue. Also it never used the whole cpu, it ran normal. Just when IE was launching it would not work, just go to the homepage and would do nothing else. Then have about 20 or so IExplore.exe.

    Glad i found this site though, it helped out alot. Thanks for all the advice guys.




Pmales. Ive been working on this problem for a few hours now. Thanks for the tip. I ended the task of google toolbar and ie opens fine now. Now i'll uninstall it and bingo. Thx for the tip.

  User Icon Pmales

Newbie (3 Posts)
Newbie (3 Posts)

1/17/2007 12:18:19 PM







Pmales. Ive been working on this problem for a few hours now. Thanks for the tip. I ended the task of google toolbar and ie opens fine now. Now i'll uninstall it and bingo. Thx for the tip.






NP glad it helped you out.
  User Icon agtabby

Newbie (1 Posts)
Newbie (1 Posts)

1/21/2007 1:51:42 AM


[thecodeslinger
your advice worked perfectly. Thanks - you pretty much said it all, I'll add a few details
1. when you look at executable in main directory "pgm.exe" and one in the bak directory (same name) you can tell something fishy. The real program in bak has the proper icon, and right click properties gives the company info, rev etc. The fake program has none of this! Also I found 7 fake programs, all were same size (about 40k)
2. One thing I like to do when I get a virus is do a file search by date. In this case I saw one infected file was from 1/15/2007 at about 9PM, so I searched for all files modified on this day then sorted by mod time. This is an extra check to make sure you catch everything - typically an infection takes place in a few minutes, you can scrutinize all the files modified in this time area.

Anyway thanks again
[/QUOTE]

MALWARE SYNOPSIS

OBSERVED BEHAVIOR:
Upon start/restart of infected computer, said computer would over-utilize CPU performance to the point that other software functions on the machine would not be able to reasonably initiate at startup.

BACKGROUND OBSERVATIONS:
In actuality, the malware was creating multiple IEXPLORE.exe instances running as background tasks. These instances were then creating randomly named .EXE (0 bytes) and .DLL (22K bytes) files. These files were located on the local HDD under the path C:\Documents and Settings\"Login Name"\Local Settings\Temp and had the filename prefix characteristics of "Tnnnnnnnn", where nnnnnnnn was a randomly generated number. These files were children of the background IEXPLORE.exe tasks and could not be deleted until the respective IEXPLORE.exe task was terminated from the Task Manager utility.

FUNCTIONAL ANALYSIS:
This malware had initially gone in and found all non-critical executable references in the machines HKLM and HKCU Software\Microsoft\Windows\Current Version\Run registry keys. The malware then went into those directory locations for ALL executables found, created a .BAK subdirectory moved the real executables into the .BAK subdirectory and then replaced the original executables with a malware executable of the same name. In my case, this had happened about a dozen places. This malware can be determined by sudden loss of certain software-based functions on computer, in my case it was enhanced mouse features, Pop Peeper (POP3 utility) quit working, Counterspy quit loading, etc. Said malware is replaced in other .EXEs as well but this fact would not be realized immediately due to non-utilization of @ssociated functionality, so there is a lack of awareness of widespread infection on the computer. Another observation, the size of the malware executable is always 17K bytes.

ERADICATION:
Perform a complete HDD search, starting from the root directory, for "BAK". Along with files having suffix BAK (not important), the search identifies every directory path with a BAK subfolder embedded, an affected software product. At that point the malware executable can be deleted and then replaced with the proper executable found in the respective BAK subdirectory. Once the original .EXE executable is moved back to its proper location, the BAK folder can be deleted.

FINAL ANALYSIS:
Prior to performing further research, as far as I can tell this is a non-destructive virus, besides chewing up m@ssive CPU resource. At this point I have not determined the URL where the stand-alone IEXPLORE.exe task was trying to connect.




  User Icon Fanadril

Newbie (2 Posts)
Newbie (2 Posts)

1/25/2007 3:14:24 AM


For those who "Still" have multiple Iexplore.exe's running do this.....

Check to see if you have Netpumper, Bitgrabber, or BitRoll installed in the "start > controlpanel > software > add/remove programs". If you have any of these installed, remove them, and then immediately check to see which of the following are also installed;

CiD Help / CiD Manager
Download Plugin for Internet Explorer
Zone Media


Delete any of these you have installed as well and if they request a verification code, put in the code it is displaying on the popup and this will unlock them, allowing you to delete them.

