HELP: Home IE6 SP6 unresponsive (90%-98% CPU)

[Fernando Cacciola]

Hi people,

I have a genuine Windows XP Home with SP2 (on a HP Pavilion 1125 notebook)
connected to internet (cable) via a LAN through its wireless port.
Since about 2 weeks ago, whenever I launch IE6 (no matter what home page),
it becomes unresponsive and the TaskBar reveals it's using > 90% CPU.

I have Automatic Windows Update; and even so I manually checked for updates
and there were no critical ones to install.

The machine came with Norton AV and the XP firewall ON.. but about 2 weeks
ago its subscription was over and it took me about 3 days to buy and install
Norton Interner Security. Thus, the machine run with an overdue AV for about
3 days (but with the firewall still on). I had also installed (from the
beginnig) Microsoft Anti-Spyware and enabled RealTime protection.

This is my wife's notebook so I took some time to investigate the problem
When I finally did, I installed Norton Internet Security, updated it, turned
off XP firewall, and a first virus scan found no virues.
Then I encountered that MS Anti Spyware was "expired" so I had to uninstall
it and re-install it again. On the first scan, it found a couple of spyware
startups: One named "" (or some space-like char sequence) and another I
don't quite remember how it was called, but it had a name of the form:
"apparently_normal.exe <garbage chars>")

After the anti-spyware scan, I rebooted but the problem persisted.
So I launched MS anti-spyware again and looked at the startup programs,
ActiveXs and BHOs manually.
There were still a couple of strictly unnecesary startups, ActiveXs and BHOs
that I removed.
I left in only Google toolbar and dekstop, DAP, iTunes and Java.

After reboot the problem persisted.
So I looked at the services.
I disbled all services not from Microsoft nor Symantec (and hardware
related)

Yet after reboot the problem persists... and now I'm out of ideas...

Any help greatly appreciated.

Fernando Cacciola
SciSoft

 

[Guest]

Hello,

Use FireFox. It blows away IE and is a load faster and free from spyware
etc. You can imposrt all your favorites from IE as well and download themes
etc. A 1000 times better and all your woes will be over. Just make FireFox
your default browser. Cheers!

www.getfirefox.com

 

[Fernando Cacciola]

Hello,

Use FireFox.

If only I could
I really don't use IE much.. I use Opera mostly and Firefox occasionaly...
but there are _plenty_ of sites, at least here in Argentine, which don't
work correctly with Firefox or Opera, so I'm stuck with IE in those cases.

Fernando Cacciola
SciSoft

 

[Rose9994You]

Remove Java Toolbar

& also dowload spyware remover from download.com and run a scan.

 

[Rose9994You]

Remove Java Toolbar

& also dowload spyware remover from download.com and
run a scan.

 

[Leythos]

The machine came with Norton AV and the XP firewall ON.. but about 2 weeks
ago its subscription was over and it took me about 3 days to buy and install
Norton Interner Security. Thus, the machine run with an overdue AV for about
3 days (but with the firewall still on). I had also installed (from the
beginnig) Microsoft Anti-Spyware and enabled RealTime protection.

For Norton, expired does not mean it isn't running, it just means it's
not getting new updates. I don't install beta software, so I don't use
MSAS.

This is my wife's notebook so I took some time to investigate the problem
When I finally did, I installed Norton Internet Security, updated it, turned
off XP firewall, and a first virus scan found no virues.
Then I encountered that MS Anti Spyware was "expired" so I had to uninstall
it and re-install it again. On the first scan, it found a couple of spyware
startups: One named "" (or some space-like char sequence) and another I
don't quite remember how it was called, but it had a name of the form:
"apparently_normal.exe <garbage chars>")

It sounds like you need to check with better anti-spyware tools and with
updated Antivirus tools.

Once you install a couple of these, reboot in safe mode to run them -
it's easier to clean your system when running in safe mode.


Read and follow these links as needed to fix your system:

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
or uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the safest
place to download their application.

Also, do not post your log files here - there are HiJack groups for just
that purpose, not to mention all the web based forums setup for looking
at them.

Always remember - only download files from Trusted Sites.

