Graphics driver crashes iehighutil.exe (Malware)

Associate
Joined
27 Oct 2007
Posts
608
Had experience last week of this nasty bit of malware.

Graphics driver kept crashing and was almost at the stage of pulling the card and starting an RMA. I thought it was TDR issues (Timeout Detection & Recovery problem) which I had read about

Found out that it was actually malware that had been installed on my system after I had noticed iehighutil.exe running in task manager and then started Googling for info.

Seemingly it sets itself up and uses the installed graphics card to mine Bitcoins and crashes the graphics driver while doing so.

The AV I use never picked it up (MSE) and Malwarebytes also never picked it up on a scan.

So just a heads up for anyone having graphics driver crash issues at this time that this might be worth a look.
 
Associate
OP
Joined
27 Oct 2007
Posts
608
Stopped the process running, deleted the folders that it had created and deleted registry key.

Also stopped process from starting in MSCONFIG.

Seems to have done the trick.
 

Rab

Rab

Associate
Joined
21 Oct 2005
Posts
977
Location
Scotland
had this bug last week, read up & done the same as yourself.
also read on a few places, that most virus's, malware appz where just not picking this up.
thats bad :(
 
Associate
OP
Joined
27 Oct 2007
Posts
608
That was my thoughts exactly.

Cant believe it wasn't picked up during a scan.

I was about 10 mins from removing the graphics card and doing an RMA.
 

KIA

KIA

Man of Honour
Joined
14 Nov 2004
Posts
13,771
Anti-virus isn't able to detect unknown threats and it's incredibly easy to obfuscate new code.

Keep your system patched and use a little common sense.
 
Associate
Joined
7 Nov 2005
Posts
121
Location
California
had this bug last week, read up & done the same as yourself.
also read on a few places, that most virus's, malware appz where just not picking this up.
thats bad :(

I had the same issue and got ComboFix from bleepingcomputer.com (its free) and ran it in Safe mode, it detected and deleted iehighutil.exe and a bunch of other files & registry entries.

No problems since, the virus had my GTX 480 running at 95C just sitting idle at windows desktop.
 
Associate
Joined
16 Mar 2012
Posts
1,524
Location
Chelmsford,Essex,UK
I just found the same thing i thought it was a driver problem, i disabled it in start up and deleted C:temp but my GPU usage kept rising on desktop, so tried the ComboFix and alls fine now.
I may do a reinstall of W7 anyway but for now thanks.
 
Soldato
Joined
22 Jun 2012
Posts
3,732
Location
UK
Get a better anti virus than MSE as well.... MSE is not very good anymore.

I use Avast! free, comodo firewall and MBAM
 
Permabanned
Joined
18 Oct 2012
Posts
9,784
I got this months back when it first hit and was wondering what the hell was causing bad performance in games then checked task manager and my CPU usage was like 100% at all times, turns out this pesky little fella is a bitcoin farmer.
 
Man of Honour
Joined
13 Oct 2006
Posts
90,816
From looking around seems to install itself via a java exploit that was unpatched for quite awhile so quite hard to protect against unless your running say firefox with noscript and only enable it for trusted sites (or run without java at all)... however the sites known to try to infect users with it are for the most part.. well... decidedly dodgy, have to wonder what people were browsing to end up getting infected by it :D
 
Associate
Joined
16 Mar 2012
Posts
1,524
Location
Chelmsford,Essex,UK
From looking around seems to install itself via a java exploit that was unpatched for quite awhile so quite hard to protect against unless your running say firefox with noscript and only enable it for trusted sites (or run without java at all)... however the sites known to try to infect users with it are for the most part.. well... decidedly dodgy, have to wonder what people were browsing to end up getting infected by it :D

Your telling me Buxy blondes is a suspicous site?:)
 
Soldato
Joined
15 Nov 2009
Posts
2,524
Location
South east
From looking around seems to install itself via a java exploit that was unpatched for quite awhile so quite hard to protect against unless your running say firefox with noscript and only enable it for trusted sites (or run without java at all)... however the sites known to try to infect users with it are for the most part.. well... decidedly dodgy, have to wonder what people were browsing to end up getting infected by it :D

This, I do happen to use firefox and noscript ;) but damn what sites where you guys on, there must be some naughty stuff on there!:p
 
Back
Top Bottom