Tiny MSIE window opens at boot, containing spam advert.

Seems like a simple one, or should be, but it's baffled the hell out of me so far!
I have windows 98 SE will all latest updates patches.
Things I've done to try to stop this happening:

1) Checked system start-up for erroneous application launch. Can't find one, but something somewhere is launching this IE window!
2) updated & run DAILY full spybot cleanup.
3) Added entries in Internet Options under Security and Privacy to block
(I know it's the above sites, as I've found them by right clicking the unwanted window and looking at properties)
4) Updated c:\windows\hosts file with all the above, pluss all the latest spyware entires

None of these measures have any effect.
The window doesn't appear every boot, just occasionaly, and it appears just as all the desired start-up programs have finished loading.

I now have a sneaky feeling it has to be launched by one of my 'known' programs.
I have McAfee VirusScan Home Edition, and I'm wondering if they have some contract with an advertiser somewhere?

Any help with this would be gratefully received, as I really do not want this blatant spamming/unsolicited advertising.



Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Maybe try Adaware:

DaveEEAuthor Commented:
Spybot does absolutely everything Adaware does, but in addition offers a lot more control over spam and syware and system tuning & options.
I used to use Adaware until they stopped updating their definition files, then I switched to Spybot. I understand Adaware are now updating their files again, but Spybot is still a superior option.

So that's not the answer.

I'm wondering if anyone else has even seen this problem before?

There must be some code somewhere which is initiating the internet explorer program and pointing it to this spam / advertising site. It's not like I'm starting IE myself. Something else is starting it without my consent.

- try double click to expand

- have UI default to not reopening the same windows upon reboot (make it forget)

- use task manager to kill it (and maybe see what it is)

- this can be simply a windows_internal bug, used to happen to me a lot before upgrades

- try right click on its tab in taskbar and any resize options that are there.

- prior to shutdown, open an IE window, size it to 1/2 screen, then close it. Open IE again and see if it remembers.

- try looking for EventLog, or install firewall that blocks outgoing packets such as ZoneAlarm. ZA will tell you who is trying to get packets out if you configure to block them until they get your permission
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

try task manager, or command: tasklist
DaveEEAuthor Commented:
SunBow - try double click to expand
Dave - Don't understand how this could help anything? It's a Microsoft Internet Explorer Window. I know what it is, I know the URL it is pointed at? What I need to know is HOW it is being started and by who/what?

SunBow - have UI default to not reopening the same windows upon reboot (make it forget)
Dave - Wouldn't know how to do that? and like I say it DOESN'T happen every boot. IT IS INTERMITTENT. It's not related to anything that's happening when the PC shuts down.
I can shut down every thing one by one and the last IE window might be my full size normal home page, but then I can re-boot and there is the tiny advert.

SunBow - use task manager to kill it (and maybe see what it is)
Dave - It's not a problem of killing it! and I KNOW WHAT IT IS! (an internet explorer window) Alt+F4 will kill an internet explorer window. I can kill it, what I can't do IS STOP IT FROM BEING STARTED WHEN I BOOT!

SunBow - this can be simply a windows_internal bug, used to happen to me a lot before upgrades
Dave - Like I said I have every official windows update & security patch installed. My OS does not need any upgrades. This most probably IS a bug, but not a Microsoft one. It's been very deliberately planted to intermittently run when I boot my PC.

SunBow - try right click on its tab in taskbar and any resize options that are there.
Dave - ???? What is all this about resizing? Sorry I must have explained very badly.
I don't have a problem with it's shape! I have a problem with it's EXISTENCE.
I don't want it to happen at all. It's not that I don't like the color or shape of it!

SunBow - prior to shutdown, open an IE window, size it to 1/2 screen, then close it. Open IE again and see if it remembers.

SunBow - try looking for EventLog, or install firewall that blocks outgoing packets such as ZoneAlarm. ZA will tell you who is trying to get packets out if you configure to block them until they get your permission
Dave - I have a cable modem, which is a far better firewall than any software program.
I'm sure there is no problem with 'people trying to get packets out' of my machine!
The problem I have is that INTERMITTENTLY when I boot my PC and instance of a perfectly acceptable program called Microsoft Internet Explorer, (IEXPLORE.EXE) is being started, and told to look at a web page.
I want to STOP this from happening, but I can't find out how it is happening, or where it is being started from.


