Fatal1ty
New member
Hey im wondering if someone can give some advice as I think I might have a virus. I read this on bull-guard forum (my antivirus software)
The explorer.exe is a process; however, it is also a Trojan. cexx.org has an excellent removal process at this link: Advertising Spyware: DLDER.EXE, Explorer.exe trojan (ClickTillUWin)
We've found multiple infections in a few machines over the years. It's known as the dlder.exe Trojan and it drops another "explorer.exe" file in a separate folder, normally in 'C:\Windows\explorer\Explorer.exe'.
Please note that you have a legitimate original "explorer.exe" in 'C:\Windows\explorer.exe'
It also drops a startup file in your registry so it will run silently at startup...normally in your Local Machine Registry: [HKLM\SOFTWARE\games\Clicktilluwin]. However; we have also found the Clicktilluwin entry in ‘HKCU’ over the past few months. That said, you should do a search find on your total registry for the phrase 'Clicktilluwin'. Go to the link above and follow cexx.org's manual removal, then search your regedit for the 'Clicktilluwin' reg-key and you should be fine.
Anytime that you have explorer.exe running over....say....25,000K to 30,000K in the task manager, it's usually indicative of infection.
Hope this helps.
Max
Please can anyone give me any info? I am currently using bullguard anti virus registered and MBAM Free version
The explorer.exe is a process; however, it is also a Trojan. cexx.org has an excellent removal process at this link: Advertising Spyware: DLDER.EXE, Explorer.exe trojan (ClickTillUWin)
We've found multiple infections in a few machines over the years. It's known as the dlder.exe Trojan and it drops another "explorer.exe" file in a separate folder, normally in 'C:\Windows\explorer\Explorer.exe'.
Please note that you have a legitimate original "explorer.exe" in 'C:\Windows\explorer.exe'
It also drops a startup file in your registry so it will run silently at startup...normally in your Local Machine Registry: [HKLM\SOFTWARE\games\Clicktilluwin]. However; we have also found the Clicktilluwin entry in ‘HKCU’ over the past few months. That said, you should do a search find on your total registry for the phrase 'Clicktilluwin'. Go to the link above and follow cexx.org's manual removal, then search your regedit for the 'Clicktilluwin' reg-key and you should be fine.
Anytime that you have explorer.exe running over....say....25,000K to 30,000K in the task manager, it's usually indicative of infection.
Hope this helps.
Max
Please can anyone give me any info? I am currently using bullguard anti virus registered and MBAM Free version
Attachments
My Computer
At a glance
64BitIntel core I7 2600k (Stock)16GB G-Skill ripjaws 1600MHzZotac gtx 560 amp edition
- Computer Manufacturer/Model Number
- Custom
- OS
- 64Bit
- CPU
- Intel core I7 2600k (Stock)
- Motherboard
- Asrock Fatal1ty z68 professional Gen3
- Memory
- 16GB G-Skill ripjaws 1600MHz
- Graphics Card(s)
- Zotac gtx 560 amp edition
- Sound Card
- Asrock cougar point high definition
- Monitor(s) Displays
- LG Flatron W2261VP
- Screen Resolution
- 1920X1080
- Hard Drives
- 1TB Samsung HD103UJ 7200RPM
500GB TOSHIBA
500GB WESTERN DIGITAL
- PSU
- OCZ ModXtreme 700w Pro Modular Bronze certified psu
- Case
- sharkoon T9 red
- Cooling
- CiT Vantage liquid cooling system
- Keyboard
- Microsoft sidewinder x6
- Mouse
- roccat kone
- Internet Speed
- 3mbps