I know this is against EVERYTHING they tell you about windows, but do a hard shutdown (I just unplugged my machine) and power back on. You should see the 2 iexplorer.exe's are gone! The problem is that the malware is bundled with Netpumper, Bitgrabber, and BitRoll, which are file share programs. After 6 months of having this problem, along with the @ssociated popups and excessive CPU usage, I am finally free of them!!! I hope this helps anyone still in need!

This post was last edited by Fanadril on Thursday, January 25, 2007 at 8:27:30 PM.
  User Icon Pmales

Newbie (3 Posts)
Newbie (3 Posts)

1/25/2007 1:50:21 PM


Quick question, are you talking about Multi Iexplorer.exe, or Iexplore.exe? They are two diffrent things, Iexplore.exe is liget, the other is bogus.

    QUOTE:

    Originally Posted by Fanadril:
    For those who "Still" have multiple Iexplorer.exe's running do this.....

    Check to see if you have Netpumper, Bitgrabber, or BitRoll installed in the "start > controlpanel > software > add/remove programs". If you have any of these installed, remove them, and then immediately check to see which of the following are also installed;

    CiD Help / CiD Manager
    Download Plugin for Internet Explorer
    Zone Media


    Delete any of these you have installed as well and if they request a verification code, put in the code it is displaying on the popup and this will unlock them, allowing you to delete them.

    I know this is against EVERYTHING they tell you about windows, but do a hard shutdown (I just unplugged my machine) and power back on. You should see the 2 iexplorer.exe's are gone! The problem is that the malware is bundled with Netpumper, Bitgrabber, and BitRoll, which are file share programs. After 6 months of having this problem, along with the @ssociated popups and excessive CPU usage, I am finally free of them!!! I hope this helps anyone still in need!


  User Icon Fanadril

Newbie (2 Posts)
Newbie (2 Posts)

1/25/2007 8:24:46 PM


    QUOTE:

    Originally Posted by Pmales:
    Quick question, are you talking about Multi Iexplorer.exe, or Iexplore.exe? They are two diffrent things, Iexplore.exe is liget, the other is bogus.




I am talking about multiple Iexplore.exe running in task manager. There are two Iexplore.exe which are using between 60k to 90k of memory, and another running about 5-6k of memory. When you terminate one, it reloads back in before you can click on the 2nd one. These are not legit applications which are running whether the real Iexplore.exe is running or not. They also create pop ups when you go to certain business sites. Hope that helps.

**Edit** I see where the confusion was, and fixed the ealier post to Iexplore.exe instead of Iexplorer.exe. Sorry for the mistake.

This post was last edited by Fanadril on Thursday, January 25, 2007 at 8:29:37 PM.
  User Icon jam3sm

Newbie (1 Posts)
Newbie (1 Posts)

2/8/2007 8:09:25 PM


Hi Guys

I've been spending the evening trying to get rid of an iexplore.exe or firefox.exe (depending on which is the default browser) process that ran hidden at startup. I looked high and low. I've removed it now, the problem the Poison Ivy trojan, the solution follow these simple instructions carefully -
http://kb.mozillazine.org/Firefox.exe_always_open#Background

If you have the same problem follow the instuctions and it should stop the fake process running.

James
  User Icon samboy600

Newbie (1 Posts)
Newbie (1 Posts)

2/8/2007 11:05:03 PM


OK guys i will give you the simplest solution, if you know where the problem is.

As many have already mentioned if you go to C:\Documents and Settings\All Users\Application Data

Look for a folder with a weird name, mine was "global bird hold win" and inside had a program called Gram book.exe i also had another process running in task manager called "bore copy camp.exe" now you will probably have something different to me, best way to find out ish!t ctrl+alt+del click on processes, look for anything that seems out of place and google it up, if you return with no results or a malware search then it is most probably your problem.

first click on start, Run, msconfig => start up and uncheck the files that have weird names in my case i unchecked global bird hold win and bore copy camp.exe (these are the files that are causing iexplore to boot up) => click ok, restart your computer in safe mode, proceed to C:\Documents and Settings\All Users\Application Data and delete the weird file as you are unable to delete this when running normal windows

BINGO! you are fixed Emoticon
  User Icon aflansburg

Newbie (1 Posts)
Newbie (1 Posts)

3/8/2007 12:01:38 AM


I'm right there with you. I came to the same conclusion after I caught some things in my C:/Windows/Prefetch folder. Then I caught something called axisshim popping up for half a second in my task manager.

