Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Crashes and Other Unusual Behavior


  • Please log in to reply
2 replies to this topic

#1 digitap

digitap

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 23 March 2010 - 03:35 PM

Hello - I've been wrestling with a workstation that has some unusual behavior regarding Internet Explorer. The issues are seen on version 6, 7 and 8. Some background, this workstation was infected by malicious software after visiting msn.com. Another one of our techs utilized malwarebytes to remove the infection. Afterward, the user experienced a strange issue particular to application crashes and one specific website. The Event Log information particular to the crashes are an application hang and application error. I have pasted the event log entries below.

Additionally, there is one particular website that creates two issues for this user. First, the page doesn't load properly after logging on. Second, they aren't able to download files from the website. After login to the website, they are taken to a blank page with the indication in the lower left that it's done loading the page. I can click the address bar and press Enter causing the page to load. If I navigate to download a file from the page, it appears to allow the download properly but will site at "Getting File Information" indefinitely. This behavior is exhibited no matter who is logged on whether a domain account or a local account. Even a new account exhibits this behavior. I can properly download the file from within Firefox on the same workstation.

Here is what I have done thus far.

- The original infection was cleaned with Malwarebytes.
- I have since ran Malwarebytes not finding any infection.
- The client has Sophos and full system scans have not turned up anything.
- Much to everyone's dismay, I have run Combofix which indicates there is rootkit activity and requests a reboot. I followed it's steps, but the report doesn't indicated anything has been removed. Subsequent launches of Combofix continue to indicate rootkit activity. Combofix was downloaded fresh yesterday from bleepingcomputer.com.
- I have performed a repair of the OS.
- I have reinstalled SP3 and fully patched all Microsoft products.
- Performed a memtest that did not find anything wrong with the RAM
- Chkdsk which came up clean.
- Installed the latest drivers and BIOS updates.

System specifics:

- Windows XP Pro SP3
- Office 2003
- IE8
- Firefox 3.6


Most say that I should reinstall the OS and I would like to do that. However, this user has an application that would take much longer to install and license than the initial troubleshooting that I've already done. I appreciate any direction in this matter.

First Error

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 3/23/2010
Time: 1:19:10 PM
User: N/A
Computer: workstation
Description:
Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x01e58264.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 69 65 78 ure iex
0018: 70 6c 6f 72 65 2e 65 78 plore.ex
0020: 65 20 38 2e 30 2e 36 30 e 8.0.60
0028: 30 31 2e 31 38 37 30 32 01.18702
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 30 31 ffset 01
0050: 65 35 38 32 36 34 0d 0a e58264..


Second Error:

Event Type: Error
Event Source: Application Hang
Event Category: (101)
Event ID: 1002
Date: 3/23/2010
Time: 1:19:54 PM
User: N/A
Computer: workstation
Description:
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 69 65 78 70 6c 6f iexplo
0018: 72 65 2e 65 78 65 20 38 re.exe 8
0020: 2e 30 2e 36 30 30 31 2e .0.6001.
0028: 31 38 37 30 32 20 69 6e 18702 in
0030: 20 68 75 6e 67 61 70 70 hungapp
0038: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0040: 20 61 74 20 6f 66 66 73 at offs
0048: 65 74 20 30 30 30 30 30 et 00000
0050: 30 30 30 000

Edited by digitap, 24 March 2010 - 06:24 AM.


BC AdBot (Login to Remove)

 


#2 digitap

digitap
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 23 March 2010 - 06:37 PM

Did I not follow protocol? I'm seeing topics posted within the hour already receiving advice.

#3 dingdong69

dingdong69

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:02 AM

Posted 26 March 2010 - 05:00 PM

I am having the same issue. We just started deploying Sophos antivirus and nac about a week ago. What other applications run on your bro's computer. The bros over here are dbas. The computer slows to a hault and IE hangs and we get the

Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users