IE running at 100% at Windows startup and displaying CID popup adv

  • Thread starter Thread starter Ben Warr
  • Start date Start date
B

Ben Warr

I've now upgraded to IE8 but had this problem on IE7 too.
iexplore.exe starts automatically at windows startup and runs between
90-100% cpu utilisation, effectively locking the PC. If left running (I
usually 'end task') it will eventually calm down, but I will start to get
adverts popping up with a CID label on the blue bar at the the top of the IE
window.
I believe from searching the net and the forum that I have some sort of
virus, and I've tried running Malwarebytes anti-malware and SDFix/ComboFix to
no avail.
I'd like to get this fixed please. I'm running Norton AV. Also, I have an
automated Java update which won't run as it is complaining about IE settings.
This could be related? Help please! P.S. This is the only thread I'm posting.
 
Ben said:
I've now upgraded to IE8 but had this problem on IE7 too.
iexplore.exe starts automatically at windows startup and runs between
90-100% cpu utilisation, effectively locking the PC. If left running (I
usually 'end task') it will eventually calm down, but I will start to get
adverts popping up with a CID label on the blue bar at the the top of the IE
window.
I believe from searching the net and the forum that I have some sort of
virus, and I've tried running Malwarebytes anti-malware and SDFix/ComboFix to
no avail.
I'd like to get this fixed please. I'm running Norton AV. Also, I have an
automated Java update which won't run as it is complaining about IE settings.
This could be related? Help please! P.S. This is the only thread I'm posting.
Click to expand...

Those anti-malware programs probably don't recognize iexplore.exe as
malware when it has been added as a startup item in the registry or as a
scheduled task. Use SysInternals' AutoRuns to see what all you have
configured for startup items. See if you find IE listed in there.
Sounds like IE has been configured as a startup item to connect to a web
page that shoves ads in your face. You could, for example, yank the
CAT5 network cable, telephone cord, or power down the cable modem
(depending on how you connect) to see if Windows boots normally and IE
opens but reports it can't find the web page.
 
Please state your full Windows version (e.g., WinXP SP3; Vista SP1) when
posting to this newsgroup.

1. Start by (a) disabling NAV, (b) uninstalling IE8 Beta 2, and (c)
rebooting *twice*.

How to uninstall Internet Explorer 8 Beta 2
http://support.microsoft.com/kb/957700/

2. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

3. Run this online scan (in safe mode w/networking, if need be):
http://onecare.live.com/site/en-us/center/howsafe.htm

4. Now run additional checks for hijackware, including posting your
hijackthis log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or another appropriate forum for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
 
Thankyou so much.

The onecare scan found a host of problems and fixed most of them, including
the iexplore.exe problem.

I'm so pleased that I've loaded Windows Live Onecare onto my PC now. Does
this replace AV (I'm running Norton) or simply compliment? I'm concerned
about potential performance probs.

Again, many many thanks.

Ben.
 
You're welcome, Ben, but we have some unfinished business.

Repost:
I would strongly encourage you to post your HijackThis log in an appropriate
forum for review by an expert to make sure everything's OK. See #4 in my
previous reply.

You cannot and should not have both OneCare and the Norton application
installed. In fact, when you installed OneCare, you should have seen a
prompt telling you to uninstall the Norton application before proceeding.

=> If you have not purchased OneCare, uninstall it immediately.

=> If you've purchased or plan on purchasing OneCare before the 30-day free
trial expires:

1. Uninstall the Norton application (and LiveUpdate and any Norton Add-ons)
via Add/Remove Programs (WinXP) or via Installed Programs (Vista).

2. Download this removal tool, saving it to your desktop:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

3a. If WinXP: Double-click on the saved file to run the removal tool.

3b. If Vista: Right-click on the saved file & select "Run as Administrator"

4. Reboot <=IMPORTANT!!
 
Back
Top