</b> You have to go into C:/Documents and Settings and open every "user" folder there, whether it be owner, default user, or all users. Then you have to go inside of all of those folders and into the application data folder and find some oddly named folders (mine were like funky names like blue live, exit vga pile htm, etc....... always lower case letters. Just delete them and empty your recyle bin and you are good to go. </b>

Virus scans and registry fixes don't work. Spybot search and destroy was worthless, didn't even show up in my hijack report...............

multiple iexplore.exe, iexplorer.exe, prefetch folder, virus, worm
  User Icon Sir Berman

Newbie (1 Posts)
Newbie (1 Posts)

5/1/2007 4:35:40 PM


hi all,

I had that same problem. I renamed iexplore.exe like one of you said. restarted and my firewall came up with a program called "srv .... help.exe"

I searched for it and found a hidden folder called poll warn data with several files. I deleted the folder but had to go into safe mode to do it, emptied the trash can, renamed the iexplore.exe and restarted. It worked.

hanks everyone
  User Icon metalglazed

Newbie (1 Posts)
Newbie (1 Posts)

5/21/2007 1:16:43 AM


i had win32.small.acp myself. i used avast! antivirus to detect it and get rid of it. i had up till then used everything else myself. hope this helps. if not, email me at annoyingly_me@hotmail.com for more thorough answers.
----------------------------------------------
annoyingly_me
  User Icon haxor911

Newbie (1 Posts)
Newbie (1 Posts)

7/8/2007 10:13:41 PM


    QUOTE:

    Originally Posted by metalglazed:
    i had win32.small.acp myself. i used avast! antivirus to detect it and get rid of it. i had up till then used everything else myself. hope this helps. if not, email me at annoyingly_me@hotmail.com for more thorough answers.




OK GUYS LISTEN UP.... you guys have been talking about this sh!t forever......

i have had the same problem before, multiple process in the task manager - iexplore or iexplorer.... ALL THE SAME doesnt matter about changing the name ITS THE SAME THING..

so ya every time you close your internet explorer and open a new one IT IS REALY STILL THERE. using all your memory AND WORSE AND WORSE every time you close internet and reopen. yup done it mysel

TO FIX THE ANNOYING PROBLEM

(that slows the hell out of your pc omg!!)

Dowload A-Squared -http://www.emsisoft.com/en/software/free/
(its free)

The reason you wont get this to work if you HAVE TRIED IT BEFORE is becuase you didnt run it in SAFE MODE!! F12 when you restart your pc.... if you didnt know that by now

run the a-Squared in safe mode and BOOM problem fixed I PROMISE

now you can thank me lol
  User Icon melus

Newbie (1 Posts)
Newbie (1 Posts)

7/29/2007 1:07:57 AM


    QUOTE:

    Originally Posted by samboy600:
    OK guys i will give you the simplest solution, if you know where the problem is.

    As many have already mentioned if you go to C:\Documents and Settings\All Users\Application Data

    Look for a folder with a weird name, mine was "global bird hold win" and inside had a program called Gram book.exe i also had another process running in task manager called "bore copy camp.exe" now you will probably have something different to me, best way to find out ish!t ctrl+alt+del click on processes, look for anything that seems out of place and google it up, if you return with no results or a malware search then it is most probably your problem.

    first click on start, Run, msconfig => start up and uncheck the files that have weird names in my case i unchecked global bird hold win and bore copy camp.exe (these are the files that are causing iexplore to boot up) => click ok, restart your computer in safe mode, proceed to C:\Documents and Settings\All Users\Application Data and delete the weird file as you are unable to delete this when running normal windows

    BINGO! you are fixed Emoticon




Thanks samboy for your solution to fix the problem of multiple iexplore.exe opening. My folders were named SixthGlue, This Drv Stupid, and win bits.

Now that the boxes are unchecked in Startup, how to get rid of them?

