Heavy mem usage with IE 6 and IEXPLORE.exe

[mishelle10878]

I've noticed that after surfing and opening several IE 6 browsers
simultaneously, and then closing all except one, I'll see a very large
amount of mem usage for IEXPLORE.exe in my Task Manager. Sometimes it's as
large as 130 mg. In addition, even after closing all browsers, I'll see
that IEXPLORE.exe is still running with the heavy mem usage (although the
CPU time is idle).

When the mem usage is heavy and several browsers are open, I'll
occasionally lose the ability to start any program, and also have noticed
that half my start menu is lost. If I select a link and choose "open in
new window", either a blank window will open, or no window at all.
After I close all programs, and end the IEXPLORE.exe task, do I have the
ability to run a program again.

I've done a search for all versions of IEXPLORE.exe to see if there is any
spyware involved and the only version other than in the IE 6 directory is
iexplore.exe one in the system32\dll cache. Hijackthis also shows a pretty
clean system registry (as I watch my Task Manager on a regular basis and
try to not have too much running other than Zone Alarm, my AV program and
MS Win Defender).


I've run Spybot S&D, Ad-Aware, CWS Shredder, A-Squared and use IE-Spyad
along with the MVPS HOSTS file. I'm wondering if it could be the latter
two with all the restricted sites that wind up in the cache, that is
causing the heavy mem usage.

I'm running Win 2000 Pro with 384 mg ram. Is this a trojan or a memory
issue? I was thinking of creating a new pagefile.sys file. Would that
help?

 

[Galen]

In (e-mail address removed) had this to say:

My reply is at the bottom of your sent message:

I've noticed that after surfing and opening several IE 6 browsers
simultaneously, and then closing all except one, I'll see a very large
amount of mem usage for IEXPLORE.exe in my Task Manager. Sometimes
it's as large as 130 mg. In addition, even after closing all
browsers, I'll see that IEXPLORE.exe is still running with the heavy
mem usage (although the CPU time is idle).

When the mem usage is heavy and several browsers are open, I'll
occasionally lose the ability to start any program, and also have
noticed that half my start menu is lost. If I select a link and
choose "open in new window", either a blank window will open, or no
window at all.
After I close all programs, and end the IEXPLORE.exe task, do I have
the ability to run a program again.

I've done a search for all versions of IEXPLORE.exe to see if there
is any spyware involved and the only version other than in the IE 6
directory is iexplore.exe one in the system32\dll cache. Hijackthis
also shows a pretty clean system registry (as I watch my Task Manager
on a regular basis and try to not have too much running other than
Zone Alarm, my AV program and MS Win Defender).


I've run Spybot S&D, Ad-Aware, CWS Shredder, A-Squared and use
IE-Spyad along with the MVPS HOSTS file. I'm wondering if it could
be the latter two with all the restricted sites that wind up in the
cache, that is causing the heavy mem usage.

I'm running Win 2000 Pro with 384 mg ram. Is this a trojan or a
memory issue? I was thinking of creating a new pagefile.sys file.
Would that help?

How about a wild stab in the dark? Those are always fun... (I doubt a new
pagefile would help any by the way.)

Anyhow, how about looking at browser helper objects to see if any of those
are causing the slowdown and holding onto additional memory? There are a
variety of ways but the simplest is to simply disable 'em all and then add
'em back one by one until you see the process repeat itself. Or, of course,
seeing if removing them didn't help at all will tell you that is not the
issue.

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"At present I am, as you know, fairly busy, but I propose to devote my
declining years to the composition of a textbook which shall focus the
whole art of detection into one volume." - Sherlock Holmes

 

[Rob ^_^]

Hi Mishelle,

Any toolbar Addons? MSN Search toolbar, Yahoo Companion? The early versions
of these toolbars were problematic with memory usage and with leaving
orphaned iexplore.exe processes in the Task list.

Check for updates for these toolbars if they are installed. The Yahoo and
MSN toolbars also seem to have conflicts with each other, so if both are
installed I would recommend that you un-install one.

The MSN toolbar has been rebranded to the live brand and can be downloaded
from http://toolbar.live.com

Regards.

 

[mishelle10878]

In (e-mail address removed) had this to say:

My reply is at the bottom of your sent message:


How about a wild stab in the dark? Those are always fun... (I doubt a
new pagefile would help any by the way.)

Anyhow, how about looking at browser helper objects to see if any of
those are causing the slowdown and holding onto additional memory?
There are a variety of ways but the simplest is to simply disable 'em
all and then add 'em back one by one until you see the process repeat
itself. Or, of course, seeing if removing them didn't help at all will
tell you that is not the issue.

It's possible. I currently see Spybot and Site Advisor as BHO's.

 

[mishelle10878]

Hi Mishelle,

Any toolbar Addons? MSN Search toolbar, Yahoo Companion? The early
versions of these toolbars were problematic with memory usage and with
leaving orphaned iexplore.exe processes in the Task list.

