Overclockers UK Forums Click here for more details
Free Shipping for Loyal Forum Members - CLICK HERE

Go Back   Overclockers UK Forums > Software > Windows & Other Software

Reply
 
Thread Tools
Old 4th Mar 2013, 12:00   #1
scamartist
Hitman
 
Joined: Oct 2007
Posts: 510
Graphics driver crashes iehighutil.exe (Malware)

Had experience last week of this nasty bit of malware.

Graphics driver kept crashing and was almost at the stage of pulling the card and starting an RMA. I thought it was TDR issues (Timeout Detection & Recovery problem) which I had read about

Found out that it was actually malware that had been installed on my system after I had noticed iehighutil.exe running in task manager and then started Googling for info.

Seemingly it sets itself up and uses the installed graphics card to mine Bitcoins and crashes the graphics driver while doing so.

The AV I use never picked it up (MSE) and Malwarebytes also never picked it up on a scan.

So just a heads up for anyone having graphics driver crash issues at this time that this might be worth a look.

3770K @4.3Ghz - 16 Gig of Samsung Green memory
ASUS 680 GTX - ASUS P8Z77-V Deluxe
Antec Kuhler H20 920
scamartist is offline   View trust for Reply With Quote
Old 4th Mar 2013, 12:46   #2
Castiel
Capo Crimine
 
Castiel's Avatar
 
Joined: Jun 2010
Posts: 63,652
how did you get rid of it?
Castiel is offline   View trust for Reply With Quote
Old 4th Mar 2013, 12:55   #3
scamartist
Hitman
 
Joined: Oct 2007
Posts: 510
Stopped the process running, deleted the folders that it had created and deleted registry key.

Also stopped process from starting in MSCONFIG.

Seems to have done the trick.

3770K @4.3Ghz - 16 Gig of Samsung Green memory
ASUS 680 GTX - ASUS P8Z77-V Deluxe
Antec Kuhler H20 920
scamartist is offline   View trust for Reply With Quote
Old 4th Mar 2013, 14:36   #4
Rab
Hitman
 
Rab's Avatar
 
Joined: Oct 2005
Location: Scotland
Posts: 893
had this bug last week, read up & done the same as yourself.
also read on a few places, that most virus's, malware appz where just not picking this up.
thats bad

Intel 2600k-4.6/z77-UD5/
16Gb Corsair/G1 970
Custom Cooling/Seasonic 750W/HAF X/
/Iiyama Prolite 27. 144hz
Rab is offline   View trust for Reply With Quote
Old 4th Mar 2013, 16:25   #5
scamartist
Hitman
 
Joined: Oct 2007
Posts: 510
That was my thoughts exactly.

Cant believe it wasn't picked up during a scan.

I was about 10 mins from removing the graphics card and doing an RMA.

3770K @4.3Ghz - 16 Gig of Samsung Green memory
ASUS 680 GTX - ASUS P8Z77-V Deluxe
Antec Kuhler H20 920
scamartist is offline   View trust for Reply With Quote
Old 4th Mar 2013, 17:52   #6
KIA
Man of Honour
 
KIA's Avatar
 
Joined: Nov 2004
Posts: 12,572
Anti-virus isn't able to detect unknown threats and it's incredibly easy to obfuscate new code.

Keep your system patched and use a little common sense.
KIA is offline   View trust for Reply With Quote
Old 6th Mar 2013, 21:08   #7
mathesar
Gangster
 
Joined: Nov 2005
Location: California
Posts: 121
Quote:
Originally Posted by Rab View Post
had this bug last week, read up & done the same as yourself.
also read on a few places, that most virus's, malware appz where just not picking this up.
thats bad
I had the same issue and got ComboFix from bleepingcomputer.com (its free) and ran it in Safe mode, it detected and deleted iehighutil.exe and a bunch of other files & registry entries.

No problems since, the virus had my GTX 480 running at 95C just sitting idle at windows desktop.

i7 920 @ 3.36ghz / 12GB G.Skill Ripjaws DDR3 / EVGA GTX 480 / Corsair CMPSU-750TX PSU / X-Fi XtremeMusic / Logitech Z5500 /
Samsung 2333T & Samsung PX2370 LCDs / 3x Samsung 1TB F3 Spinpoint 7200rpm HDDs
mathesar is offline   View trust for Reply With Quote
Old 19th Mar 2013, 21:25   #8
borley
Wise Guy
 
borley's Avatar
 
Joined: Mar 2012
Location: Chelmsford,Essex,UK
Posts: 1,437
I just found the same thing i thought it was a driver problem, i disabled it in start up and deleted C:temp but my GPU usage kept rising on desktop, so tried the ComboFix and alls fine now.
I may do a reinstall of W7 anyway but for now thanks.

i7 3930k @ 4.4Ghz Cpu | MSI 290X Gaming Edition @ 1030/1250Gpu | GB X79-UD3 Mobo | Samsung 16GB 1600mhz Ram | M4 Crucial 256GB SSD | Samsung 1TB HDD | Samsung Blu-Ray/DVD Writer | Corsair MX850 PSU
borley is offline   View trust for Reply With Quote
Old 19th Mar 2013, 21:27   #9
borley
Wise Guy
 
borley's Avatar
 
Joined: Mar 2012
Location: Chelmsford,Essex,UK
Posts: 1,437
Quote:
Originally Posted by KIA View Post
Anti-virus isn't able to detect unknown threats and it's incredibly easy to obfuscate new code.

