Two explorer.exe, one taking up to 3 gigs system memory

Page 1 of 2 12 LastLast

  1. Posts : 7
    Windows 7 x64
       #1

    Two explorer.exe, one taking up to 3 gigs system memory


    So the other thread was no help, so I started this one. When I start up my computer and after its loaded (in normal and clean boot) an explorer.exe shows up and starts rapidly ballooning up over the 2 million bits mark, making my computer really slow.

    I've cleaned with Comodo, Malwarebytes pro, and Kaspersky bootkit cleaner. This only happens when my computer is connected to the internet. The process has the path C:/Windows/explorer.exe but it shows up with no user in the task manager and when I try to end the task it gives me a message saying "access is denied. However, when I end it through the performance monitor it will let me end it, but a new one always pops back up in its place.

    I've been googling for weeks trying to fix this and still no luck, please help.
      My Computer


  2. Posts : 93
    Windows 7 Home Premium 64-bit SP1
       #2

    Google select which programs run at startup for your OS. There should be a way to block any unwanted applications from starting up. You might want to try and see if this simple method would work.
      My Computer


  3. Posts : 42
    Windows 7 Ultimate 32bit
       #3

    The explorer.exe file is located in the folder C:\Windows. In other cases, explorer.exe is a virus, spyware, trojan or worm!

    see this thread

    Two explorer.exe, One taking all of my RAM's Memory
      My Computer


  4. Posts : 7
    Windows 7 x64
    Thread Starter
       #4

    Both of you read the OP before you reply.
      My Computer


  5. Posts : 1,049
    Windows 7 Pro 32
       #5

    spork said:
    The process has the path C:/Windows/explorer.exe but it shows up with no user in the task manager and when I try to end the task it gives me a message saying "access is denied.
    You need to start Task Manager as administrator to see all processes and all details for all processes. When you start it normally(which means as a standard user even if you're an administrator) you can do this by clicking the button "Show processes from all users" in the bottom left corner.

    When you start Performance Monitor it's started as administrator (UAC prompt). That's why you could kill it from there.
      My Computer


  6. Posts : 7
    Windows 7 x64
    Thread Starter
       #6

    Ok when I did that it showed it was from owner, which is me. Odd that it would show that after I clicked display processes from all users when the other one showed it normally. And also now I can click on the display file location and it brings up my windows folder, when it wouldn't do that before.

    I tried booting in safe mode with networking and still got the same issue. I think its maybe a Microsoft problem? Like one of their updates caused a bug or something. I'm going to try the tool you posted in the other thread for the context menu thing then get back.


    EDIT: I almost forgot, when this problem started happening, I now get a RunDLL error on startup saying C/users/owner/AppData/local/owengla.dll could not be found. I have no idea what that means.
    Last edited by spork; 01 Dec 2014 at 14:59. Reason: New info
      My Computer


  7. Posts : 1,049
    Windows 7 Pro 32
       #7

    It wasn't me who suggested that tool I suggested Process Explorer instead of Task Manager cause you get more info and can check the processes on VirusTotal.

    This/your problem have been reported in several threads the last days so a recent Windows Update might be the cause. I've tried searching a little but only found these possible explanations so far:
    - High CPU usage in the Explorer.exe process when you open a folder that contains corrupted .wav files (Hotfix download)
    - Modified folder options(tab: view) in explorer to launch folder windows in a separate process. This would create additional explorer.exe processes more info

    I can't find any useful info on owengla.dll other than in malware context. The path ...AppData/local/ is strange because normally files go in a sub-folder to that folder.
      My Computer


  8. Posts : 7
    Windows 7 x64
    Thread Starter
       #8

    Yeah sorry I just realized that

    I used process explorer though and followed your tutorial. It all comes up clean and verified signed by microsoft, and there is a ctfmon attatched to it *sometimes*, but not always. Its using over 5 gigs as I type this and nothing is attached to it.

    I spent the last hour talking to a nice girl from microsoft. she said it *had* to be a virus. So now I'm stumped.

    Wathcing it just now it apears that around 5.2 gigs seems to be critical mass, it just restarted itself.
      My Computer


  9. Posts : 1,049
    Windows 7 Pro 32
       #9

    The tutorial also shows how to check DLL files that a process is using. And also wait for the ctfmon.exe to show up so you can check that too including the DLL's.
    Press Ctrl+L to toggle the lower pane after selecting a process. Then right-click a column header in the lower pane to get the option to add more columns.

    FYI, ctfmon is a text service for alternative user input features used for support of speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.
      My Computer


  10. Posts : 7
    Windows 7 x64
    Thread Starter
       #10

    On the first DLL it said in the verified signer column (the form specified for the subject is not one supported or known by the specified trust provider). No virus detected. The other unknowns are from nvidia, and none of their stuff is signed so I'm not too concerned about that.

    It found a virus in one of the files, CMC says it's a backdoor DLL, but that was the only red flag.

    cfmon hasn't showed yet.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:35.
Find Us