Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Second explorer.exe


  • Please log in to reply
20 replies to this topic

#1 Melonbutt

Melonbutt

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 05:47 PM

From google searches, it doesnt look harmful... but i have no idea how it got in my processes list becasue I'm pretty sure i didnt download it. When i try to end process/process tree it still comes back. help please?

BC AdBot (Login to Remove)

 


#2 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 06:21 PM

more info: It sits in the /Appdata/roaming file...
running on windows 7 ultimate

#3 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 February 2010 - 06:35 PM

Did your Avira antivirus find/fix any infections?

Have you ALWAYS had TWO instances of explorer.exe running, or is this a recent development?

Do you have Windows XP ? (Your original post didn't specify).
Does this 2nd instance of explorer.exe only run when you open My Documents, My Computer, etc ?

Check something:
Go to My Computer.
Click Tools, Folder Options, View tab.
Scroll down.
See if "Launch folder windows in a separate process" has a checkmark in it.

Try taking the checkmark OUT (click to take the checkmark out, hit Apply, close the window).

If there IS NOT A checkmark in "Launch folder windows in a separate process", or if taking the checkmark OUT does not resolve the issue of having two instances of explorer.exe running, scan using the following free programs:

SUPERAntiSpyware:
http://www.superantispyware.com

Malwarebytes` Anti-Malware:
http://www.malwarebytes.org/mbam.php
(Other posts on this site recommend renaming the file to zztoy.exe before saving it to your desktop)

Please reply back.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#4 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 06:38 PM

Thats the thing. it doesnt exsist on my computer.. only the process runs but i dont hav the actual avira antivirus installed/ prog files/ etc.
I run on a windows 7 ultimate
no i only had one explorer.exe running normally.
no this runs on startup
the option is UNCHECKED
and malwarebytes scan reveals nothing

#5 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 February 2010 - 06:40 PM

Windows 7.........
found this:
http://social.answers.microsoft.com/Forums...d1-5470b051d17e

http://www.sevenforums.com/performance-mai...plorer-exe.html
If we don't change the direction we are going,
We are likely to end up where we are headed.

#6 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 06:42 PM

Windows 7 has a description feature. one explorer.exe is described as "windows explorer"
the other is described as "Avira Anti Virus 9.1 Prenium Edition"
file location is c:/users/me/appdata/roaming/explorer

#7 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 February 2010 - 06:45 PM

Avira "process" is running, but you DON'T have Avira Antivirus installed?
Did you PREVIOUSLY have Avira, and uninstalled it?

What antivirus program are you using?



Process Explorer is a free program that WILL show the command lines for items running in Task Mngr.
Download Process Explorer from:
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
When you run Process Explorer, click View, Select Columns, and put a checkmark next to "Command Line".



Here's how to's for disabling a startup item in Windows 7: (Avira)
http://www.sevenforums.com/tutorials/1401-...ams-change.html

Edited by Sashacat, 15 February 2010 - 06:58 PM.

If we don't change the direction we are going,
We are likely to end up where we are headed.

#8 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 06:49 PM

cant download process explorer (website says: bad request)
no i NEVER had avira and/or heard of it until now
im using an expired norton :thumbsup:

#9 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 February 2010 - 06:51 PM

If you don't have an antivirus program, you need one.
AVG Free and Avast are both free antivirus programs.
Links here:
Freeware Replacements For Common Commercial Apps
http://www.bleepingcomputer.com/forums/topic3616.html
(I saw a comment from a Moderator on this site, that said they use Avast, so that means it is reputable. I use AVG Free.)

Free firewall programs are also listed there. (ZoneAlarm)
If we don't change the direction we are going,
We are likely to end up where we are headed.

#10 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 06:51 PM

alright i located the "fake explorer"
its named "HKCU"

#11 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 February 2010 - 06:52 PM

Process Explorer:
http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx
If we don't change the direction we are going,
We are likely to end up where we are headed.

#12 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 06:57 PM

alright i ran process explorer... and it also found the fake explorer.exe (which i attempt to turn off on startup but to no avail)
and it doesnt tell me anything i dont already know about it. i try ending it, it promptly returns

EDIT: its got a weird icon next to it...

Edited by Melonbutt, 15 February 2010 - 06:58 PM.


#13 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 07:04 PM

Posted Image

#14 Melonbutt

Melonbutt
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 15 February 2010 - 07:07 PM

Im guessing it is being used as an item to aid a DDoS

#15 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 15 February 2010 - 07:07 PM

Is your "expired" norton able to get the latest updates?
if no, get an antivirus program.....either AVG Free or Avast.
(Make sure you have all updates)
Scan.

Scan with SUPERAntiSpyware. (Make sure you have all updates)

a-squared Free 4.5:
http://www.emsisoft.com/en/software/free/

Run an online scan with Kapersky:
http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

You can also try running an ESET scan.
Please see detailed instructions (from Moderator boopme, Feb 9 2010, 02:36 PM
when I had an issue) here for how to run an ESET scan:
http://www.bleepingcomputer.com/forums/t/293472/hazikubudll-rundll32exe/

Side note, am out of cigs, making a quick trip to the store, be back in just a few minutes........

Edited by Sashacat, 15 February 2010 - 07:09 PM.

If we don't change the direction we are going,
We are likely to end up where we are headed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users