IMHO, I think the problem here is definately caused by many things. In my case, it happened to be the same @ssamboy's.
  User Icon ssiegmund

Newbie (1 Posts)
Newbie (1 Posts)

9/5/2007 8:45:12 AM


When I go to All Users there is no application data folder, but when I look in my son's application data under acccore and caches, there is one for somebody named Bart. I don't know Bart and I don't think my son does either, and this looks like it was updated at a time when he was not here. I am so hesitant to delete anything from the computer but do you think it would be okay to delete that? It contains 5 folders that have progressively larger number names, like 1, 26, 131, 361, 1024, and in each folder there are just files named with numerals. Thank you.
  User Icon kc_al

Newbie (1 Posts)
Newbie (1 Posts)

9/28/2007 10:50:18 PM


    QUOTE:

    Originally Posted by ssiegmund:
    When I go to All Users there is no application data folder, but when I look in my son's application data under acccore and caches, there is one for somebody named Bart. I don't know Bart and I don't think my son does either, and this looks like it was updated at a time when he was not here. I am so hesitant to delete anything from the computer but do you think it would be okay to delete that? It contains 5 folders that have progressively larger number names, like 1, 26, 131, 361, 1024, and in each folder there are just files named with numerals. Thank you.




The reason you don't have an 'application data' folder in your 'all users' subdirectory is probably b/c you are not set to view hidden files. By default, XP hides certain folders and I think 'app. data' is one of them. If you're in Windows Explorer and click on 'tools>folder options', click on the 'view' tab and put a dot in the 'show hidden files and folders', you should be able to see it.

Regarding the multiple 'iexplore.exe' process in task manager, taking up a lot of memory, this solution happened to cure that issue on my machine. I had 2 different startup processes running under 'msconfig'. One was labeled 'send show great' and one, 'jugs each'. Both corresponded to files in 2 different application data folders. The 2 folders were 'bluename' and 'great coal love default'. They appeared under 2 different users, one in 'all users' and the other in 'owner.' I was unable to delete the one under 'owner' in safe mode as it doesn't load or allow changes to certain user accounts. After scanning my system with every free AV and Spyware I could fine (i.e. AVG AV, AVG Anti-spyware, A-Squared, Trendmicro's online Housecall, etc), the fix was fairly simple and not too time consuming. The startup processes were obvioius to find.

Thanks for the solution.
  User Icon Psychotropic

Newbie (2 Posts)
Newbie (2 Posts)

11/13/2008 5:59:53 PM


    QUOTE:

    Originally Posted by jversluis88:
    Every time I open up Internet Explorer, 'Iexplore' appears on the task manager window (when I view it with CTRL+ALT+DELETE). The problem is, 'Iexplore' appears in the task manager window EVERY time I open Internet Explorer, so I end up with around 20 or so once the day is done, and this sucks up a ton of memory. I want to know what's causing this and how it can be fix. Thanks in advance.
      QUOTE:


      im having the same problem (multiple iexplorer instances in task manager also iexplorer opens itself up on its own directs me to ads most with the heading CID: ......) I have isolated one of the culprits- an exe file named PLI3q66H.exe and a similarly named file next to it, found in c/windows/system32. you can see this exe in task manager and if you end process on it then manually delete it- you can then end the instances of iexplorer but - later it'll recreate itself and reappear sometime later. -Maybe a dll instigating?- but i cant locate the dlls mentioned in these blogs- hope this helps- you and me both also the exe-PLI3q66H was first picked up by norton av as a 'trojan-or something' yet cant query it on google or yahoo????
      trying to help, LSD also..im running XP
  User Icon Psychotropic

Newbie (2 Posts)
Newbie (2 Posts)

11/13/2008 6:10:35 PM


    QUOTE:

    Originally Posted by az-z71:
    OMG......I think this is why my ME keeps hanging once I connect the router to it. I jacked around with everything then all of a sudden I started to notice that under the task manager there is this task running for iexplore. I was like what the heck is this, there is explorer, windows internet explorer and this iexplore.

    So iexplore is a trojan?

    I ran AVG and it did not find it. I'll check into this a-squared. How else can I find it?

    My symptoms were that @ssoon as I plugged the ethernet cable into the pc the pc would freeze up, the mouse would still move but if I clicked anything it would not open. Usually what would happen is that I would have to go to task manager because windows explorer stops responding.



NOTE to Poste(e/r)... iexplore is the program name for internet explorer..hence iexplore.exe-
isnt the culprit -its something else, generating multiple instances(copies) of internet explorer

Copyright © 1997-2012 Active Network, Inc. All Rights Reserved. Terms of Use. Privacy Policy.
cheap boilers, IR35
Taxis