Re: two EXPLORER.EXEs. Virus ?

From: Gary K (dabigfinndog@icqmail.com)
Date: 03/09/03 

From: "Gary K" <dabigfinndog@icqmail.com>
Date: Sat, 8 Mar 2003 22:50:40 -0800

Take a look at the following link. There are actually several worms that
either create a new explorer.exe that runs in addition to your system file,
or replace the system file. You most likely have some type of RAT. A worm
that allows someone else to control your computer without your knowledge.
Do a Google search for worm or virus and explorer.exe. You will find a lot
of info.

http://www.sophos.com/virusinfo/analyses/w32igloo15.html

"B.Y." <ecxzDELETETHIS@yahoo.com> wrote in message
news:uf20VEg5CHA.1576@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I'm running Windows 2000 SP3, and my Windows root directory is "C:\W2K".
By
> chance I noticed in task manager that there're 2 explorer.exe's running,
> looking into it further, I found out that there're 2 files named
> explorer.exe in my windows folder.
>
> The first file is "c:\w2k\explorer.exe", it's 242960 bytes long and it
looks
> like it's the shell explorer.exe.
>
> The second file is "c:\w2k\system32\explorer.exe", but I don't know what
it
> is. It's 245,760 bytes long, has no version info, and has no resource in
it
> (opening it as resource, VC returned error "cannot enumerate resources in
> the executable"). Furthermore, in
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run, there's an entry to it
> so it's run at system start. Renaming this file and deleting the registry
> entry don't seem to affect the system at all.
>
> So my question is, is this explorer.exe part of OS or some kind of virus ?
>
> If anyone wants to take a look at this file, please email me at yahoo.com,
> email name is ecxz.
>
> Thanks, By
>
>

Relevant Pages

  • Missing System File - WUMGRD.exe??
    ... My AVG detected a virus this morning, a worm. ... Anyone know what this system file is for, and more importantly, how can I RESTORE it? ...
    (microsoft.public.windowsxp.general)
  • Re: Has been file replaced?
    ... It gets deleted by malware or by a virus. ... To restore setup.exe from CD, ... Windows File Protection mechanism won't interfere. ... File replacement was attempted on the protected system file setup.exe. ...
    (microsoft.public.windowsxp.general)
  • Replacing damaged system files
    ... I recently picked up a virus, ... Anti-virus program (McAfee) deleted the infected files before any serious ... My question is how can I tell if a standard system file is missing. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: [Full-Disclosure] Re: Viral hoax
    ... i have not seen one of these system file = virus messages ... Those don't spread as fast. ... It's kinda like how Ebola is close to the top end of lethality for a ... virus that can spread well; any more lethal, ...
    (Full-Disclosure)
  • Re: Create A File Association
    ... >I did the entry in start/run and got the following 2 responses ... There used to be an entry SFC (system file check) but I cant find that ... >> marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm ...
    (microsoft.public.windowsxp.help_and_support)