I'm new to the GeeksToGo Forums. I hope I can find some help here.
As the title of my post states, I'm having problems with my explorer.exe. It *is* behaving weirdly, has a "strange" size (I've only compared with one other explorer.exe, so I'm not really sure).
Just a bit of background: last saturday I was attempting to fix a friend PC, which is on the same network as my notebook. I was having some trouble doing a clean Windows install and, after some blue screens, I've managed to locate the problem (bad memory modules that were installed a few weeks ago) and installed a Windows XP SP2.
After the install, while I was driver-hunting, I noticed a executable, c:\is2.exe, in my friend's machine. I was really tired after spending the whole saturday formating and reinstalling the OS, so I deleted it and totally forgot about the subject. That, until I found the same executable on my machine. I quickly became aware of the threat, but was a bit paralised after I ran Symantec AV over it and got a empty 'virus' report. Since I knew that was a virus or somekind of malware, I purged it imediatly and proceeded to ran a full scan in Norton. Again, no results.
I LiveUpdated SAV (something that I had just done) and ran the scan again. Nothing. By then, my computer was behaving strangely, as was my roommate's. My IE was having trouble resolving DNS names, stuff like that. I managed to get Windows Defender and, at the same time, SAV finally noticed something wasn't right. It cleaned some files that were stored in the Internet Temporary Files folder, infected with W32.Pinfy, but I was sure the treat wasn't removed.
I scanned the system with Windows Defender, but got nothing. Now, my system was showing a strange "Applying Personal Settings" box every other hour, applying something to my Recycler Bin, it seemed. When the box showed up, however, it was as if explorer.exe was terminated, because the taskbar would disappear.
But I just realized the attack was over explorer.exe when I booted the computer and, just when I logged into Windows, I got a exception from explorer.exe. Now, everytime I rebooted the computer and logon into my account, I get the error.
I looked at the "Running Programs" table in WinDef, and got nothing. Finally, I checked the Network Active Programs table and saw explorer.exe there! I decided to block it from making internet connections (there were 2 UDP connections open then).
I've updated my windows, something that I don't really like to do (because of performance issues) and looked around for more ways to solve the problem. I thing that I'm attempting right now is to replace my explorer.exe with a friends explorer.exe.
By the way, my explorer.exe has 1.033.216 bytes, and my friend's has 1.032.192 bytes, exactly 1024 bytes less.
I can't really format this computer, because it's a company installation -- they'd have to do it for me. But that means a whole day without working, something that I can't deal with right now (and I also have a large number of files here that would require backup since they run a image over the disk).
Someone has any ideia what this can be? Paranoia, maybe? Is the size of explorer.exe really wrong? Shouldn't it be connecting to external computers? What is applying Personal Configurations on my computer all the time?
Any help on the subject will be greatly appreciated.
Sign In
Create Account
