Re: two EXPLORER.EXEs. Virus ?

From: Gary K (dabigfinndog@icqmail.com)
Date: 03/09/03

Next message: Too_Much_Coffee Ž: "Re: two EXPLORER.EXEs. Virus ?"
Previous message: FKern: "Log terminal server logins?"
In reply to: B.Y.: "two EXPLORER.EXEs. Virus ?"
Next in thread: Too_Much_Coffee Ž: "Re: two EXPLORER.EXEs. Virus ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Gary K" <dabigfinndog@icqmail.com>
Date: Sat, 8 Mar 2003 22:50:40 -0800

Take a look at the following link. There are actually several worms that
either create a new explorer.exe that runs in addition to your system file,
or replace the system file. You most likely have some type of RAT. A worm
that allows someone else to control your computer without your knowledge.
Do a Google search for worm or virus and explorer.exe. You will find a lot
of info.

http://www.sophos.com/virusinfo/analyses/w32igloo15.html

"B.Y." <ecxzDELETETHIS@yahoo.com> wrote in message
news:uf20VEg5CHA.1576@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I'm running Windows 2000 SP3, and my Windows root directory is "C:\W2K".
By
> chance I noticed in task manager that there're 2 explorer.exe's running,
> looking into it further, I found out that there're 2 files named
> explorer.exe in my windows folder.
>
> The first file is "c:\w2k\explorer.exe", it's 242960 bytes long and it
looks
> like it's the shell explorer.exe.
>
> The second file is "c:\w2k\system32\explorer.exe", but I don't know what
it
> is. It's 245,760 bytes long, has no version info, and has no resource in
it
> (opening it as resource, VC returned error "cannot enumerate resources in
> the executable"). Furthermore, in
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run, there's an entry to it
> so it's run at system start. Renaming this file and deleting the registry
> entry don't seem to affect the system at all.
>
> So my question is, is this explorer.exe part of OS or some kind of virus ?
>
> If anyone wants to take a look at this file, please email me at yahoo.com,
> email name is ecxz.
>
> Thanks, By
>
>

Next message: Too_Much_Coffee Ž: "Re: two EXPLORER.EXEs. Virus ?"
Previous message: FKern: "Log terminal server logins?"
In reply to: B.Y.: "two EXPLORER.EXEs. Virus ?"
Next in thread: Too_Much_Coffee Ž: "Re: two EXPLORER.EXEs. Virus ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Missing System File - WUMGRD.exe??
... My AVG detected a virus this morning, a worm. ... Anyone know what this system file is for, and more importantly, how can I RESTORE it? ...
(microsoft.public.windowsxp.general)
Re: Internet Access Mal-function After "oobec.dll" Quarantined?
... My PC became unable to access to internet (LAN is OK) after some files ... Few files contracted virus but only one system file is involved: ... Click Start, Run, type CMD and click the button. ...
(microsoft.public.windowsxp.help_and_support)
Re: Has been file replaced?
... It gets deleted by malware or by a virus. ... To restore setup.exe from CD, ... Windows File Protection mechanism won't interfere. ... File replacement was attempted on the protected system file setup.exe. ...
(microsoft.public.windowsxp.general)
Replacing damaged system files
... I recently picked up a virus, ... Anti-virus program (McAfee) deleted the infected files before any serious ... My question is how can I tell if a standard system file is missing. ...
(microsoft.public.windowsxp.help_and_support)
Re: [Full-Disclosure] Re: Viral hoax
... i have not seen one of these system file = virus messages ... Those don't spread as fast. ... It's kinda like how Ebola is close to the top end of lethality for a ... virus that can spread well; any more lethal, ...
(Full-Disclosure)