2009-09-10, 06:23 | Link #1 |
Senior Member
Join Date: Dec 2005
Location: Singapore
|
Double instances of explorer.exe (vista)
I noticed that I have 2 instances of explorer.exe running when I took a look at my task manager.
explorer.exe 24,596K explorer.exe 22,160K My Computer > Folder Options > View > [ ] Launch Folder Windows in a separate process ...is already unselected by default, so that's not the problem. I have Norton 360 running at all times, and so far the only thing it has detected is Tracking Cookies, which I clean off regularly. A comprehensive scan found nothing as well. I have tried searching through google about this problem, but most of them point to the above. Any idea whether this is indeed a known trojan, or is there some other step I can take to prevent the second instance of explorer.exe from popping up again? This is a problem for me since it seems to slow down my PC quite a bit (most noticeable when I'm playing games). Any help would be appreciated. |
2009-09-10, 07:44 | Link #3 | |
Senior Member
Join Date: Dec 2005
Location: Singapore
|
Here's my hjackthis log:
Quote:
|
|
2009-09-11, 03:39 | Link #4 |
Senior Member
|
The following entry in that log has been classed as nasty by the hijackthis.de analyser (although you should check this out yourself through google just in case the information is incorrect)
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp |
2009-09-12, 08:45 | Link #5 |
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
Congratulations! Looks like you caught yourself a trojan.
I suspect it would be the same one I have got, maybe a new variant of the Alureon. Run a windows search, and the explorer.exe running under the system32 folder is the fake one. But don't remove it yet. Download and run GMER. Disable a process that goes along <randomname.sys> to buy yourself some time. You are still probably in the early stages of infection unlike me, so do some data salvage by burning your data onto multiple DVD-Rs (it is able to attack external HDs, even those without an OS). Secondly, wipe any thumbdrive, MP3, PSP or any storage you have recently transferred to your PC. Don't reinstall their OS yet, leave them be. Finally, do a format. And I mean a 100% wipe. When you are done, quickly download or install an antivirus, and test by shifting back ONE of the files. If it is infected, you have just lost all your data like me. If not, you are lucky. FOUND A SOLUTION (or at least for now). I ran Microsoft Malicious Software Removal Tool in safemode, deleted my temp files (X:\Documents and Settings\XUSER\Local Settings\Temp) using Simple File Shredder, restarted my PC and ran GMER again. It is gone. I will keep updated on this.
__________________
Last edited by SaintessHeart; 2009-09-12 at 10:32. |
2009-09-13, 01:22 | Link #6 | ||
Senior Member
Join Date: Dec 2005
Location: Singapore
|
Quote:
Quote:
I'm still open to any possibilities though. |
||
2009-09-13, 05:08 | Link #7 | |
NYAAAAHAAANNNNN~
Join Date: Nov 2007
Age: 35
|
Quote:
__________________
|
|
|
|