Other > Viruses and worms

C:\windows\system32\explorer.exe may have a malware infection?

(1/6) > >>

REDACTED: Avast randomly popped up and told me: "Suspicious files have been detected (using a heuristic method). This may be a sign of malware infection." Short of deleting this and probably having to reinstall my OS what should I do? Also, when I scan this file, specifically, with avast, or the entire systems32 folder, no threat is ever found, it was only this once that Avast randomly told me it may have a malware infection? Is this something to be worried about.

iroc9555: Man you got a real long name. Please do not use your e-mail as nickname. BTW welcome to Avast! forums. A screenshot of the alert would be helpful. Also the name of the file that Avast! detected. Is the file popping up continuously or just that one time ? How is the comp. behaving ? Have you done a full scan with avast! ? Did it find anything ? Follow this guide: http://forum.avast.com/index.php?topic=53253.0  and attach ( Do not copy/paste ) logs for AdwCleaner, malwarebytes', OTL, and aswMBR.exe. An expert in the removal of malware will help you. Some time may pass before getting help due to time zone differences. Meanwhile do your scans and attach the logs.

andr0id: Explorer.exe? hhhmmm...try to copy that file into another computer with the same Operating System and version. that was the trick I've used. worst scenario, you have to format your computer. you must put into habit of Creating a restore point with windows. so that you have a backup plan when your computer crashes. most of the user here don't know how to use that special function of Windows.

iroc9555: --- Quote from: andr0id on February 06, 2013, 06:58:41 AM ---....worst scenario, you have to format your computer. --- End quote --- No need to format your OS AdoptablePeach, just attach the logs and let a specialist to look at them.

REDACTED: Ok so here is the initial log after downloading adwcleaner. C:\Users\Everett\AppData\Roaming\Mozilla\Firefox\Profiles\pvm8n7zl.default\user.js ... Deleted ! [OK] File is clean. File : C:\Users\Ethan\AppData\Roaming\Mozilla\Firefox\Profiles\jwetvlj6.default\prefs.js Deleted : user_pref("browser.search.defaulturl", "hxxp://search.gboxapp.com/?q="); Deleted : user_pref("browser.startup.homepage", "hxxp://search.gboxapp.com/"); Deleted : user_pref("extensions.4fa188d75bf14.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Deleted : user_pref("keyword.URL", "hxxp://search.gboxapp.com/?q="); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com"); -\\ Google Chrome v24.0.1312.57 File : C:\Users\Roy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.866] : homepage = "hxxp://home.sweetim.com/?crg=3.1010000.10004", Deleted [l.1352] : urls_to_restore_on_startup = [   "hxxp://home.sweetim.com/?crg=3.1010000.10004",   "hxxp://www.g[...] File : C:\Users\Everett\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Ethan\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.8] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT3201318", Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.gboxapp.com/" ] Deleted [l.42] : search_url = "hxxp://search.gboxapp.com/?q={searchTerms}", Deleted [l.43] : suggest_url = "hxxp://search.gboxapp.com/?q={searchTerms}" Deleted [l.1094] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT3201318", Deleted [l.1421] : urls_to_restore_on_startup = [ "hxxp://search.gboxapp.com/" ] ************************* AdwCleaner[S1].txt - [307 octets] - [05/02/2013 23:32:30] AdwCleaner[S2].txt - [19719 octets] - [06/02/2013 16:44:31] ########## EOF - C:\AdwCleaner[S2].txt - [19780 octets] ##########

Navigation

 Message Index

Next page

Go to full version