New
#11
not 100% sure but my main 32bit system runs 1 explorer.exe and my secure 64bit machine always lists 2 (and it's verified clean)
not 100% sure but my main 32bit system runs 1 explorer.exe and my secure 64bit machine always lists 2 (and it's verified clean)
As far as the cleanliness of other duplicate explorer.exe is concerned, i uploaded it to virustotal and it came clean.
So, should i assume that it's normal for x64 windows to run 2 Explorer.exe simultaneously? And what about the string in the command line of another explorer.exe with the -embedding switch? What does that mean? And why it's pid changes with it's each instance?
This tells you how to remove it How to Remove a Switch From Windows Explorer | eHow.com
I don't know what the embedded is about, tho'
According to it, my explorer is already 'switch-less'.In the "Target" text box, delete everything after "explorer.exe." Using the previous example, the final command after deletion would look like this:
%SystemRoot%\explorer.exe
Click "OK" to apply the changes and close the "Properties" window
What they've said is correct. If you kill the 64 bit version (one with the /factory switch) and then run this command here:
%windir%\syswow64\explorer.exe /separate
You will see the same thing, the factory switch and the GUID. Doesn't appear to be a virus.
@Dranfu
Oh thanks. That cleared 75% of my confusion. Just few questions which are still concerning me..
1. What could have create a duplicate explorer.exe in c:\windows\installer folder?
2. When i already have one explorer.exe running, why does the another 64bit explorer kicks in for no reason?
Concerning the first point, explorer.exe should normally be located in C:\Windows\explorer.exe, your own screenshot confirms this. Therefore, whatever created explorer.exe in c:\windows\installer was likely not legitimate.
Concerning the second point, IDK. It may be a bug. See here: Has the implementation of the 32-bit Windows Explorer changed in the RC?