# Internet Explorer needs to die in the face! Help me do it!



## ADF (Jun 4, 2007)

This little bastard is eating 13% of my ram and it won't go away! I don't even know why it is on my task manager, I never use it, yet every time I try to close the little bugger it re opens and gets back to its ram munching!

It is like it is taunting me, it is just sat there doing nothing but wasting ram. Why does it need 130mb ram anyway? What could it possibly be using it for when the program isn't even open?

The weird thing is it wasn't always there; explorer is needed for the operating system not iexplorer, yet one day it just popped up and ruined my proud 180mb ram usage on startup. At first I thought it was adware but neither avast or ad-aware is picking up anything, besides I haven't downloaded anything in a good while.

I need help with this, I'm a total optimisation freak, a waste of resources like this will eventually drive me insane.


----------



## moebius_wazlib (Jun 4, 2007)

That process is not Internet Explorer (lowercase iexplore); it is a virus. See http://www.jimmyr.com/blog/IEXPLORE_EXE_Virus_230_2006.php .


----------



## DuncanFox (Jun 5, 2007)

slider142 said:
			
		

> That process is not Internet Explorer (lowercase iexplore); it is a virus. See http://www.jimmyr.com/blog/IEXPLORE_EXE_Virus_230_2006.php .



Sorry, but both on my home machine and on my machine at work, the real, non-virus Internet Explorer is in all-caps.  And since managing the anti-virus software at work is one of my tasks, I'm pretty confident that we've not had a virus there in some time.  (Triply so, in fact, since I've been testing out three different AV products recently.)


----------



## net-cat (Jun 5, 2007)

DuncanFox said:
			
		

> Sorry, but both on my home machine and on my machine at work, the real, non-virus Internet Explorer is in all-caps.  And since managing the anti-virus software at work is one of my tasks, I'm pretty confident that we've not had a virus there in some time.  (Triply so, in fact, since I've been testing out three different AV products recently.)


I'm not going to say your lying about that, I've seen computers that do some very strange things. However, there are no fewer than eight computers in my house running various forms of XP and WS2003, and none of them have iexplore.exe in all caps.

Plus, I've seen several computers at work come in with with serious virus infections, and have an impossible-to-kill IEXPLORE.EXE task running, even in "Safe Mode with Command Prompt."

If you can't kill a process you can't identify, it's probably a virus or spyware.

ADF: What I had to do was an off-line virus scan. Basically, you hook up the computers hard drive to another computer, and do a virus scan from the other computers operating system. Then clear out these folders: 
WINDOWSTemp
Temp
Documents and Settings*Temp
Documents and Settings*Temporary Internet Files

DuncanFox:You might want to make sure that it's not a virus. Simplest way to do this is to boot into "Safe Mode with Command Prompt" and see if it's still there. There is absolutely no reason what so ever that explorer.exe or iexplore.exe should be running in "Safe Mode with Command Prompt".

Despite what the security companies will have you believe, you can't have absolute faith in your Anti-Virus or Anti-Spyware solutions to stop everything.


----------



## DavidN (Jun 5, 2007)

Try using HijackThis, too - it examines the processes that are running and tests to see if any are malicious.

www.hijackthis.de

(Although I'm the kind of person who thinks you should get rid of iexplore.exe whether or not it's a virus.)


----------



## ADF (Jun 5, 2007)

Well I tried the program and got some rather strange results.

Pic

Same program, two different opinions. The difference in the directory is just the dos names of referring to it, the description however refers to a directory that is not normal for windows â€œcrogrammeâ€.

Any opinions on this?


----------



## DavidN (Jun 5, 2007)

The first entry shows up as abnormal because it's originally a German site and a significant number of users will have had the process running in Crogramme rather than Program Files... the thing I'm not certain of is why it shows up twice in the list with what seems to be the same folder (one just DOS-ified, as you said).


----------



## ADF (Jun 5, 2007)

Just came back from safe mode, it wasn't there. *sigh* could this just be Microsoft being its typical intrusive [censored]? It wouldn't explain why it chose to only pop up recently though.


