1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Graphics driver crashes iehighutil.exe (Malware)

Discussion in 'Windows & Other Software' started by scamartist, Mar 4, 2013.

  1. scamartist

    Hitman

    Joined: Oct 27, 2007

    Posts: 538

    Had experience last week of this nasty bit of malware.

    Graphics driver kept crashing and was almost at the stage of pulling the card and starting an RMA. I thought it was TDR issues (Timeout Detection & Recovery problem) which I had read about

    Found out that it was actually malware that had been installed on my system after I had noticed iehighutil.exe running in task manager and then started Googling for info.

    Seemingly it sets itself up and uses the installed graphics card to mine Bitcoins and crashes the graphics driver while doing so.

    The AV I use never picked it up (MSE) and Malwarebytes also never picked it up on a scan.

    So just a heads up for anyone having graphics driver crash issues at this time that this might be worth a look.
     
  2. Castiel

    Capo Crimine

    Joined: Jun 26, 2010

    Posts: 63,652

    how did you get rid of it?
     
  3. scamartist

    Hitman

    Joined: Oct 27, 2007

    Posts: 538

    Stopped the process running, deleted the folders that it had created and deleted registry key.

    Also stopped process from starting in MSCONFIG.

    Seems to have done the trick.
     
  4. Rab

    Hitman

    Joined: Oct 21, 2005

    Posts: 895

    Location: Scotland

    had this bug last week, read up & done the same as yourself.
    also read on a few places, that most virus's, malware appz where just not picking this up.
    thats bad :(
     
  5. scamartist

    Hitman

    Joined: Oct 27, 2007

    Posts: 538

    That was my thoughts exactly.

    Cant believe it wasn't picked up during a scan.

    I was about 10 mins from removing the graphics card and doing an RMA.
     
  6. KIA

    Man of Honour

    Joined: Nov 14, 2004

    Posts: 13,299

    Anti-virus isn't able to detect unknown threats and it's incredibly easy to obfuscate new code.

    Keep your system patched and use a little common sense.
     
  7. mathesar

    Gangster

    Joined: Nov 7, 2005

    Posts: 121

    Location: California

    I had the same issue and got ComboFix from bleepingcomputer.com (its free) and ran it in Safe mode, it detected and deleted iehighutil.exe and a bunch of other files & registry entries.

    No problems since, the virus had my GTX 480 running at 95C just sitting idle at windows desktop.
     
  8. borley

    Wise Guy

    Joined: Mar 16, 2012

    Posts: 1,479

    Location: Chelmsford,Essex,UK

    I just found the same thing i thought it was a driver problem, i disabled it in start up and deleted C:temp but my GPU usage kept rising on desktop, so tried the ComboFix and alls fine now.
    I may do a reinstall of W7 anyway but for now thanks.
     
  9. borley

    Wise Guy

    Joined: Mar 16, 2012

    Posts: 1,479

    Location: Chelmsford,Essex,UK

    Easy for you to say im up to date and have not been on any dodgy sites;)
     
  10. NirK

    Mobster

    Joined: Jun 22, 2012

    Posts: 3,061

    Location: UK

    Get a better anti virus than MSE as well.... MSE is not very good anymore.

    I use Avast! free, comodo firewall and MBAM
     
  11. Suarez7

    PermaBanned

    Joined: Oct 18, 2012

    Posts: 9,790

    I got this months back when it first hit and was wondering what the hell was causing bad performance in games then checked task manager and my CPU usage was like 100% at all times, turns out this pesky little fella is a bitcoin farmer.
     
  12. Rroff

    Caporegime

    Joined: Oct 13, 2006

    Posts: 46,720

    From looking around seems to install itself via a java exploit that was unpatched for quite awhile so quite hard to protect against unless your running say firefox with noscript and only enable it for trusted sites (or run without java at all)... however the sites known to try to infect users with it are for the most part.. well... decidedly dodgy, have to wonder what people were browsing to end up getting infected by it :D
     
  13. borley

    Wise Guy

    Joined: Mar 16, 2012

    Posts: 1,479

    Location: Chelmsford,Essex,UK

    Your telling me Buxy blondes is a suspicous site?:)
     
  14. bledd

    Underboss

    Joined: Oct 21, 2002

    Posts: 44,533

    Location: Parts Unknown

    If you must browse dodgy sites, do so in a Sandbox
     
  15. KIA

    Man of Honour

    Joined: Nov 14, 2004

    Posts: 13,299

    You don't need to browse "dodgy" sites to get infected. This is a common misconception.
     
  16. bledd

    Underboss

    Joined: Oct 21, 2002

    Posts: 44,533

    Location: Parts Unknown

    No, but it certainly doesn't help matters!
     
  17. murah

    Wise Guy

    Joined: Nov 15, 2009

    Posts: 2,460

    Location: East Sussex

    This, I do happen to use firefox and noscript ;) but damn what sites where you guys on, there must be some naughty stuff on there!:p
     
  18. peggyschalk

    Associate

    Joined: Oct 28, 2013

    Posts: 22

    yea or just use adblocker in firefox!
     


Share This Page