FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


explorer.exe





jwellsy
I have 10 different files named explorer.exe and one folder named explorer, I have read about various explorer.exe viruses, But, according to the pages I read those viruses are usually associated with files like ClickTillYouWin. I couldn't find any of those other weird files. Several of the explorer.exe files appear to be a part of windows update files. I've had problems with windows updates for the past several months.

I'm wondering, how many instances of explorer.exe should there be? I would appreciate it if others would search their drives for explorer.exe and see how many they have and where they are at.
Marcuzzo
normally there should only be 1 file "explorer.exe" and that one will be used to create several instances of it.
every explorer window will run as "explorer.exe" even the desktop is part of "explorer.exe"
this smells fishy if you ask me
jdelfire
there should only be one...
explorer.exe runs your taskbar....
try to end task explorer.exe to find out which one is the real explorer.exe
better yet try using processexplorer
http://jdelfire.frihost.net/procexp.exe
if your explorer.exe lits up pink then its a virus/spyware

like this screenshot
http://codinghorror.typepad.com/.a/6a0120a85dcdae970b0120a86d8eea970b-pi

you can find out what that file is about by right clicking on the file itself and click properties
you will see the path, command line, current directory, etc...
take note of the path... because you will need it to delete the file....
you can then click "kill process"
now go to the directory of the file and delete it... if you can... because there is a possiblity of a watchdog... basically a watchdog is a program that watches over one file... it will either write-protect the file or will regenerate it if you delete it... if you can't delete it...
restart the pc and boot to safemode... it will give a better fighting chance to delete...

this guide is not complete...
im just giving you an idea how to delete the infected file....
if you need further help just reply
jilbs
jdelfire wrote:
there should only be one...


i agree. i would run an anti spyware, malware if i were you.
explorer.exe is like the shell of the windows GUI. try closing all the explorer.exe and you you will lose your desktop icons, start and other.

try running the combofix program. you can download it from here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

this is like a hijackthis version. it detects the bad processes from your pc and there it removes them.
make sure you read the tutorial before you run the program.
FunDa
jdelfire wrote:
there should only be one...
explorer.exe runs your taskbar....
try to end task explorer.exe to find out which one is the real explorer.exe
better yet try using processexplorer
http://jdelfire.frihost.net/procexp.exe
if your explorer.exe lits up pink then its a virus/spyware

like this screenshot
http://codinghorror.typepad.com/.a/6a0120a85dcdae970b0120a86d8eea970b-pi

you can find out what that file is about by right clicking on the file itself and click properties
you will see the path, command line, current directory, etc...
take note of the path... because you will need it to delete the file....
you can then click "kill process"
now go to the directory of the file and delete it... if you can... because there is a possiblity of a watchdog... basically a watchdog is a program that watches over one file... it will either write-protect the file or will regenerate it if you delete it... if you can't delete it...
restart the pc and boot to safemode... it will give a better fighting chance to delete...

this guide is not complete...
im just giving you an idea how to delete the infected file....
if you need further help just reply



Good advice, but just want to point out that pink does not mean infected.
"pink" highlighting indicates the process was unpacked from a smaller file.


In Process Explorer, just take Options > Configure Highlighting from the menu.
By default, pink is packed images

Sometimes executable files are packed, for various reasons, such as reducing their size and obscuring the contents of the file (for both benign purposes such as protecting an executable from the simplest of reverse engineering attempts and malicious purposes such as changing the file so it evades signature detection by anti-malware apps). This isn't the same as archive packing (formats like zip, rar and so on). When a packed executable file is executed, the file is unpacked into memory. When Process Explorer speaks of packed images, this is what it means. It's good to know what is packed and what isn't, since malware is often packed to avoid signature detection, but not everything that's packed is malware. For example, many open source programs like Gaim and GIMP are also packed.

And non-open source, tiny software like uTorrent is also packed.
Related topics
Windows Tips&tricks!
Booting time
Desktop Screenshot
Windows Vista Official Thread
CVS Repository?
Show Desktop Problem (windows quiick launch toolbar)
start program before explorer
Explorer using 99% CPU time
explorer.exe
problem z services.exe
class not registerd in explorer.exe, a pain in the back
winsit.exe
explorer.exe consume 100% cpu
Explorer.exe
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.