SunBow: try task manager, or command: tasklist

Dave - When/Why/Where/To do what?
I can quite happily look at the list of processes running and see an instance of IEXPLORE.EXE
I can quite happily resize it, change it's appearance, delete it, find the IP address and URL of the page it is pointing at. I can quite easily kill it.
What I can't do is find out what is starting it, and so STOP it from being started.

DaveEEAuthor Commented:
Ooops... just realised I said:
"I have a cable modem, which is a far better firewall than any software program."
What I meant to say was:
"I have a cable router (between broadband cable modem within my TV set-top box and my PC),which is a far better firewall than any software program."

DaveEEAuthor Commented:
OK, if nobody here has any ideas, does anyone know where else in Experts Exchange I might try posting the problem?

Tonight I re-booted and this time I got a bigger IE window with web page:
in it. I am really getting incredibly frustrated with this problem now.

Before I deleted the window I got a complete process list of what was runing.
The list has Unix style Process ID's (PID) and Prent Process ID's (PPID)....
I could see the process 'IEXPLORE.EXE' and I could also see by it's PID that it was started early during the boot-up process, I could also see that it's PPID was no longer running, so whatever process starts this IEXPLORE.EXE running, terminates once it has done so, and it does it quite early in the boot sequence, that is assuming the PID's increment as they are created.

I'm upping the points for this problem. I REALLY AM DESPERATE FOR AN ANSWER FOLKS.


DaveEEAuthor Commented:
More info from the task list....

I don't think the PID's are in any relevant incremental order, so I don't know when the IEXPLORE.EXE is started, but what I can say for sure is that of all the 25 programs running at that time, only 2 processes have no existing Parent Process.
Which you would expect with it being the main OS Kernel
The other is this damned rogue IEXPLORE.EXE

Every other process *without exception* has a parent process ID which you can trace to see where what it was started by.
y don’t u run msconfig to find out what programs r running at startup . try disabling unknown programs . If u get these messages while u r working , then probably u r getting IP /net send spam messages which can be disabled in 98 by using 3rd party utils.  Since u get it on startup i don’t think it is IP spam .Do u get it when u start your computer in safe mode ??
 Try spysubtract  http://www.intermute.com/spysubtract/
 It is a trial ver , but it works fully . But I feel You can remove it by using msconfig .
DaveEEAuthor Commented:
Hi anupnellip.
Yes, checking what is loading at startup (using msconfig) was actually the very first thing I did.
I'm always very careful about programs that sneak into my start-up list without me putting them there, like Quick TIme player & Real player.

So the first thing I did was to check what is in that list.

You said:
"Since u get it on startup i don’t think it is IP spam ."

Not sure of your definition of SPAM, but mine is "unsolicited and unwanted advertising" which this most definitly is.

OK it's not email spam, but it IS spam nevertheless.

The idea of going through the startup list and removing programs one by one is a good one, even though I know EVERY item there, and I know that the items there now have all been there for a long time and not caused this problem before, ***BUT*** and I think people are fogetting this fact, the problem doesn't happen EVERY time I boot.
I might boot 6 times & the PC boots perfectly normally, then the 7th I get the internet window pointing to a web page where someone is trying to sell me something.
I think it has only once ever happened two boots in a row.

So because it is INTERMITTENT I wouldn't know when I remove a program from the startup list if I've cured the problem or not until I'd done probably 10 or so complete re-boots for every single change I make.

That would take forever, and I'd still not be 100% sure I'd solved the problem or which program it was that was causing the problem.

I'm not sure if this spysubtract is going to do anything different to spybot which I already have and already removes all known spyware, but I'll give it a try.



DaveEEAuthor Commented:
Hi again anupnellip.
Yeah, just looked at the specifications of 'spysubtract', and there is nothing it does that isn't already done by spybot which I already have and use to it's full extent.

