Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe


  • Please log in to reply
9 replies to this topic

#1 buttoni

buttoni

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:04:11 PM

Posted 03 August 2005 - 07:20 PM

I have started checking my Task Manager regularly to try and spot malware/spyware running. In doing so, I have noticed that EXPLORER.EXE is in the process list running all the time. Is this normal? Odd thing is it does not appear on my startup list in MsConfig. Or do you think this is an indication of malware of some kind on my system? Is there one out there that masquerades under this executable name? Recent scans by Panda, Housecall, Spybot, Ewido, MSAS and Adaware and CA EZ Antivirus have found nothing on my system. I just don't know enough about Windows to know if this is normal or not.

I don't use Windows Explorer to find files. I always go to My Computer or the Start, Search feature to find files. Seems like that it is a resource hog I could get rid of unless this is what "drives" My Computer and Start,Search functions.

If it can be turned off without doing any harm to functionality of Windows, how do I go about it? And would I then still be able to still invoke it via Start, All Programs in the normal manner?

Edited by buttoni, 03 August 2005 - 07:39 PM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

BC AdBot (Login to Remove)

 


#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:04:11 PM

Posted 03 August 2005 - 07:31 PM

Go to > Start > Run > type in msconfig > Startup tab
And see what it says in there.



Bleeping Computer's Startup database listings for Explorer.exe
There are 3 pages.

http://www.bleepingcomputer.com/startups/s...filename-0.html

Edited by Scarlett, 03 August 2005 - 07:42 PM.

Posted Image

#3 buttoni

buttoni
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:04:11 PM

Posted 03 August 2005 - 07:42 PM

Sorry, I was editing my post as you were posting, apparently. It does NOT appear in my MsConfig startup list. Nor is it on my Spybot Startup List. Notice how many scans and checks I did yesterday (in my above edited post) to try and spot malware. None was found on my system!

Edited by buttoni, 03 August 2005 - 07:42 PM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:11 PM

Posted 03 August 2005 - 07:47 PM

explorer.exe is what runs your desktop.. icons, taskbar, etc. It is always running, and is supposed to be. However, it depends from where it is running. It is supposed to be running from your C:\windows folder. If it is in any location other than that, then it could be a problem. Since your scans have turned up nothing, I think it is farly safe to say that you are seeing normal activity.

#5 buttoni

buttoni
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:04:11 PM

Posted 03 August 2005 - 08:12 PM

I did a Search and found:

EXPLORER.EXE in C:\WINDOWS
EXPLORER.EXE-2121B1A.ph in C:\WINDOWS\Prefetch
explorer.exe in C:\WINDOWS\System32\DLLCACHE

I also noticed this week that Windows Explorer EXPLORER.EXE had "Allow Full Internet Access" status in my McAfee Firewall internet applications list. I certainly did not grant it full access! I just thought maybe the last changes with Microsoft Updates installed this way, as I had never seen it on my Internet Applications list before. When I discovered it, I switched it's status to "Block all Internet Access".

Another entry on my McAfee Firewall Internet Applications I don't remember ever seeing before is : Run a DLL as an APP.........RUNDLL32.EXE with "Allow Full Access" status. Again, I certainly didn'y grant it access.

Edited by buttoni, 03 August 2005 - 08:28 PM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#6 buttoni

buttoni
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:04:11 PM

Posted 03 August 2005 - 08:25 PM

And surely I would be seeing some unpleasant symptoms if I had a virus or the backdoor trojan named in your startup database (Troj/BeastDo-Y) for EXPLORER.EXE, wouldn't I? My system is behaving totally normally, not slow and no peculiar things going on with my programs, files, desktop or cursor.

Edited by buttoni, 03 August 2005 - 08:27 PM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:11 PM

Posted 03 August 2005 - 08:42 PM

Those are all fine. The dllcache is just for backup purposes, in case the one in your windows directory becomes corrupted. The other one is in your prefetch folder, which just helps it to load faster. Nothing irregular there.

As far as things being allowed access, by default, firewalls will allow certain things to run. My Agnitum does the same thing also. They do that to make it as convenient to the novice user as possible. Although right off hand I can't think of a good reason that explorere would need to access the Internet. I have never allowed it, and I can't tell that I have ever had any problems.

I think your system is fine. :thumbsup:

#8 buttoni

buttoni
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:04:11 PM

Posted 03 August 2005 - 10:12 PM

Thanks for the prompt help and reassurance about these two files, Groovicus. I was worried about the entries in McAFee FW even though they are not in my startup list.

I've already had McAfee FW block internet access to EXPLORER.EXE. Do you think I should also block internet access for RUNDLL32.DLL?

And as to my original concern and reason for this thread, is it normal (I have WinXP) for Explorer to be running all the time? It's ALWAYS showing as running on my task manager. Doesn't it open and close when you're done using it like other executables?

Edited by buttoni, 03 August 2005 - 10:23 PM.

HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:03:11 PM

Posted 03 August 2005 - 10:34 PM

It is what runs your desktop... if you want to see what happens, end it in your task manager... don't worry, once you reboot, everything will be back to normal. There are some programs that operate all the time....explorer is one of them.

If you really want to impress people, once you stop explorer.exe, you can restart it from the task manager. IF you closed the task manager, you can still use CTRL-ALT-DELETE to open it again. Once it is open, click on File>New Task> and then browse to explorer.exe in your Windows folder. Restart it, and your desktop will come back. (Providing you have your system set to show hidden files and folders)

As far as blocking things at the firewall, I block everything until something stops working properly. Of course, that means that you have to pay attention to what you are blocking, so you know what it is you need to unblock, should a problem occur.

#10 buttoni

buttoni
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:04:11 PM

Posted 04 August 2005 - 10:00 AM

Thanks for the advice, Groovicus. You can consider this inquiry "resolved".
HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users