----------



## yak (Jun 5, 2007)

Use it, love it. Process Explorer

When you download and install it, make sure you go "View --> Select columns --> Process image --> Image path" and "View --> Select columns --> Process memory --> Working set size"


Another advice would be to download "Autoruns" and "TCPView"

PS
These tools obsoleted my anti-spyware and pretty much anti-virus software, since i preffer to remove things by hand now.


----------



## robomilk (Jun 5, 2007)

IE should die anyway. It's hell to design websites for. And Microsoft even admit to not bothering with browser standards due to "standards are constantly changing."


----------



## DuncanFox (Jun 5, 2007)

net-cat said:
			
		

> However, there are no fewer than eight computers in my house running various forms of XP and WS2003, and none of them have iexplore.exe in all caps.







I dunno what to tell you, man.Â Â Windows XP Pro SP2 installed from MSDN-supplied media, with a legit license and all the latest patches and updates, on my work desktop, home desktop, media PC, and laptop.Â Â It's definitely the real Internet Explorer (version 6.0.2900.2180.xpsp_sp2_gdr.070227-2254), and it's definitely all-caps.

Same on my Windows Server 2003 installation, again installed from original MSDN-supplied media with a legitimate key.Â Â This is IE version 6.0.3790.1830.Â Â Still all-caps.Â Â And this one's never had anything downloaded from the internet run on it, except MS updates via Automatic Updates.

And no, anti-virus products aren't infalliable, but I have _four different_ AV products that have no problem with this exe -- Avast, Kaspersky, Sophos, and Symantec.

Computers do some very strange things, indeed.


----------



## net-cat (Jun 5, 2007)

Well, I'm running IE7 on all of my computers. That might have something to do with it. I don't know. It's weird.


----------



## yak (Jun 6, 2007)

DuncanFox,
Windows is a case-insensitive OS. You can run iexplore.exe, IEXPLORE.EXE and even IeXpLoRe.eXe - and it will still work. The actual "name" depends on a way these programs are being launched. 
I still advise checking out the process more closely.


----------



## ADF (Jun 6, 2007)

After attacking it for a while with various programs it still won't die, yet during this time I have found nothing to indicate a virus or spyware is to blame.

I've got a system overhaul due next week so will probably have to format anyway, that will give it no where to hide! Muahahahaa! Erm...

There is always the chance it will pop up again, but for now this seems the best approach.


----------



## The Sonic God (Jun 8, 2007)

Well, you could always switch to a Mac and not have to worry about RAM-hungry programs. ^^


----------



## net-cat (Jun 9, 2007)

... because switching to another platform will magically make all your problems go away and anyone who says otherwise is just spreading FUD. :roll:

Me? Jaded? Nonsense.


----------



## darkdoomer (Jul 7, 2007)

www.firefox.com
www.opera.com


that's all i can say.


----------



## Rhainor (Jul 7, 2007)

darkdoomer said:
			
		

> www.firefox.com
> www.opera.com
> 
> 
> that's all i can say.



While I *do* recommend Firefox to anyone over IE, he's not complaining about *using* IE, he's complaining that IE won't shut down and stay shut down -- which would still be the case if he used another browser.

Oh, and BTW (off-topic)...your avatar just made my ABP list.


----------



## Rostam The Grey (Jul 8, 2007)

Find out the other process that is restarting it down and shut it down too. Probably the best place to look would be in your Run directory in the registry to see what's starting it at start up. Delete it there and restart your computer. Then look online to find out how to remove the virus.

Registry Edit: Start->Run... (Enter regedit and click OK.)

Run directory: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun

Make sure you back up the registry before making ANY changes.


----------



## Ron Overdrive (Jul 8, 2007)

http://www.emsisoft.com/en/

a^2 Free and a^2 HiJackFree. Some of the best anti-malware and system process tools I've seen so far.


----------



## yak (Jul 8, 2007)

Rostam The Grey said:
			
		

> Find out the other process that is restarting it down and shut it down too. Probably the best place to look would be in your Run directory in the registry to see what's starting it at start up. Delete it there and restart your computer. Then look online to find out how to remove the virus.
> 
> Registry Edit: Start->Run... (Enter regedit and click OK.)
> 
> ...


Or as an alternative and a lazy man's solution you could give Autoruns from SysInternals a try. Very convenient little tool, as pretty much all of their tools.


----------