This is an interesting site:

ok Dave
- so it is not a startup program !
- It is not IP spam as u get it only on startup ( IP spam are messages send to you through the internet using your IP address , not through e-mails . I dont think a spammer knows when you r rebooting your m/c )
- It is not a Spyware as u have already got a good anti-spyware & pop-up blocker( I presume it is good )and you dont want to try anythig new.
- I am also sure you have the latest anti-virus update and your m/c is not infected .
- You have the latest IE patch .
- you do regular cleanup of cookies and cache
 Well that brings us to the end of the road as far as I am concerned . i would love to know how you solved this problem .

all the best

DaveEEAuthor Commented:
Weird isn't it!
Actually I still think it most likely could still be start up program....
I guess what I was hoping to find out here is a better and foolproof way of determining the exact process which initiates the IEPLORE.EXE during boot other than trial and error (because of the intermittent factor) with removing start-up programs.

Seems there isn't one....

Does anyone know how I get my system to create a detailed bootlog EVERY time I boot?
And would this bootlog show me exactly which process is doing what on boot up?

I managed to create a bootlog.txt by starting the system 'manually' and answering 'Y' to every single start up procedure, this took ages, and did create a log, but on this particular boot, the problem didn't happen!

What I need is a log that is created on a normal boot.

As soon as I see the rogue internet explorer window, then I could interrogate the log to see what started it.

Anyone know if this is possible?

BTW anupnellip, your other assumptions were/are correct about virus protection and latest patches etc.

I am pretty well informed about general PC protection and basic usage and maintenance and I only come here to experts exchange when I've exhausted all the obvious routes open to me.

It's not that "I don't want to try anything new" I just know that the particular product you mentioned does the same things as a product I already use.

My machine is almost as busy when I'm asleep as during the day when I'm using it, as I run all sorts of housekeeping processes every night, including a complete virus scan of every single file on my PC's, plus a complete scan for all spyware, plus removal of unnecessary temporary internet files, cookies, cache etc.

I think my next line of attack will be to see which of the programs I run at startup have been upgraded or updated recently, as I'm fairly certain the ones I'm starting now are ones I've started for a long long time and haven't caused the problem before, but I also am convinced something in the startup is responsible for this rogue IEXPLORE.EXE

I will let you know if/when I find the solution!



I dont have a solution to your problem, it's really weird.
But to create the bootlog, I dont know how you did it, but it's created automatically by windows at startup, it doesnt need hours.
Restart Windows. Press the Ctrl key as your computer starts up, holding it until the Boot Menu appears and choose option 2, to create a boot log. So the next time you restart you will have a bootlog.txt in C:

You can try this freeware util, Bootlog analyser: http://www.vision4.dial.pipex.com/   I've never used it, but it should work fine for what you do, maybe it's better than the bootlog.txt option.

For what you say about the pop up window, I think you will find a line such as: "iexplore http://....." , but the real problem I think it's likely to exist a .com or .exe (or some other executable extension) small program that randomly decides every startup whether to annoy you or not and to which page to connect everytime, so if you can find in the log file the line that calls to "iexplore", the "virus/trojan/..." should be executed right before that or a few lines before.

Good luck!
I had this exact problem, and determined it was Netturbo causding it. I uninstalled it and solved the problem.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DaveEEAuthor Commented:
Hi, Yes Sorry, I should have come back here and closed this problem as I did eventually discover it was netturbo. It didn't help that when I contacted them & directly asked them, they lies and said it definitley wasn't their software.
Now I know it IS, and I'm actually quite infuriated that there doesn't seem to be any course of action I can take against them.
None of the advertising for the netturbo product mentions that when it boots it will start internet explorer windows with unsolicited content.
This is blatant spamming, and should be illegal, or at least there should be an optional switch to turn it off.

The other thing that pisses me off is that netturbo is a pretty good program, and it does improve my network throughput/speed. I paid good money for it, and I don't expect to but spamming.

Anyway I'll award half the points to anupnellip (who put in a lot of effort and was onto the answer too) and scnrfrq (who hit the nail on the head)


thanks DaveEE :-)
Yes, thank you DavEE!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.