Explorer.EXE is this a virus???

[Kaaz]

Every time I go to change a feature to my computer for example uninstalling a program my User Account Control window pops up asking me if I would want to allow the following program from an unknown publisher to make changes to this computer?

Program name: Explorer.EXE
Publisher: Unknown
File origin: Hard drive on this computer

I ask b/c I can't recall my computer ever doing this before Norton has Quarantined it due to suspicious behavior detected and if it is Norton states that the program has been blocked and removed and yet it still pops up each and every time I try to change something.... Norton shows file actions...
File: c:\windows\syswow64\explorer.exe
Removed

it also states the Origin as
Source File:
7tsp_gui_v0.3_b(3003).exe
File Created:
explorer.exe

 

[Unrealmaster287]

Could you please post a screen shot of such a prompt

Explorer is not a virus (unless infected) it is the shell you see when you go to desktop when you open a folder so it is in essence the interface of windows.
If a modification was made to the explorer e.g. changing the staring logo etc then it is normal that it will start to display
Program name: Explorer.EXE
Publisher: Unknown
File origin: Hard drive on this computer

For me as well after i used windows orb changer so yeah you are not the only one!

I hoped this helped

 

[Jacee]

Have you downloaded and installed any 'theme packs'?

 

[Kaaz]

I have downloaded and installed theme packs & Ive changed my starting logo and orb... Moments ago I experienced my first blue screen. I restarted my computer everything seems to be working ok but Im not sure, Im totally not in any way shape or form a computer expert. Thinking if this is a virus I should restore my computer to an earlier date... Thing is, its only showing a restore point of 11/27. When I click on the box to show more dates nothing changes. Im clueless as to what to do next???

 

[seavixen32]

First, I'd be inclined to uninstall any theme packs you've installed.

Next, download the free version of Malwarebytes and run a full virus scan.

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer

 

[vrosa]

Probably it's infected or like others already said here maybe the theme pack you've installed.

 

[Kaaz]

Thank you seavixen32. I will do that and report back. In the meantime I was directed to the BSOD forum and followed those instructions there and was advised to post my reports of the BSOD dump & system files collection along with the system health reports in a zip file here.

OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Manufacturer Hewlett-Packard
System Model 310-1124f
System Type x64-based PC
Processor AMD Athlon(tm) II X2 240e Processor, 2800 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 6.03, 11/30/2010
SMBIOS Version 2.6
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.75 GB
Available Physical Memory 1.70 GB
Total Virtual Memory 7.50 GB
Available Virtual Memory 5.07 GB

View attachment Reports.zip

 

[Kaaz]

I ran the full Malwarebytes scan and received this msg...

Broken.OpenCommant | Registry Data | HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default)...
" " HKEY_CLASSES_ROOT\regfile\shell\open\command\(default)...

-Was this just a glitch or something else or am I being too paranoid?!?!

 

[Unrealmaster287]

I ran the full Malwarebytes scan and received this msg...

Broken.OpenCommant | Registry Data | HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default)...
" " HKEY_CLASSES_ROOT\regfile\shell\open\command\(default)...

-Was this just a glitch or something else or am I being too paranoid?!?!

I am no Malwarebytesbytes expert but i can tell you this, no one program is 100% accurate at scanning threats, restricting yourself to scanning using one program is dangerous :huh:
If i were you i would use Malwarebytes, Avira removal tool, and Kaspersky Virus Removal Tool.

Use those and post the results

Finally there is nothing wrong with being nit picky and paranoid about your system when it comes to protection

I hope this helps

 

[Jacee]

Download CKScanner from here http://downloads.malwareremoval.com/CKScanner.exe
Save it to your desktop. <=== IMPORTANT
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

[Kaaz]

Norton wouldn't let me execute this program. It stated that fewer then 5 in the Norton community have downloaded this program and its fairly new less then a week old and not much is known about it and deleted it.

 

[Jacee]

Sorry, I gave you the wrong one .....

Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

This is what is will show, similar to mine:

Results of screen317's Security Check version 0.99.28
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Avira Premium Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
FCleaner 1.3.1.621
Java(TM) 6 Update 29
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

 

[Kaaz]

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Norton Internet Security
McAfee Security Scan Plus
iolo technologies' System Mechanic
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Kaaz Desktop SecurityCheck.exe
Kaaz AppData Local Temp\RarSFX0\SecurityCheck\Objlist.exe
Symantec Norton Online Backup NOBuAgent.exe
iolo Common Lib ioloServiceManager.exe
iolo System Mechanic SystemGuardAlerter.exe
``````````End of Log````````````

 

[Jacee]

it also states the Origin as
Source File:
7tsp_gui_v0.3_b(3003).exe
File Created:
explorer.exe

Did you download "7 Theme Source Patcher (3003)"? If you did, did you select whether or not Explorer.exe should be patched?

 

[Kaaz]

I did and it was awhile back & whatever options that were given I had selected patch all.

 

[MilesAhead]

I would use this tutorial:
http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html

but Restore the .reg file association manually first. Otherwise the .reg script is not going to work since that's what's broken according to malwarebytes msg.

After restoring .reg association manually, run the .reg script in the tutorial.

 

[Kaaz]

ok lets back track a little...

1st. I received a msg from Norton AV protection after the completion of a full scan stating that it had quarantined something that is not a virus but an essential part of the operating system explorer.exe AND it also stated that its origin was from Source File:7tsp_gui_v0.3_b(3003).exe.

2nd. Shortly after my first post I got my first BSOD. Rebooted my computer and everything seemed to be working ok & I came back to this forum to gain further help.

3rd. I uninstalled all theme packs & downloaded Malwarebytes and ran a full scan receiving 2 broken.opencommand registry data msgs.

Now it seems to me that I have more then one issue. I have the issue trying to restore my explorer.exe back to normal and taking that off of the quarantined list finding out if it is or isn't a virus. My BSOD issue, not knowing if that is associated with the Norton quarantine. And now also a registry issue. I have no clue as to what the difference is btwn a .reg file or a .reg script and I don't know how to manually restore either to get to the part that the tutorial speaks about.

I do have a recovery disk that was created about a month ago way before I started having these issues. If I use that will I have the same issues that I went thru with Norton, BSOD, & Malwarebytes registry issue?

Also if I do use my recovery disk & uninstall the theme packs etc etc how can a create more then one restore point? I wanted to just restore my computer to a later date with this issue but the later date was only a day or two from the time that I started having these issues and that was the only restore point. On my laptop I have multiple restore points, how do I create the same on my desktop?