Malwarebytes Anti-Exploit Protecting Internet Explorer when I dont use it.

[TitanArmadillo]

I've been running mbae for a long while now and about a month ago it started notifying me of what process it was protecting whenever I launched said process. "Google Chrome now protected" and such when I opened chrome. These notifications come in the form of a popup speech bubble from the system tray. This is all fine and dandy but today it out of the blue told me that it was protecting internet explorer. Now this surprised me since ive not used internet explorer for over a year and that was when I downloaded google chrome after a full os reinstall and format.

 

I checked the taskmanager and found iexplore.exe as a process which I terminated and started googling my problem. A few minutes later it once again notifyed me of protecting another instance of iexplore.exe and this time I didnt terminated the process but instead kept on researching and scanning with mbam. A few seconds later I checked back into the taskmanager and found that the iexplore.exe process was gone.

I then waited for mbam to finish scanning which it did with no results and now im here writing this. What should I do?

Nothing on my computer has changed since yesterday and this is the first time ive seen this.

The only odd thing is that the online game TERA on steam wouldnt launch today either but this was solved by simply verifying my game cache so I think that was just a coincidence. Ive had TERA installed since last friday and this was the first instance of the TERA bug.

Ive attached my mbae logs like instructed and I will respond to this thread with any updates on the problem.

Any advice greatly appreciated!

Malwarebytes Anti-Exploit.rar

[pbust]

Yes I can see in the logs the couple of instances where your Internet Explorer (iexplore.exe) was launched by svchost.exe.

 

This is probably some software or PC configuration that is launching your IE to perform some background task. It doesn't mean it is malicious, just that it is relying on IE to perform some task.

 

There's two things I can think of doing here to make this go away:

1- Disable the system tray balloon notifications

2- Disable the MBAE shield for Internet Explorer

 

Personally I would do (1) so that IE is still protected, just in case.

 

Also you could hunt down the application/task that is launching your IE in the background. It is probably some scheduled task or part of some application's update checks. If you're interested in investigating I suggest you start with Autoruns and ProcessMonitor.

 

PS: Moving this to the Questions sub-forum as it is not a product bug.

[TitanArmadillo]

Yes I can see in the logs the couple of instances where your Internet Explorer (iexplore.exe) was launched by svchost.exe.

 

This is probably some software or PC configuration that is launching your IE to perform some background task. It doesn't mean it is malicious, just that it is relying on IE to perform some task.

 

There's two things I can think of doing here to make this go away:

1- Disable the system tray balloon notifications

2- Disable the MBAE shield for Internet Explorer

 

Personally I would do (1) so that IE is still protected, just in case.

 

Also you could hunt down the application/task that is launching your IE in the background. It is probably some scheduled task or part of some application's update checks. If you're interested in investigating I suggest you start with Autoruns and ProcessMonitor.

 

PS: Moving this to the Questions sub-forum as it is not a product bug.

Thank you for the swift response. I have no problem with the notifications themselves since I like to stay aware of how my computer is doing, I will probably try to find out during what circumstances iexplore.exe is launched because im paranoid. If I were to try to investigate how exactly would I go about doing this?

[pbust]

Run Process Monitor and leave it running until the issue replicates itself.

 

Then once replicated, look in Process Monitor for the instances of iexplore.exe process and look at its command line and parent process. Or you can just simply save the Process Monitor capture and I can look at it as well.

[Crimsoncricket]

I'm having a similar issue, only I get that kind of notification about a minute after I've closed Internet Explorer.  It just started happening today and I'd really like to know what's going on.  I downloaded Process Monitor and Autoruns, but don't know what to look for since terms like "command line" and "parent process" are alien to me.  Could somebody please help me out?

[Crimsoncricket]

Okay, I figured it out.  I had forgotten turned on the "Delete browsing history on exit" option recently.  When I turned it off and tried recreating the situation, I stopped getting the IE notifications.  But I'd still love a good tutorial on Process Monitor and Autoruns for beginners if anyone knows where I can find any online.

[digmorcrusher]

http://www.howtogeek.com/school/sysinternals-pro/lesson2/

 

http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/

 

Try these to start Crimsoncricket

Edited May 15, 2016 by digmorcrusher

[AdvancedSetup]

If you really want to learn more about the tool there are many hours of presentation by the author of the tool. Way too much to just sit down and watch for most but if you really want to learn more I'd highly suggest watching and then running the tool and experimenting with it.

Mark's Webcasts - Case of the Unexplained
https://technet.microsoft.com/en-us/sysinternals/bb963887.aspx