virus in explorer.exe?

[archonoffate]

ok I have a bit of a long story to get out of the way... I do regular scans on my computer with a few antiviruses spyware/ad ware applications... none of the programs I use detected any problems. (avast, malware bytes, spy-bot search and destroy, ad-aware, Microsoft security essentials) but I ran another program called hitman pro and it detected my explorer.exe to be infected but it didn't say what the infection is... it doesn't have much of a log but i can post what it said about it:



I am experiencing no effects at all on my machine it is operating fine with no slow downs or crashes... could this be a false positive?
well there is one effect my libraries folder opens up automatically at startup for some reason....

I just need some advice on how to deal with this threat if it is one.

oh and I have windows 7 64 bit installed if you need to know that....

thank you for any help

**update**

I did a scan with virus total web scanner and it lists: medium risk malware from prevx the company that made hitman pro.

Code: [Select]

Antivirus Version Last    Update   Result
AhnLab-V3 2011.04.18.00 2011.04.17 -
AntiVir        7.11.6.147 2011.04.18 -
Antiy-AVL 2.0.3.7        2011.04.17 -
Avast        4.8.1351.0 2011.04.17 -
Avast5        5.0.677.0 2011.04.17 -
AVG        10.0.0.1190 2011.04.17 -
BitDefender 7.2        2011.04.18 -
CAT-QuickHeal 11.00        2011.04.17 -
ClamAV        0.97.0.0 2011.04.18 -
Commtouch 5.2.11.5 2011.04.17 -
Comodo        8380        2011.04.18 -
DrWeb        5.0.2.03300 2011.04.18 -
eSafe        7.0.17.0 2011.04.17 -
eTrust-Vet 36.1.8274 2011.04.15 -
F-Prot        4.6.2.117 2011.04.17 -
F-Secure 9.0.16440.0 2011.04.18 -
Fortinet 4.2.257.0 2011.04.18 -
GData        22        2011.04.18 -
Ikarus        T3.1.1.103.0 2011.04.18 -
Jiangmin 13.0.900 2011.04.16 -
K7AntiVirus 9.96.4404 2011.04.16 -
Kaspersky 7.0.0.125 2011.04.18 -
McAfee        5.400.0.1158 2011.04.18 -
McAfee-GW-Edition 2010.1D 2011.04.17 -
Microsoft 1.6702        2011.04.17 -
NOD32        6050        2011.04.18 -
Norman        6.07.07        2011.04.17 -
Panda        10.0.3.5 2011.04.17 -
PCTools         7.0.3.5 2011.04.17 -
Prevx        3.0        2011.04.18 Medium Risk Malware
Rising        23.53.05.03 2011.04.16 -
Sophos        4.64.0        2011.04.17 -
SUPERAntiSpyware 4.40.0.1006 2011.04.16 -
Symantec 20101.3.2.89 2011.04.18 -
TheHacker 6.7.0.1.176 2011.04.17 -
TrendMicro 9.200.0.1012 2011.04.17 -
TrendMicro-HouseCall  9.200.0.1012 2011.04.18 -
VBA32        3.12.16.0     2011.04.15 -
VIPRE        9046      2011.04.18 -
ViRobot        2011.4.16.4414 2011.04.17 -
VirusBuster 13.6.309.0 2011.04.17 -


[Pondus]

I am experiencing no effects at all on my machine it is operating fine with no slow downs or crashes... could this be a false positive?