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

You can also download Symantec Trial version of their Antivirus software
from here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

These are the actual vendors sites, not some unknown or authorized no-
name site. They also don't artificially increase the hits for sites that
get paid for the amount of traffic they can generate like one poster has
admitted to in this group.

When running these application, install them, update them, then reboot
in SAFE MODE and run them again to get even more things.

If you take nothing else from this post, remember the following:

Only download files from Trusted Sites.

 

[Fernando Cacciola]

Remove Java Toolbar

Hmm, OK, will try.

& also dowload spyware remover from download.com and run a scan.

Well, I use MS AntiSpyware, but as Leythos suggested I'll try others too.

Thanks

Fernando Cacciola
SciSoft

 

[Leythos]

Hmm, OK, will try.


Well, I use MS AntiSpyware, but as Leythos suggested I'll try others too.

Do you also have FireFox installed on this computer?

 

[Fernando Cacciola]

For Norton, expired does not mean it isn't running, it just means it's
not getting new updates.

Yes I know.. I just wondered if a very recent new virus just walked in
during that period.

I don't install beta software, so I don't use
MSAS.

Hmnm... good advice... MSAS is kind of *cute*, so I liked it... but I
shouldn't blindly trust it being a beta.

It sounds like you need to check with better anti-spyware tools and
with updated Antivirus tools.

Hmmm, ya, of course. I shouldn't just relay on those I use.

Once you install a couple of these, reboot in safe mode to run them -
it's easier to clean your system when running in safe mode.

oh, never thought running in safe mode was neccesary. OK.

Read and follow these links as needed to fix your system:

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
or uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the
safest place to download their application.

Ha, good advice.... I was doing that anyway but mainly just because I like
to know the vendor.
Never thought of making a systematic habit of it though. Great advice!

Also, do not post your log files here - there are HiJack groups for
just that purpose, not to mention all the web based forums setup for
looking
at them.
OK

Always remember - only download files from Trusted Sites.


AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

You can also download Symantec Trial version of their Antivirus
software from here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

Txs for the links.
I'm a long time user of SpyBot, but I got "seduced" my MS AntiSpyware and
install it instead in my wife's notebook.
AVG crashed on me way too often last time I tried, but I've seen reports of
it finding viruses NAV misses so...

Thank you

Fernando Cacciola
SciSoft

 

[Leythos]

Yes I know.. I just wondered if a very recent new virus just walked in
during that period.

Hmnm... good advice... MSAS is kind of *cute*, so I liked it... but I
shouldn't blindly trust it being a beta.

Hmmm, ya, of course. I shouldn't just relay on those I use.

oh, never thought running in safe mode was neccesary. OK.

When you run in Safe Mode many normal services are not started and only
the minimum to boot is loaded - there are still viruses that can run in
safe mode, but most spyware doesn't load if you boot in safe mode.

Ha, good advice.... I was doing that anyway but mainly just because I like
to know the vendor.
Never thought of making a systematic habit of it though. Great advice!

If you get into learning about the basics of security you will find that
you should do simple things, never download from a site you are unsure
about - there are many bad things posted on personal sites. Never run
P2P software for sharing files/music - most of it contains things you
don't want and may never know about. Don't use IE when you have any
choice - unless you set it for High-Security mode, and then most
websites don't display correctly if you do (HS mode).

Only run as an administrator level account when needed - run as a normal
user account by default, if offers a lot less chance of being
compromised.

If you don't have a network in your home or you only have 1 computer,
disable File and Printer sharing in the Network settings - limits the
chance someone can connect to your computer.

If you have a NAT Router or Firewall, block outbound traffic going to
ports 135~139, 445, 1433,1434 - makes it harder for your compromised
systems to spread viruses (doesn't stop everything, but if you look at
all the daily scans, port 445 is one of the most frequent and is not
needed outside your local network)

Txs for the links.
I'm a long time user of SpyBot, but I got "seduced" my MS AntiSpyware and
install it instead in my wife's notebook.
AVG crashed on me way too often last time I tried, but I've seen reports of
it finding viruses NAV misses so...

We installed AVG on personal computers for about 80 Sorority residents
last year, getting ready to do it again if they need it. It was version
6 and shortly they came out with version 7. We didn't see any issues
with the late version 6 or the version 7 AVG at all.