I used to use Google's toolbar and I just felt it occasionally slowed
these down to a crawl. I have Snagit and that may cause a problem,
although this has been recent.

My AV program caught these trojans recently in IE temp jar files a few
weeks ago, and I'm wondering if it could be causing a problem:

Beyond.class
Blackbox.class
Dummy.class
Verifierbug.class
ms006-001 wmf exploit in an xpl.wmf file

I thought MS had released a security bulletin with a fix for the last one
and it should have been auto downloaded. I went to MS and downloaded the
fix again just to make sure.

Although my AV program said it blocked it, it wasn't able to move it to
the chest. I then did a AV bootscan and that's when it found all the
above trojans.

I may just use the Multi-AV program as a check just to make sure
everything has been caught.

I wonder if it's worth it to dl trial versions of Spy Doctor and Spy
Sweeper. I always have to go through hoops to delete those programs,
using several registry cleaners after uninstalling them.

 

[Galen]

In (e-mail address removed) had this to say:

It's possible. I currently see Spybot and Site Advisor as BHO's.

Let us try a stab in the dark here. Head to your hosts file and rename it
hosts.old for now. See if that makes a difference.

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"At present I am, as you know, fairly busy, but I propose to devote my
declining years to the composition of a textbook which shall focus the
whole art of detection into one volume." - Sherlock Holmes

 

[Guest]

Hi Mishelle,
These are not Trojans,they are Exploit or corrupt Files, but the AV label
them as Trojans but they are one of two causes, a corrupt VM ( MS Java
Virtual Machine) is corrupt or the AV itself is corrupt.
Try to download the latest VM from MS update site and also try clear the log
fileof your AV to see if the Error will n't come back.
Also try to Update your Java Version as the Old version been exploited by
crackers and hackers from here;
http://www.sun.com for latest of java version.
=> Open a RUN Command and type this; sfc /scannow or sfc.exe and press OK
and let run to fix any damaged files will be found on your System.
HTH.
Please let us know.
Regards,
nass

 

[mishelle10878]

In (e-mail address removed) had this to say:


Let us try a stab in the dark here. Head to your hosts file and rename
it hosts.old for now. See if that makes a difference.

Are you trying to say that one shouldn't use the MVPS HOSTS file?

 

[mishelle10878]

Hi Mishelle,
These are not Trojans,they are Exploit or corrupt Files, but the AV
label them as Trojans but they are one of two causes, a corrupt VM (
MS Java Virtual Machine) is corrupt or the AV itself is corrupt.
Try to download the latest VM from MS update site and also try clear
the log fileof your AV to see if the Error will n't come back.
Also try to Update your Java Version as the Old version been exploited
by crackers and hackers from here;
http://www.sun.com for latest of java version.
=> Open a RUN Command and type this; sfc /scannow or sfc.exe and
press OK and let run to fix any damaged files will be found on your
System. HTH

Thanks for the info. I just have several questions and comments:

1) I haven't downloaded Sun Java at all since a reinstall of Windows.
I've always found that program to be the most problematic as far as trojans
are concerned.

2) When running the sfc/ scannow command, Windows prompts for the Windows
OS disk to be inserted so that files can be copied. Since this program
will fix bad or corrupt files, won't it replace Win 2000 SP4 updated files
with old files (and any updated dll's)?

 

[Guest]

Hi Mishelle,


= Thanks for the info. I just have several questions and comments:

= 1) I haven't downloaded Sun Java at all since a reinstall of Windows.
= I've always found that program to be the most problematic as far as trojans
= are concerned.

But some applications need java in case to run and function properly.
To download the latest of MS VM for wins2000 go here:
http://www.microsoft.com/downloads/...ac-69ef-4287-9a07-6c740f162644&displaylang=en


= 2) When running the sfc/ scannow command, Windows prompts for the Windows
= OS disk to be inserted so that files can be copied. Since this program
= will fix bad or corrupt files, won't it replace Win 2000 SP4 updated files
= with old files (and any updated dll's)?

It is better to have the original DLLs than having a corrupt ones?, then the
OS will update these through the Updates from MS websites.
When you asked to put the CD in, just put it and let the system handle it
and repair the files.
HTH.
Regards,
nass

 

[Galen]

In (e-mail address removed) had this to say:

My reply is at the bottom of your sent message:

Are you trying to say that one shouldn't use the MVPS HOSTS file?

I'm saying that a bloated hosts file has caused some odd slowdowns in the
past and that if you rename it and see if there's a difference after that
you will know that is the issue. I'd generally never tell anyone what they
should and shouldn't use unless it's malware related.

--
Galen - MS MVP - Windows (Shell/User & IE)
http://dts-l.org/
http://kgiii.info/

"At present I am, as you know, fairly busy, but I propose to devote my
declining years to the composition of a textbook which shall focus the
whole art of detection into one volume." - Sherlock Holmes