Solved

iexplore.exe and firefox.exe leak memory in RDP sessions on Windows Server 2003

Posted on 2011-03-09
14
3,049 Views
Last Modified: 2013-11-21
Server running Windows Server 2003 Standard, SP2, with Terminal Services installed in application mode. IE8 and Firefox installed. From the desktop of the server, IE8 and Firefox open and operate normally.
But if you open either IE8 or Firefox from inside a terminal services session, the pgm opens normally. IE8 opens 2 iexplore.exe processes. But if you watch the processes in task manager, the memory usage continues to climb, even though I am doing nothing within IE or Firefox.
So far, I have tried uninstalling and reinstalling IE8 and scanning with malwarebytes and with Vipre. Each has found 3-5 different infections and quarantined them, but the behavior continues. What I found interesting is that 2 different browsers exhibit the same behavior, but neither misbehaves when run on the server desktop. I have deleted a profile, then logged back in with the same account, allowed the system recreate the profile, but the problem persists.

Has anyone ever seen this before or can someone suggest a resolution?

Thanks.
0
Comment
Question by:ClydeB
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35090928
sounds like an issue with browser plug in. Try to disable all Add-on and see if the issue still exist
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35137604
Does anyone have a solution yet?

Disabled all browser plugins but the problem still exists.
Thanks!
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35142364
is the page that you open using Flash?

what processor and cpu are using on the server?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 5

Expert Comment

by:nazg82
ID: 35146563
It happens even on the about:blank page. Also when we start Internet Explorer without addons, it will consume memory. Same thing happens to firefox.

CPU is Intel Xeon quad core 2,2 Ghz.
0
 

Expert Comment

by:IC-Automatisering
ID: 35149083
I have the exact same problem, as a workaround i installed google chrome that does not have the problem. Did you come with a solution yet?
0
 

Author Comment

by:ClydeB
ID: 35161316
No solution yet. I appreciate all of the observations. We have opened an incident with Microsoft and have engaged the IE team on this. Still sending tons of dump files for their analysis.
What is really weird is why does it only occur in the TS sessions? And why with both IE and Firefox? On the desktop, IE works fine.
I will try Chrome.
0
 

Expert Comment

by:IC-Automatisering
ID: 35163146
I agree, i even tried a portable versions of firefox with the same effect. Our client (a small firm with only 7 users) has installed Google chrome for each seperate user. The use Chrome without any problems. Ofcourse this is a workaround so the client can resume normal operations.
The Windows 2003 EE SP2 terminal server is fully patched and both Eset Business Edititon and Malware byte detect no threads. Because it only occurs in a TS session and not on the console itself i do not think it is virus or malware.
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35205192

Anyone?
0
 

Expert Comment

by:IC-Automatisering
ID: 35366793
Did Microsoft found a cause of the problem in the dump files you send for analysis yet?
0
 

Author Comment

by:ClydeB
ID: 35366830
We have sent them dump files and they have turned us over to their Antivirus team. We have basically given up, and will be going in this weekend, wiping the server, reinstalling the OS, and reinstalling all applications.
0
 
LVL 5

Expert Comment

by:nazg82
ID: 35418095
Hi folks,

we are on to something! If it all works, i'll post te solution tonight!

0
 
LVL 5

Accepted Solution

by:
nazg82 earned 500 total points
ID: 35418485
Okay guys,

First we drink a vodka, then we apply the solution. :)

Open your task manager. Search for all the processes with the name rundll.exe and kill them all.
Now startup Internet Explorer. Is your memory leak gone? Yes? Then read on!

open command prompt on the terminal server and goto c:\windows\tasks.
type: dir<enter>
then type: dir *.* /ah<enter>
Do you see any difference? Yes? Great, read on.

In our situation there was a hidden file called emeigww.job. This job started the rundll.exe and was also causing the memory leak.
This file cannot be deleted by the DEL command. So download jt.zip from the microsoft FTP server.
Extract jt.exe to the local C: drive of the terminal server. type the following command: jt.exe /sd c:\windows\tasks\the_Hidden_jobfile
Reboot your terminal server.
0
 

Expert Comment

by:IC-Automatisering
ID: 35431702
Hi, i first applied the solution and tested it before the vodka.

In our situation we had a hidden file called ssjn.job. After i removed the job with jt.exe and rebooted the server the users are able to browse with IE again and no memory leak!.
Sad to see the users stop using Google Chrome, it saved us from reinstallling the server and gave us time to wait for a solution.
Just to be curious, how did you came up with this solution??

The bottle of vodka is now empty :-)
0
 

Author Closing Comment

by:ClydeB
ID: 35432185
You are THE MAN! We were headed to this site this weekend to wipe their server and do a complete re-install. Once again, you have proven the value of Peer Power!

Thank you !
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now