I never run BETA tools on a system I want to have working, and while
MSAS might be a nice tool, I'm going to keep using AdAwareSE and SBS&D
as they are something I've seen work for ages.

As for AVG catching things Norton missed - it would be interesting to
see if AVG caught things that were quarantined in NAV or if they were
spyware (which is not something Norton does in older versions), of if
they were real viruses.

 

[Fernando Cacciola]

Do you also have FireFox installed on this computer?

Not in that computer.

Fernando Cacciola

 

[Fernando Cacciola]

[SNIP]

Once you install a couple of these, reboot in safe mode to run them
- it's easier to clean your system when running in safe mode.

oh, never thought running in safe mode was neccesary. OK.

When you run in Safe Mode many normal services are not started and
only
the minimum to boot is loaded - there are still viruses that can run
in safe mode, but most spyware doesn't load if you boot in safe mode.

Ya I know that, but I figured the tools would find just the same. Maybe not.

If you get into learning about the basics of security you will find
that you should do simple things, never download from a site you are
unsure about - there are many bad things posted on personal sites.
Never run
P2P software for sharing files/music - most of it contains things you
don't want and may never know about.
Don't use IE when you have any
choice - unless you set it for High-Security mode, and then most
websites don't display correctly if you do (HS mode).

Ya. I use Opera mostly, Firefox when Opera fails, and IE when I have no
choice.
Unfortunately, lots of sites here in Argentina work only with IE, so I'm
stuck with it.

Only run as an administrator level account when needed - run as a
normal user account by default, if offers a lot less chance of being
compromised.

Ha well, I do that rutinely when I use Linux...
I never thought it would be the same in XP.
Now that I look at my own mindset, I realize that I've been using Windows
since 3.1 and so I think of XP as a Win95 with a cool UI... (as far as
security is concerned)... Maybe I should give it more credit.

if you don't have a network in your home or you only have 1 computer,
disable File and Printer sharing in the Network settings - limits the
chance someone can connect to your computer.

I actually have a home network of 3 PCs: two running XP Home (though both
can boot on Debian which I occasionally do) and 1 running Debian only.

If you have a NAT Router or Firewall,

As I do.

block outbound traffic going to
ports 135~139, 445, 1433,1434 - makes it harder for your compromised
systems to spread viruses (doesn't stop everything, but if you look at
all the daily scans, port 445 is one of the most frequent and is not
needed outside your local network)

Ha great, will do.

My business is 24/7 software development and parenthood and both keep me
totally busy. I admit I never took the time to systematically learn about
security.. I just follow the trends and general advice that I read
incidentally on news, forums, etc...
Each time I decide to read something about security I start some endless
document about it and I run out of time before I can get any sense of it.
The subject is so huge...
Do you perhaps know of a very very short introduction to it that can be read
by a really busy user (that just wants to keep its own home network
moderately secure). TIA

We installed AVG on personal computers for about 80 Sorority residents
last year, getting ready to do it again if they need it. It was
version 6 and shortly they came out with version 7. We didn't see any
issues
with the late version 6 or the version 7 AVG at all.

Hmmm. I shall try again then.

I never run BETA tools on a system I want to have working, and while
MSAS might be a nice tool, I'm going to keep using AdAwareSE and SBS&D
as they are something I've seen work for ages.

Ya, I should do the same.

As for AVG catching things Norton missed - it would be interesting to
see if AVG caught things that were quarantined in NAV or if they were
spyware (which is not something Norton does in older versions), of if
they were real viruses.

Well, when I first looked at AVG I scanned the web for discussions of it and
read, at least in two places, of support experts reporting that the machines
they recieved whith AVG had less virues overall than with any other AV,
including NAV and MacAfee. *I* interpreted that as meaning that AVG finds
more viruses.
They surely implied that they did recieve infected machines even with some
AV installed.
Now of course there can be other reasons like most people having illegal and
outdated AV copies... except of AVG been free. I often run into people with
dial-up connections that always says no when the AV ask to go for a
definitions update; and people with cable connections saying no because they
fear the vendor will see they use an illegal copy. And a lot of people here
still use illegal copies even of security products.

Best,

Fernando Cacciola