Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Explorer.exe Behavior


  • Please log in to reply
9 replies to this topic

#1 Dorjun Driver

Dorjun Driver

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Port Townsend, WA
  • Local time:01:20 AM

Posted 19 December 2007 - 05:40 PM

Recently, after having vanquished Worm.win32.netsky, explorere.exe has become a resource hog. An example:

When opening a folder and/or subdirectory, the desktop is cleared of all icons, explorer.exe jumps to 100% CPU usage, and PF usage climbs from about 325mb to 550mb, and Iím unable to continue working. This condition last anywhere from 45 seconds to several minutes. Then the icons are restored, control is relinquished back to me, and Iím able to continue working.

Some or all of the above symptoms happen while trying to open new emails using Outlook, saving files from application, opening existing files &c, &c, &c.

Most of the symptoms go away if I disable explorer.exe and run applications from Task Manager.

One irksome problem with or without explorer.exe running is a tendency for the system to reboot. All by itself.

Iíve followed ďBefore You Post About a ProblemĒ best practices.

Any clues?

Thanks,

Doug Rathbun

BC AdBot (Login to Remove)

 


#2 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:04:20 AM

Posted 19 December 2007 - 05:54 PM

Saw your postings and advice given removing your Worm infection but I wasn't satisfied that all the infection on your computer was taken care of, which is why you still have problems.
I would post a HiJackThis log in the HijackThis Logs and Malware Removal forum to make sure your computer is clean.
X

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:20 PM

Posted 20 December 2007 - 04:46 AM

Try using Process Explorer to see what is using explorer.exe when this problem occurs. In Process Explorer right-click on explorer.exe, select properties and then click the Threads tab. See if you can identify the filename for the thread that is using +100% CPU.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:20 AM

Posted 20 December 2007 - 09:26 AM

Is this explorer.exe or explorere.exe. If it's the latter, this is an indicator for the YAHA.AB worm ( http://www.bleepingcomputer.com/startups/E...E.EXE-3142.html )

If is the infection - then here's the links for the Am I Infected forum ( http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ ) and the HiJackThis forum ( http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ ) Please read the topics pinned to the top of these forums before posting there.

If it's not the infection, the Process Explorer (as Budapest has mentioned) will be the best way to see what's hogging explorer.exe
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Dorjun Driver

Dorjun Driver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Port Townsend, WA
  • Local time:01:20 AM

Posted 20 December 2007 - 12:30 PM

Budapest: Process Explorer is a spiffy app, but what the heck! It locks up when explorer.exe goes ballistic. It does show SHLWAPI.dll!Ordinal505+0x37a using most of the cycles, butÖ

usasma: itís explorer.exe.

I want my PDP-11 back!

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:20 AM

Posted 20 December 2007 - 01:57 PM

Many years ago I plated the mainboards for the PDP-11 when I worked at the DEC factory in Maynard, MA. I had a blast there!

Anywhoooo....since there's some concern about viruses here, I'd suggest a few, free online scans to ensure that your system is clean. If it's not clean and we try to fix it, it's likely not to work (or may even make things worse!) :thumbsup:
http://safety.live.com (requires IE)
http://housecall.trendmicro.com
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 Dorjun Driver

Dorjun Driver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Port Townsend, WA
  • Local time:01:20 AM

Posted 20 December 2007 - 03:28 PM

Ah, the good old days. We at BBN used to sneak PDP-8 and PDP-10 backplÖ Oops. I guess Iíll have to kill you. :thumbsup:

But before I do, Iíll try out your recommendations.

#8 Dorjun Driver

Dorjun Driver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Port Townsend, WA
  • Local time:01:20 AM

Posted 20 December 2007 - 03:45 PM

Hmm. I get the following: Attached File  housecall.jpg   46.89KB   14 downloads

and IE won't start. And I just got bit by the explorer.exe gouge again.

#9 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:20 AM

Posted 20 December 2007 - 04:09 PM

I really do suspect a virus here - but you can continue to try the online scans. Here's a link to a google for them: http://www.google.com/search?q=online+viru...lient=firefox-a
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#10 Dorjun Driver

Dorjun Driver
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Location:Port Townsend, WA
  • Local time:01:20 AM

Posted 21 December 2007 - 12:05 AM

Iíve used Trend Micro HouseCall and it came up clean. But hey, IE is now working. For whatever the heck that's worth.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users