New
#71
Here's a little more info from the task manager. The last page shows an error message that calls out explorer.exe from Malwarebytes.
Here's a little more info from the task manager. The last page shows an error message that calls out explorer.exe from Malwarebytes.
Seems like MBAM is doing it's job but you might want to gt advice on running additional Malware/ Adware scans and removal tools in the System Security section as the experts there will provide better advice than I can.
https://www.virustotal.com/en/ip-add...4/information/
In the meantime I'll look at your UVK log.
I've only had time to have a quick look but I see certain similarities between your log and Afrim's log.
Most notably - Avast leftovers are showing up.
You seem to have both AVG and Panda Security at the same time! Is that Panda Cloud or something else?
There are some right click context menu issues.
You have a very outdated version of flash player.
Spybot Search & Destroy is currently a known troublemaker.
You both have WinRar installed but I don't think that's the problem.
You both have a lot of flash cookies.
I do have AVG and Panda (cloud) running. Search & Destroy and WinRar have been uninstalled. I installed, ran and removed close to 2 dozen AV / anti-malware programs trying to resolve this issue.
I thought I had removed all the flash players. I get annoyed at all the unwanted video playing as ads and at news sites. I don't want video inflicted on me if I don't request it. Sites seem to consider video (nowadays) as 'content', I consider it a pestilence. I'm a data kind of guy, not a vidiot. :^)
Cookies and temp files are an issue on my machine. In many areas, these files are undeletable. Most often the message that appears states that they are in use by explorer (not internet explorer). I make the assumption that this is a symptom of the underlying problem. Am I wrong in this?
Can you clarify what you mean by "There are some right click context menu issues." please? I'm not nearly as computer savvy as you so be gentle with me.
Okay great. Those two should work fine. Did you ever have Avast installed? I'm only asking because running the removal tool from Avast is usually the only way to get rid of it. It does use Rootkit technology and installs files that are invisible to Windows (and also to UVK) so it would probably be best to head over to the Avast forum and get help from the experts there with removing any leftovers.
I can't promise to pin down the issue but here's what I noticed with some more detail:
Both explorer.exe processes are digitally signed by Microsoft so it's not a rogue process.
File context menu issues. When you right click on a file you see a menu. These shell extensions look like leftovers after uninstalling software.
<FileContextMenu> | ShellExtension | | No description | Hash error: File not found | Unsigned : No publisher
<FileContextMenu> | XXX Groove GFS Context Menu Handler XXX | | No description | Hash error: File not found | Unsigned : No publisher
<FileContextMenu> | 00avast | | No description | Hash error: File not found | Unsigned : No publisher
<FileContextMenu> | XXX Groove GFS Context Menu Handler XXX | | No description | Hash error: File not found | Unsigned : No publisher - This is a second entry
Folder context menu issues. When you right click on a folder you see a menu.
<FolderContextMenu> | XXX Groove GFS Context Menu Handler XXX | | No description | Hash error: File not found | Unsigned : No publisher
<FolderContextMenu> | ShellExtension | | No description | Hash error: File not found | Unsigned : No publisher
<FolderContextMenu> | XXX Groove GFS Context Menu Handler XXX | | No description | Hash error: File not found | Unsigned : No publisher - This is a second entry
AppData issues:
<ContentsCommonAppData> | AVAST Software | 12.75 MB | Directory
Re: MBAM detecting a connection. Do you have any ad supported software installed? It could be down to adverts displayed when using that software or it could just be MBAM blocking an advert when browsing. On the other hand it could be something else.
Thanks, I'll head over to Avast and see what they say, as I did run that AV as I struggle along. No ad supported software on my machine. The MBAM blocks can/will occur just sitting at my desktop with nothing running. If I disconnect from the net, the blocks also cease. The one consistancy is that the process listed is always C:\windows\explorer.exe.
Just explain to the Avast forum helpers what method you used to remove Avast and ask for help with full removal.
As for the MBAM thing it would be better to ask for help in the security section but for a start you could try running Herd Protect (scan only) to see if it finds anything.
herdProtect - Anti-Malware Multiscanning Platform in the Cloud
If you like I can upload a script that you can run using UVK to get rid of those problem shell extensions (context menu entries) but sort out Avast first!
I too found this thread after searching (all day) for answers. AfrimS' problems are almost identical to mine. After rebooting and experimentation I have found that the second EXE appears when I turn on my internet connection, but at low memory (3000 or so). It appears to stay that way until I launch a program such as Internet Exp or my email program, then the second EXE goes nuts up to over 2,000,000 ram, essentially stopping the computer. After a while, at times I haven't measured yet, it settles down. If I turn off the internet connection it usually slowly sinks back down to 3000, but not always!
Clearly there is either a bug or flaw that is creating a mirror explorer.exe shell and then looping or going crazy for unknown reasons.
I have run MWB, CCCleaner, etc. and am more or less clean. This started with me too in October - hmmm. It followed a bunch of changes on my computer after a local "professional" worked on it to get rid of earlier bugs (multiple iexplorer spawns, multiple google chrome spawns, lots of Trojans). IO can't help but think that these virus attacks are related, as we went years without a problem before about Sep 26th, 2014.
Did AfrimS uninstall Utorrent? Seems there was a verified bug in that which was causing explorer.exe problems, according to other threads elsewhere.
I intend to run shellexview next and also see if I have 7-zip and Dropbox uninstalled, etc.
But mostly I wanted to proceed and share with Ghengis and AfrimS so that when (if) one of us finds out what the problem is we can all benefit. Thanks Callender for your dedication to this problem - if it can be solved you will be famous!
Did you try checking if "Launch folder windows in a separate process" was unchecked?
Also, isn't it one of the svchost processes the one that eats up the most RAM? (In my case, one of my svchost.exe processes is tied to Sysmain, which runs Superfetch.)
Utorrent - there's no harm in uninstalling it as it's free and can be reinstalled.
ShellExView:
Just for test purposes disable all non-microsoft shell extensions and reboot. If the problem remains it's not a wayward shell extension.
You might also want to look at ShellMenuView or ShellMenuViewx64 and run it. If you see any non microsoft entries look under "File Type" and try disabling anything with the Directory, Drive or Folder label.
Note: That's just a test and not meant to be a permanent change. A reboot would be required for the changes to take effect.