Author Topic: explorer.exe  (Read 3216 times)

0 Members and 1 Guest are viewing this topic.

xivspartanvix

  • Guest
explorer.exe
« on: June 23, 2007, 08:37:29 AM »
Hello, I recently came across a few viruses, Win32:Ardamax-AG [tool], Win32:Ardamax-B [tool], and Win32:Trojan-gen. These viruses have been moved to the virus chest and have been given the following names, explorer.006, EXPLORER.007, explorer.exe . These viruses have infected the following files...

C:\WINDOWS\system32\Sys, C:\WINDOWS\SYSTEM32\SYS, and c:\windows\system32\sys

So I have a few questions regarding these malicious files...

Why are the same files being described in different forms i.e. (capital letters, lower case letters and etc...?)

I have read into some other forums and they said that if I had these files in the avast! Virus Chest (which I do), and i wanted to preform a reboot in Safe-Mode, that I would not be able to do so, is that correct?

Finally, what should I do with the files now that i have moved them to the virus chest?

Thank you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: explorer.exe
« Reply #1 on: June 23, 2007, 01:52:56 PM »
Why are the same files being described in different forms i.e. (capital letters, lower case letters and etc...?)
I see no special reason. Just to be fuzzy.

I have read into some other forums and they said that if I had these files in the avast! Virus Chest (which I do), and i wanted to preform a reboot in Safe-Mode, that I would not be able to do so, is that correct?
I never tested, but it will be good if you can post a link to the page you've read that.

Finally, what should I do with the files now that i have moved them to the virus chest?
The files "in Chest" are actually stored in a crypted form inside of the avast! installation directory. Leave them in the chest (they can't do any harm there) for a week or two so as to ensure that there are no harmful effects from them having been moved there (incorrect detection, etc.). This gives you time to investigate if at all possible (Google search, ask here, etc.) to confirm.
The best things in life are free.

xivspartanvix

  • Guest
Re: explorer.exe
« Reply #2 on: June 23, 2007, 08:29:29 PM »
Here are some of the sites that I have researched on these files...

www.spywaredata.com/spyware/malware/explorer.006.php

www.help2go.com/component/option,com_forum/Itemid,32/page,viewtopic/p,90578/

Both of these sites claim that explorer.006 and explorer.007 are keyloggers

http://www.liutilities.com/products/wintaskspro/processlibrary/explorer/ , and this site says under the NOTE: part of the review, that explorer.exe is a trojan which is used to access my computer from  remote locations, stealing passwords, and accessing personal data such as online banking information.