Re: two EXPLORER.EXEs. Virus ?
From: x y, mvp (levinson_k@despammed.com)
Date: 03/09/03
- Next message: x y, mvp: "Re: "Messanger Service" pop-ups"
- Previous message: x y, mvp: "Re: Encryption"
- In reply to: B.Y.: "two EXPLORER.EXEs. Virus ?"
- Next in thread: Andrew Z Carpenter: "Re: two EXPLORER.EXEs. Virus ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y, mvp" <levinson_k@despammed.com> Date: Sun, 9 Mar 2003 07:44:26 -0500
You need antivirus with the latest updates for this week installed. This is
by far the best way to determine what is what and remove anything
undesirable like this. www.grisoft.com is free antivirus. A firewall
would probably also have helped... www.sygate.com, www.zonealarm.com,
www.agnitum.com, www.kerio.com are all free.
You might also consider doing these things to try to determine what else if
anything was done to your computer and to re-secure it:
http://securityadmin.info/faq.htm#hacked
http://securityadmin.info/faq.htm#re-secure
http://securityadmin.info/faq.htm#harden
It sounds like there are one or more vulnerabilities on your computer, and
if you don't harden your computer, you'll be hacked again. With a remote
access trojan like this, all your web passwords and credit card numbers
could possibly be known by others. Also, just removing your trojan won't
secure your computer if there was another back door installed somewhere on
your computer.
"B.Y." <ecxzDELETETHIS@yahoo.com> wrote in message
news:uf20VEg5CHA.1576@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> I'm running Windows 2000 SP3, and my Windows root directory is "C:\W2K".
By
> chance I noticed in task manager that there're 2 explorer.exe's running,
> looking into it further, I found out that there're 2 files named
> explorer.exe in my windows folder.
>
> The first file is "c:\w2k\explorer.exe", it's 242960 bytes long and it
looks
> like it's the shell explorer.exe.
>
> The second file is "c:\w2k\system32\explorer.exe", but I don't know what
it
> is. It's 245,760 bytes long, has no version info, and has no resource in
it
> (opening it as resource, VC returned error "cannot enumerate resources in
> the executable"). Furthermore, in
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run, there's an entry to it
> so it's run at system start. Renaming this file and deleting the registry
> entry don't seem to affect the system at all.
>
> So my question is, is this explorer.exe part of OS or some kind of virus ?
>
> If anyone wants to take a look at this file, please email me at yahoo.com,
> email name is ecxz.
>
> Thanks, By
>
>
- Next message: x y, mvp: "Re: "Messanger Service" pop-ups"
- Previous message: x y, mvp: "Re: Encryption"
- In reply to: B.Y.: "two EXPLORER.EXEs. Virus ?"
- Next in thread: Andrew Z Carpenter: "Re: two EXPLORER.EXEs. Virus ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
