Internet Explorer, conTEXT editor and AMON

The following applies to a Win98 machine, but may apply to XP as well since it is related to MS Internet Explorer 6. I thought it might be of interest to others who have had slow downs, hangs etc. with unknown causes. Keeping an eye on AMON may point you in the right direction:

I recently noticed while playing audio files and simultaneosly browsing the internet using MS IE that the audio stuttered quite a bit as pages loaded. Some of the pages were really simple text, and I couldn't understand why it was putting such a load on my PC. The pages would begin to load or sometimes load completely, but in all cases the progress bar in IE would hang for a couple of seconds (as would the mouse pointer) before IE would report "Done". I let that go for a couple of days, but today I was browsing some HTML help files offline, and IE was still hanging up. These pages loading from my hard drive should have been instantaneous, but were as slow or slower than being online.

I checked several things including loading the pages with Mozilla and Firebird...no hang there. So, I opened IE Internet Options to see what settings might be screwed up, and then I noticed that the Programs Tab in Internet Options took a few seconds to open...hmmm (more on that later).

No changes in Internet Options helped, so I watched AMON scan as a page loaded in IE. A file called "context.exe" seemed to take too long to scan. I recognized "context.exe" as the executable for a syntax editor, conTEXT (nice app by the way...supports tons of languages including HTML...but why was it getting scanned by AMON?). Okay, so "context.exe" is getting scanned while MS IE is loading pages AND the Internet Options Tab (which happens to have an option to set a default HTML editor) is slow to open. I shut down AMON, tested IE and the Internet Options Program Tab and eveything was now back to normal (no hangs). So, putting two and two together with a little further investigation, here's what's happening:

Upon opening pages in MS IE, every HTML editor appearing on the drop-down list in the Internet Options Programs Tab is accessed (FindOpens, Reads, FindCloses, etc. are performed hundreds of times...confirmed with FileMon from SysInternals). I didn't even have conTEXT set as the default editor, yet it and 5 other editors which had registered themselves with the *.htm extension in the registry all were accessed and thus scanned by AMON. conTEXT just happened to be the only one that AMON had trouble scanning. Pretty strange behavior from IE (why access those files not even being used at the moment), but the hangs were being caused by AMON.

By the way the registry key where these entries are picked up for the HTML editor drop-down list in the Internet Options Program Tab is here:

HKEY_CLASSES_ROOT\.htm\OpenWithList\someeditor.exe

An entry appears for each editor that has registered itself in the registry. Most users will at least have notepad and / or Front Page. (Not all my editors registered here by the way ... Dreamweaver, Go Live, and several other dedicted HTML freeware apps didn't register).

The default value selected by the user from the drop-down is stored in a completely different location:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Default HTML Editor

The other items on the Programs Tab (Email Client, News Client, Contacts, etc.) were not accessed during IE page loads like the HTML editors were, so they don't pose a slow-down issue. If you care to modify the values anyway, the drop down lists and the default values are stored here:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\...

Several possible options exist as a remedy for the hang-up that occured. Among them:

1. Use an alternative browser (I like IE, Moz and Firebird for various reasons, so giving up IE was not an option for me);

2. Try excluding the offending file from AMON using the "Exclusions" short-name / long-name workaround; this would help the main problem and would allow the offending file to load faster when launched independently of IE, but it wouldn't address the fact that IE accesses a bunch of files for no good reason, whether AMON scans them fine or not. Disabling AMON any further for this issue would be overkill;

3. Trim all registry entries that create the drop-down listings, other than the default item (and maybe an alternate).

I chose Option 3. My preference would have been Option 2 and 3 combined, but Option 2 (Exclusions) didn't work.

Even if you don't have the AMON scanning issue described here because you don't have the particular HTML editor installed on your PC, it might be a good idea to check the drop-down list in Internet Options and if loaded up with entries, do Option 3, anyway. Your browsing experience will probably be a little bit faster and smoother. Back up the entries you delete, and you can merge them back later if you find a need.

 

Thanks, LowWaterMark.

Most of the time I hesitate to post these things because they seem too verbose.

I actually have a comparison of AMON and IMON functionality that I never posted because I thought it was too long. The effort was initiated after having read recent posts by a user who described problems with infected items getting left on his mail server:

("sober.c renamed" thread: http://www.wilderssecurity.com/showthread.php?t=18513

There were a couple of fairly interesting points, so maybe with your [unintentional] encouragement, I'll go ahead and post it. I'll have to take a look at it again because it really is long, and I'm not sure I have time to edit it down right now.

 

Hello NewNOD

We had not really noticed any particular slow-down using NOD32 but nevertheless we took a look at just what was in the HTML text editor settings. We found MS Word and Notepad. We then proceeded to unburden IE of Word and WOW! Internet performance using IE is noticeably faster! You may have stumbled upon a great developement for us with older computers. (PII-450)

We encourage anyone reading this to try it also and report here your results.

Thank you and best wishes

 

NewNOD
Also there must be at least one other entry in the Registry because upon reboot we had the same Word entry back in the programs list.

 

QSection wrote:

Hey, QSection.

Deleting this entire key related to the offending editor(s) did the trick for me, even after reboots and running the apps:

HKEY_CLASSES_ROOT\.htm\OpenWithList\someeditor.exe


Sounds like there might be an option in your version of Word that caused the setting to be in the registry in the first place and then keeps placing it in there everytime you boot or run the app (if it's found to be missing). If you can set it from within Word, you can probably "unset" it. Check to see if you don't have something like "Tools, options, general, web-options" in your version of Word. De-select anything that looks like it sets Word as the default editor.

Most other apps will still require a reg tweak.

 

QSection,

I just found this. It confirms that there is an option in (some versions of) Word:

http://support.microsoft.com/default.aspx?scid=kb;en-us;250815


See the Workaround section.


Added URL tags - Pieter

 

Yes your suggestion about the setting in Word was correct. We found it and changed it then re-booted, checked it and now it no longer appears!

Thank you for the great information. You really should register so you can get some karma points!

 

QSection wrote:

The "thank you" is more than enough.

 

Please post !!!

Ruben