Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Two explorer.exe, One taking all of my RAM's Memory

19 Dec 2014   #101
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Reboot?

Quote   Quote: Originally Posted by AfrimS View Post
@cpubus I tried to find the thing you told me and its not within the folder, here is whats in the folder for me - Screenshot by Lightshot -. As for the uvk scan you want me to do callender im doing it right now

EDIT
Iv done the scan here is the LOG https://www.dropbox.com/s/z2iiwr8osl...%2014.log?dl=0
UVK says it will delete the folder on the next reboot. Did you try that?

2014/12/19 18:19:24 Deleting requested files...

2014/12/19 18:19:26 Scheduled for removal on next reboot:
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}



My System SpecsSystem Spec
.
19 Dec 2014   #102
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
What is it?

My System SpecsSystem Spec
19 Dec 2014   #103
cpubus

Win 7 64 Home Prem
 
 

[QUOTE=AfrimS;2963985]@cpubus I tried to find the thing you told me and its not within the folder, here is whats in the folder for me - Screenshot by Lightshot -. As for the uvk scan you want me to do callender im doing it right now

Yes that "xrWCtmg2" file is the main cuplrit here but all those files in that folder are used by it. That whole folder needs to go but it should stop with at least that one file destroyed. Use the delete option in UVK since normal delete will not work. But first, if you could, (and this is optional) upload that "xrWCtmg2" file to Virustotal.com and link us to the results so we can see if this virus is classified by anything at all.
My System SpecsSystem Spec
.

19 Dec 2014   #104
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Prevention?

[QUOTE=cpubus;2963997]
Quote   Quote: Originally Posted by AfrimS View Post
@cpubus I tried to find the thing you told me and its not within the folder, here is whats in the folder for me - Screenshot by Lightshot -. As for the uvk scan you want me to do callender im doing it right now

Yes that "xrWCtmg2" file is the main cuplrit here but all those files in that folder are used by it. That whole folder needs to go but it should stop with at least that one file destroyed. Use the delete option in UVK since normal delete will not work. But first, if you could, (and this is optional) upload that "xrWCtmg2" file to Virustotal.com and link us to the results so we can see if this virus is classified by anything at all.
One other suggestion with a word of caution. This thing seems to evade detection by using digitally signed files but you can prevent it in future using Execute Prevent. The problem with that approach is that it can interfere with some legitimate programs like Geek Uninstaller that uses AppData to run it's executable from so would need to be added as an exclusion.

If you like you could test for a while using the following settings in UVK that will make the required changes. You'd need to keep UVK installed and add exclusions when needed.

Two explorer.exe, One taking all of my RAM's Memory-execute-prevent-uvk-ultra-virus-killer.jpg


My System SpecsSystem Spec
19 Dec 2014   #105
cpubus

Win 7 64 Home Prem
 
 

This thing was hiding pretty well, but they could have done more to prevent it from being removed. I've had adware fight me more lol. I'd like to know what in fact its purpose is. Well I'm signing off for the weekend, I expect to see more of these at work soon. We had what, 4 people infected visit this thread today including me?
My System SpecsSystem Spec
19 Dec 2014   #106
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Others affected

Well done and thank you for all your hard work. As far as I know there are at least a couple of other threads started by users with the same issue and a quick internet search shows a few users posting the same issue on other forums - all fairly recently. It would be interesting to know how it arrives on a user's machine.

My System SpecsSystem Spec
19 Dec 2014   #107
AfrimS

Windows 7 Home Premium 64bit
 
 

I can no longer access the folder that cpubus was talking about

EDIT: I didnt see the notification saying i had to reboot sadly but i just rebooted right now and it is no longer there anymore. What should I do next?

EDIT: Upon doing the Reboot the second explorer.exe has not come back yet. Im going to continue doing what I normally do for one day or so just to make sure it does not come back and if it doesnt I will mark the thread Solved!

Much thanks to everyone honestly this has been great and also a big bother to deal with.
My System SpecsSystem Spec
19 Dec 2014   #108
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Check to see if it's gone

Check to see if it's gone after a reboot. If it isn't state if you can open it. If you can't - right click and choose "properties and look at the folder size. There will be other ways to delete it if it still exists.

Edit: Just saw your last post. Glad it's sorted!
My System SpecsSystem Spec
19 Dec 2014   #109
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Clean up?

@ArimS

Do you need help with removing any software that you were asked to install or are you happy to keep it?
My System SpecsSystem Spec
19 Dec 2014   #110
AfrimS

Windows 7 Home Premium 64bit
 
 

Im happy to keep eveything other then Secunia. any specific way of uninstalling that one?
My System SpecsSystem Spec
Reply

 Two explorer.exe, One taking all of my RAM's Memory




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Two explorer.exe, one taking up to 3 gigs system memory
So the other thread was no help, so I started this one. When I start up my computer and after its loaded (in normal and clean boot) an explorer.exe shows up and starts rapidly ballooning up over the 2 million bits mark, making my computer really slow. I've cleaned with Comodo, Malwarebytes...
Performance & Maintenance
MsMpEng.exe taking up too much memory
MsMpEng.exe(windows defender) has taken up lots of my computer's ram and cpu usage and is making my computer really slow But when I try to open windows defender it says that windows defender has been disabled even though MsMpEng is running. Trying to turn on windows defender in order to disable it...
System Security
Internet explorer taking up a lot of memory, also disable screensaver
Does this happen to someone else also? I usually have about half dozen IE windows opened at anytime. I might start a few more and then close a couples. But eventually I notice one or two if the IE processes start to use up several hundred MB ram up to eventually 1GB ram. When one of the IE...
Browsers & Mail
Why is IE taking up so much memory?
I took a look at my TaskMan because my Core 0 was at 100%, and I just exited a flash game. I had 4 IE windows open, and a total of 4 tabs. One iexplore.exe was using over 400,000K. I clicked on the Applications tab, right clicked on each App, and selected Go To Process. None took me to the...
General Discussion
Svchost taking too much memory
my svhost process is taking too much Memory... making my computer lag..it havent happened any time before... http://www.pikipimp.com/pp/pimped_photo/s/image/52/806/368/Capture.PNG?ts=1264555978397:shock::shock::shock: please suggest a solution..
Performance & Maintenance
Graphics taking more memory
Hi, recently i brought a DELL Inspiron 15 laptop, which has 4GB RAM and integrated Graphics+Core i5 Processor.But when i check my system properties it shows Available Memory : 4GB (Usable 2.93GB). when i made some tests regarding the 1 GB missing RAM, i found that intergrated Graphics current...
Graphic Cards


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 00:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App