Keep your system patched and use a little common sense.
Easy for you to say im up to date and have not been on any dodgy sites

i7 3930k @ 4.4Ghz Cpu | MSI 290X Gaming Edition @ 1030/1250Gpu | GB X79-UD3 Mobo | Samsung 16GB 1600mhz Ram | M4 Crucial 256GB SSD | Samsung 1TB HDD | Samsung Blu-Ray/DVD Writer | Corsair MX850 PSU
borley is offline   View trust for Reply With Quote
Old 20th Mar 2013, 01:24   #10
NirK
Wise Guy
 
Joined: Jun 2012
Location: UK
Posts: 2,167
Get a better anti virus than MSE as well.... MSE is not very good anymore.

I use Avast! free, comodo firewall and MBAM
NirK is offline   View trust for Reply With Quote
Old 20th Mar 2013, 03:10   #11
Suarez7
PermaBanned
 
Suarez7's Avatar
 
Joined: Oct 2012
Posts: 9,791
I got this months back when it first hit and was wondering what the hell was causing bad performance in games then checked task manager and my CPU usage was like 100% at all times, turns out this pesky little fella is a bitcoin farmer.
Suarez7 is offline   View trust for Reply With Quote
Old 20th Mar 2013, 03:30   #12
Rroff
Caporegime
 
Rroff's Avatar
 
Joined: Oct 2006
Posts: 38,587
From looking around seems to install itself via a java exploit that was unpatched for quite awhile so quite hard to protect against unless your running say firefox with noscript and only enable it for trusted sites (or run without java at all)... however the sites known to try to infect users with it are for the most part.. well... decidedly dodgy, have to wonder what people were browsing to end up getting infected by it

Samsung 700G7C, i7 3610QM, 16GB DDR3, GTX 675M.
i7 4820K, GB X79-UD3, KHX Beast 16GB DDR3, Gigabyte GTX780 GHZ, Antec Kķhler 1250, 840 EVO 250GB, KHX 3K 240GB, Seasonic 860w Platinum.
Rroff is online now   View trust for Reply With Quote
Old 20th Mar 2013, 10:20   #13
borley
Wise Guy
 
borley's Avatar
 
Joined: Mar 2012
Location: Chelmsford,Essex,UK
Posts: 1,437
Quote:
Originally Posted by Rroff View Post
From looking around seems to install itself via a java exploit that was unpatched for quite awhile so quite hard to protect against unless your running say firefox with noscript and only enable it for trusted sites (or run without java at all)... however the sites known to try to infect users with it are for the most part.. well... decidedly dodgy, have to wonder what people were browsing to end up getting infected by it
Your telling me Buxy blondes is a suspicous site?

i7 3930k @ 4.4Ghz Cpu | MSI 290X Gaming Edition @ 1030/1250Gpu | GB X79-UD3 Mobo | Samsung 16GB 1600mhz Ram | M4 Crucial 256GB SSD | Samsung 1TB HDD | Samsung Blu-Ray/DVD Writer | Corsair MX850 PSU
borley is offline   View trust for Reply With Quote
Old 20th Mar 2013, 10:39   #14
bledd.
Underboss
 
bledd.'s Avatar
 
Joined: Oct 2002
Location: Parts Unknown
Posts: 43,052
If you must browse dodgy sites, do so in a Sandbox

bledd. is offline   View trust for Reply With Quote
Old 20th Mar 2013, 11:40   #15
KIA
Man of Honour
 
KIA's Avatar
 
Joined: Nov 2004
Posts: 12,572
Quote:
Originally Posted by borley View Post
Easy for you to say im up to date and have not been on any dodgy sites
You don't need to browse "dodgy" sites to get infected. This is a common misconception.
KIA is offline   View trust for Reply With Quote
Old 20th Mar 2013, 11:49   #16
bledd.
Underboss
 
bledd.'s Avatar
 
Joined: Oct 2002
Location: Parts Unknown
Posts: 43,052
No, but it certainly doesn't help matters!

bledd. is offline   View trust for Reply With Quote
Old 19th Oct 2013, 02:11   #17
murah
Wise Guy
 
murah's Avatar
 
Joined: Nov 2009
Location: East Sussex
Posts: 2,436
Quote:
Originally Posted by Rroff View Post
From looking around seems to install itself via a java exploit that was unpatched for quite awhile so quite hard to protect against unless your running say firefox with noscript and only enable it for trusted sites (or run without java at all)... however the sites known to try to infect users with it are for the most part.. well... decidedly dodgy, have to wonder what people were browsing to end up getting infected by it
This, I do happen to use firefox and noscript but damn what sites where you guys on, there must be some naughty stuff on there!

murah is offline   View trust for Reply With Quote
Old 28th Oct 2013, 16:31   #18
peggyschalk
Associate
 
peggyschalk's Avatar
 
Joined: Oct 2013
Posts: 22
yea or just use adblocker in firefox!



Stani Versace Klassť!
peggyschalk is offline   View trust for Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 22:33.


Powered by vBulletin®
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
© Overclockers UK (Ocuk Ltd)