Two explorer.exe, One taking all of my RAM's Memory

Page 11 of 14 FirstFirst ... 910111213 ... LastLast

  1. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #101

    Reboot?


    AfrimS said:
    @cpubus I tried to find the thing you told me and its not within the folder, here is whats in the folder for me - Screenshot by Lightshot -. As for the uvk scan you want me to do callender im doing it right now

    EDIT
    Iv done the scan here is the LOG https://www.dropbox.com/s/z2iiwr8osl...%2014.log?dl=0
    UVK says it will delete the folder on the next reboot. Did you try that?

    2014/12/19 18:19:24 Deleting requested files...

    2014/12/19 18:19:26 Scheduled for removal on next reboot:
    C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
      My Computer


  2. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #102
      My Computer


  3. Posts : 10
    Win 7 64 Home Prem
       #103

    [QUOTE=AfrimS;2963985]@cpubus I tried to find the thing you told me and its not within the folder, here is whats in the folder for me - Screenshot by Lightshot -. As for the uvk scan you want me to do callender im doing it right now

    Yes that "xrWCtmg2" file is the main cuplrit here but all those files in that folder are used by it. That whole folder needs to go but it should stop with at least that one file destroyed. Use the delete option in UVK since normal delete will not work. But first, if you could, (and this is optional) upload that "xrWCtmg2" file to Virustotal.com and link us to the results so we can see if this virus is classified by anything at all.
      My Computer


  4. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #104

    Prevention?


    [QUOTE=cpubus;2963997]
    AfrimS said:
    @cpubus I tried to find the thing you told me and its not within the folder, here is whats in the folder for me - Screenshot by Lightshot -. As for the uvk scan you want me to do callender im doing it right now

    Yes that "xrWCtmg2" file is the main cuplrit here but all those files in that folder are used by it. That whole folder needs to go but it should stop with at least that one file destroyed. Use the delete option in UVK since normal delete will not work. But first, if you could, (and this is optional) upload that "xrWCtmg2" file to Virustotal.com and link us to the results so we can see if this virus is classified by anything at all.
    One other suggestion with a word of caution. This thing seems to evade detection by using digitally signed files but you can prevent it in future using Execute Prevent. The problem with that approach is that it can interfere with some legitimate programs like Geek Uninstaller that uses AppData to run it's executable from so would need to be added as an exclusion.

    If you like you could test for a while using the following settings in UVK that will make the required changes. You'd need to keep UVK installed and add exclusions when needed.

    Two explorer.exe, One taking all of my RAM's Memory-execute-prevent-uvk-ultra-virus-killer.jpg
      My Computer


  5. Posts : 10
    Win 7 64 Home Prem
       #105

    This thing was hiding pretty well, but they could have done more to prevent it from being removed. I've had adware fight me more lol. I'd like to know what in fact its purpose is. Well I'm signing off for the weekend, I expect to see more of these at work soon. We had what, 4 people infected visit this thread today including me?
      My Computer


  6. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #106

    Others affected


    Well done and thank you for all your hard work. As far as I know there are at least a couple of other threads started by users with the same issue and a quick internet search shows a few users posting the same issue on other forums - all fairly recently. It would be interesting to know how it arrives on a user's machine.

      My Computer


  7. Posts : 38
    Windows 7 Home Premium 64bit
    Thread Starter
       #107

    I can no longer access the folder that cpubus was talking about

    EDIT: I didnt see the notification saying i had to reboot sadly but i just rebooted right now and it is no longer there anymore. What should I do next?

    EDIT: Upon doing the Reboot the second explorer.exe has not come back yet. Im going to continue doing what I normally do for one day or so just to make sure it does not come back and if it doesnt I will mark the thread Solved!

    Much thanks to everyone honestly this has been great and also a big bother to deal with.
      My Computer


  8. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #108

    Check to see if it's gone


    Check to see if it's gone after a reboot. If it isn't state if you can open it. If you can't - right click and choose "properties and look at the folder size. There will be other ways to delete it if it still exists.

    Edit: Just saw your last post. Glad it's sorted!
    Last edited by Callender; 19 Dec 2014 at 20:59. Reason: add info
      My Computer


  9. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #109

    Clean up?


    @ArimS

    Do you need help with removing any software that you were asked to install or are you happy to keep it?
      My Computer


  10. Posts : 38
    Windows 7 Home Premium 64bit
    Thread Starter
       #110

    Im happy to keep eveything other then Secunia. any specific way of uninstalling that one?
      My Computer


 
Page 11 of 14 FirstFirst ... 910111213 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:00.
Find Us