Page 1 of 1
Multiple Instances of iexplore.exe
Posted: Fri Aug 08, 2003 11:08 am
by Gza
Lately, this problem has been getting the best of my PC (as it can bring down my resources to 25%). After about a good deal of surfing and whatnot, when opening up a task lister (ie. Norton System Information), I see multiple instances of iexplore.exe; they
each take up about
20MB! And with only 128MB RAM to spare, one can do the math as to how drastically this can affect system performance. I have Sygate and Norton AV 2003 running, as well as ran Ad-aware and Spybot to clean things up a bit (as I do periodically). In addition, when I run the task managing program EndItAll, the titles for the multiple instances of iexplore.exe is "WIN95 RPC Wmsg Window". I did a search for what that message meant, and decided to install the DCOM 1.3 update, which didn't fix the problem at all. I however came across certain sites which mentioned similar problems, if not identical:
http://computing.net/windows95/wwwboard ... 13696.html
http://computing.net/windows95/wwwboard ... 68519.html
http://computing.net/windows95/wwwboard ... 04763.html
Previously I was running IE6 with the latest updates, but then decided to fall back to IE5.5 (again, with latest updates) as it seems faster, for my system at least, in the hopes of alleviating the problem. The same results crop up though. Has anyone else experienced this? Does anyone know how to fix this? Any responses would be greatly appreciated.
System:
PII 300
128MB PC66 RAM
Win98SE
13.6GB / 4.3GB
GF2 MX400 32MB
Posted: Fri Aug 08, 2003 12:00 pm
by blebs
I can't help but think that you have a virus going undetected. Have you tried doing a virus scan from safe mode? You may want to try a dos based scanner. Maybe try F-protect from
http://www.f-prot.com/download/home_user/ and run it from Dos.
I could be wrong and it looks to be that you've done a lot of research yourself already. It just sounds like that's whats going on.
Posted: Fri Aug 08, 2003 1:10 pm
by TonyT
In IE, disable IE Auto Updates, in Norton, disable auto updates.
Every IE window opened will show up as a separate instance of iexplore.exe in processes running window.
Disable windows error reporting. This service reports all errors to a MS server.
At a fresh boot, before opening any windows, there should be NO instances of iexplore.exe running, unless you have scheduled tasks related to auto updating programs. If at a fresh boot, iexplore.exe shows up as a running process, then use Comp Mgmt\System Info\Software Environment\Loaded Modules to see what modules are loaded and their paths. Someting is utilizing iexplore.exe OTHER THAN you.
Posted: Fri Aug 08, 2003 6:47 pm
by iaus10
We are having a similar problem with several Win2000 terminal Clients at work. I have to kill iexplorer.exe processes on several connections throughout the day. I disabled IE script debugging and didn't have "lock-ups" today. Hopefully that will help.
Ivan
Posted: Fri Aug 08, 2003 11:27 pm
by Gza
TonyT: On a fresh bootup, I don't have any instances of iexplore.exe running, so I guess I'm good to go there. I'll try the things you told me though in a second.
Thanx for the replies guys.
Posted: Sat Aug 23, 2003 6:12 am
by Gza
Ok, just an update: the problem hasn't entirely gone away ever since. Now here's the weird part: when I have closed all IE windows, upon viewing Sygate's running applications window, an "Internet Explorer" (IEXPLORE.EXE) instance crops up every second or so, then disappears. I really have no idea what's causing this.
On another note, I have no yet completed at full system scan, as it is time consuming, but have since then installed AVG 7.0 Trial. Ran Spybot and Ad-aware to clean things up a bit as well.
This has got me completely stumped. Any advice would be greatly appreciated.
Posted: Sat Aug 23, 2003 7:59 am
by TonyT
then use Comp Mgmt\System Info\Software Environment\Loaded Modules to see what modules are loaded and their paths.
Posted: Sat Aug 23, 2003 8:27 am
by Brk
IEXPLORE.EXE should be originating from C:\Program Files\Internet Explorer\
If it is IEXPLORE.EXE from C:\Windows\System (System32) then it's a virus.
Posted: Sat Aug 23, 2003 2:27 pm
by Gza
Yes, the IEXPLORE.EXE that keeps on popping up resides in C:\Program Files\Internet Explorer\ .
On another note, I just found out that I'm actually running IE 5.01, although it doesn't seem to be making any differences, as this problem already existed with IE 6 as well. Any other ideas?
Posted: Wed Aug 27, 2003 12:26 am
by Gza
*bump*
Posted: Wed Aug 27, 2003 6:44 am
by TonyT
Download and install this free app which will show you ALL TCP connections in real time and you will be able to see if iexplore.exe is actually connection somewhere:
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
Posted: Wed Aug 27, 2003 11:25 pm
by Gza
Okay, here's a screeny:
Seems like a connection is still existent between IE and the last website I visited.
Update: after creating this post and closing the IE window after successful completion, this is the result:
Right now I'm just speculating as to whether the cause may be due to my simultaneous IE connections setting (8 per server / 16 per 1.0 server).
Posted: Thu Aug 28, 2003 10:17 am
by TonyT
Two MAJOR issue, ONE iMAJOR security issue:
1. Listening on port 137 & port 138
You have TCP\IP (internet protocol) enabled for File & Print Sharing. TCP\IP is bound to File & Print Sharing and bound to the Client for MS Networkks.
UNBIND TCP\IP FROM THESE, your computer is open to anybody.
2. Established connection on port 1863 (msgr.hotmail.com)
You have MSN Messenger. Turn off the auto update feature.
Posted: Sat Aug 30, 2003 12:53 am
by Gza
Update:
About file / print sharing: hmm, that was weird, considering that I had them unticked all along, yet those ports were still open? I decided to remove MS Client for Networks altogether.
About MSN Messenger auto update: I googled it, and only found out ways to do it in Win2000. Did a search through the registry and couldn't find anything pertaining to messenger auto update (notification as well).
Another thing has been cropping up recently. It seems that Kernel32.dll is trying to access the net, according to Sygate. Now I know that that shouldn't be happening, so I decide to block it altogether.
As for iexplore.exe, the problem still exists unfortunately. I'm thinking that I have a worm or something. Did a scan using TDS (a trojan scanner) - not full, but all the others, like memory and running processes - and found no results. Thing is however, that even when I try downloading the latest radius.td3 and put it into the TDS folder, the program still says that I need to update the database file! Whatever, heh.
Are there any other trojan / worm removal software I should be advised to try out?
In addition, it seems that for all of iexplore.exe's appearances, they are all due to incoming ICMP blockages at port 8.
Any more ideas?
Once again, the help is greatly appreciated as usual.
Posted: Sat Aug 30, 2003 2:17 am
by UnitedWeStand
icmp 8 blocks. showing up as IE appearance?
my isp has completely blocked my entry to internet using port 80 .. i'm on UDP port 53 going to them when I fire up browser. but incoming shows TCP port 80. Packet Logs indicate several ICMP 8 blocked. Backtrace shows me that its my own isp.
they might be scanning for viruses or.. people on my same netblock is scanning for viruses.
although IE appearances don't happen on my computer. I disabled IE and made Firebird my default browser.
IE sux. and uses up too much ram.
Posted: Sat Aug 30, 2003 2:12 pm
by Gza
Yeah, all blocks seem to be coming from people with similar IPs as I have. Hmm...