Explorer.exe showing as malware

[xxxdannyxxx]

Hi All

Ive just run a scan with Hitman Pro and its flagged explorer.exe as Malware.MSE and Malwarebytes scans come back clear.Is this just an FP or do i have a problem.
Any help appreciated.

Danny

 

[whs]

I would call that a "false positive".

 

[xxxdannyxxx]

I would call that a "false positive".

That was my first thought too

Thankyou

 

[whs]

Especially since it shows in C:>Windows, which is the correct location.

 

[xxxdannyxxx]

Especially since it shows in C:>Windows, which is the correct location.

Thanks whs always appreciate a second opinion

Danny

 

[Fayla]

I'm curious, did you do any modding of Window's to adjust the theme?

Especially since it shows in C:>Windows, which is the correct location.

Thanks whs always appreciate a second opinion

Danny

 

[xxxdannyxxx]

I do have custom icons and a custom orb but havent applied any custom themes.

 

[Fayla]

I just thought that if you had, maybe the AV had picked up on the altered explorer.exe signature because of the theme changes. I mean, there are people on here who hack many system's .exe and .dll files to make themselves custom Window's theme, so I had to ask if you were one of then. But I guess not, so it's just a normal FP

I do have custom icons and a custom orb but havent applied any custom themes.

 

[xxxdannyxxx]

I just thought that if you had, maybe the AV had picked up on the altered explorer.exe signature because of the theme changes. I mean, there are people on here who hack many system's .exe and .dll files to make themselves custom Window's theme, so I had to ask if you were one of then. But I guess not, so it's just a normal FP

I do have custom icons and a custom orb but havent applied any custom themes.

Actually Lost Colonist your on to something i restored the explorer.exe back-up file that windows 7 start button changer creates and ran it again and no problems, used it again to apply a custom orb and the problems back.
Any Views on this

Danny

 

[Fayla]

Every file has a default signature and MD5 hash etc, maybe whatever is in this hitmanpro checks these signatures / hashes. In this case it would have noticed an altered signature/hash and flagged it as infected.

I just thought that if you had, maybe the AV had picked up on the altered explorer.exe signature because of the theme changes. I mean, there are people on here who hack many system's .exe and .dll files to make themselves custom Window's theme, so I had to ask if you were one of then. But I guess not, so it's just a normal FP

I do have custom icons and a custom orb but havent applied any custom themes.

Actually Lost Colonist your on to something i restored the explorer.exe back-up file that windows 7 start button changer creates and ran it again and no problems, used it again to apply a custom orb and the problems back.
Any Views on this

Danny

 

[xxxdannyxxx]

Thats great will mark it as FP and that should be the end of it.

Thanks for the help

Danny

 

[EzioAuditore]

You changed the start orb and so as the contents of the original file and so the detection.
My AV too pops up about this. But its no big deal as long as it is at %windir%\explorer.exe and %windir%\SysWOW64\explorer.exe (on x64 machines) and has the same checksums (MD5, SHA-1 etc.) as of the original.

 

[xxxdannyxxx]

You changed the start orb and so as the contents of the original file and so the detection.
My AV too pops up about this. But its no big deal as long as it is at %windir%\explorer.exe and %windir%\SysWOW64\explorer.exe (on x64 machines) and has the same checksums (MD5, SHA-1 etc.) as of the original.

Thanks for this .Which av are you using just out of interest

Danny

 

[EzioAuditore]

Kis 2011