It may...you can upload the file to Avira and have it analysed   http://analysis.avira.com/samples/

(avast, malware bytes, spy-bot search and destroy, ad-aware, Microsoft security essentials)

so you are having 3 virus engines installed....avast. ad-aware with Ikarus AV engine and MSE....not smart
having multiple AV engines installed can create all kind of mysterious windows errors and FP detections

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638


and SpyBot is no good  http://forum.avast.com/index.php?topic=75288.0

[archonoffate]

(avast, malware bytes, spy-bot search and destroy, ad-aware, Microsoft security essentials)

so you are having 3 virus engines installed....avast. ad-aware with Ikarus AV engine and MSE....not smart
having multiple AV engines installed can create all kind of mysterious windows errors and FP detections

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

Oh.... I had no idea never encountered an issue so I thought it was fine... I'll have to fix this thanks

I submitted my file and I'll see what the results are thank you for your help

[Pondus]

stick with avast, malwarebytes and superantispyware, that is a great problem free trippel

[archonoffate]

ok i got super spyware and i like it I got rid of security essentials... I haven't gottem anyword back yet about my file analysis but ill post the results when I do...

also wouldn't spybot be good to keep even for the immunize feature? if not are there other preventative programs out there?

I also notice from your signature that you have malware bytes pro is that worth it or should i stick to the free version?

thank you

[Dieselman]

What is super spyware? A rogue? Spy bot is a thing of the past and MBAM free is all you need for on demand scanning once a week.

[Pondus]

also wouldn't spybot be good to keep even for the immunize feature? if not are there other preventative programs out there?

there have been some cases where teatimer is conflicting with avast

I also notice from your signature that you have malware bytes pro is that worth it or should i stick to the free version?

yes, i use the PRO version, it has a autoupdate and a protection module with process monitor that will see if malware try to install and also IP block that will block you from entering IP listed as bad
The price is a one time fee for a lifetime license

[Pondus]

What is super spyware? A rogue? Spy bot is a thing of the past and MBAM free is all you need for on demand scanning once a week.

He means SuperAntiSpyware....

[Dieselman]

I was being facious.

[Pondus]

I was being facious.

you mean  facetious....

[archonoffate]

The price is a one time fee for a lifetime license

Oh thats cool I thought it was a subscription >.>

and yes I meant super anti spyware

you all have been really quick to respond thank you

[Pondus]

click the green button  http://malwarebytes.org/   

[archonoffate]

ok I got it I plan on running a full scan with it after avast completes its... about explorer being infected I doubt it no other program detects it only prevx does and it doesn't list what type of infection it is so it may just fulfill the conditions all I can really do is wait for the report to be emailed to me from avira all I can do till then is speculate

[Dieselman]

Prevx has a high false positive rate.

[archonoffate]

ok I got my results back but there is a big problem.... um I cannot read any of it  T.T

Code: [Select]

Eine Auflistung der Dateien und Ergebnisse sind im folgenden aufgeführt:
Datei ID Dateiname Größe (Byte) Ergebnis
26106712 explorer.exe 2.28 MB DAMAGED FILE (UNKNOWN)

Genaue Ergebnisse für jede Datei finden sie im folgenden Abschnitt:
 Dateiname Ergebnis
 explorer.exe DAMAGED FILE (UNKNOWN)

Die Datei 'explorer.exe' wurde als 'DAMAGED FILE (UNKNOWN)' eingestuft. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Alternativ können Sie die Ergebnisse der Analyse hier einsehen:
http://analysis.avira.com/samples/details.php?uniqueid=V0LpZbnjDQMsRVyVE8Djxks7jcT3Dpz5&incidentid=722170

Zusätzlich finden Sie eine Übersicht aller Einsendungen hier:
http://analysis.avira.com/samples/details.php?uniqueid=V0LpZbnjDQMsRVyVE8Djxks7jcT3Dpz5
Hinweis: Bitte wenden Sie sich mit spezifischen Fragen an support@avira.de
Mit besten Grüßen
Avira Virenlabor

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Telefon: +49 (0) 7542-500 0
Telefax: +49 (0) 7542-525 10
Internet: http://www.avira.de

Geschäftsführer: Tjark Auerbach
Firmensitz: Tettnang
Handelsregister: Amtsgericht Ulm HRB 630992
---------------------------------------------
my original submission was in English and my submission email was too but the report for some reason is in German?
anyone able to translate?

**update**
it identifies my explorer file to be damaged but I'm running it fine so not sure where to go from here...