Explorer.exe reported as suspicious via heuristics, but only at startup

Whenever I start up my computer Avast alerts me that C:\Windows\System32\Explorer.exe is suspicious via heuristics. MalwareBytes reports no problem and I uploaded it to VirusTotal, where all 68 engines – including Avast’s – reported it as clean. Moreover, if I right-click scan it with Avast it also reports it as clean, so why am I getting this alert at startup all the time?

PS. The captcha here is awful! I’ve had to click through a dozen pictures before finding one that’s even remotely readable.

Could you post a screenshot of the detection?

The captcha is only for the first three posts - it is made difficult to prevent spammers and bots.

Would you believe it… I restarted four times before posting this thread and it alerted me every time. But now that I need it to grab a screenshot it hasn’t done it! I’ve even run smart scan and it’s found nothing.

I’m off to bed soon so I’ll try restarting a few more times tomorrow and report back.

Ok, it’s still doing it:

https://i.imgur.com/4h4B6Gb.jpg

Curiously, there is no mention of this in the ‘Problems & Notifications’ page of the user interface. All that shows is that I have Mail Shield turned off and that the last scan from Windows Explorer found no issues.

This popup looks like a rootkit scan at startup.
In that case I would recommend to perform a full system scan or even boot-time scan, as these reported files are not always real cause of it but something hide itself under legitimate files.

Or just a false positive, I’m not sure about it…

Explorer.exe is not suppose to be in a System32 folder. It should be in C:\Windows. That alone makes it fishy. What version of Windows are you using?

no explorer.exe found in System32 folder here:

I ran the boot scan – after downloading the extra definitions – up to where it started file scanning and it found no problems. Then I booted up and ran the full scan which only found a few minor issues and nothing relating to this file.

@RejZoR: I think you may have hit the nail on the head. The OS is Windows 7 32-bit and I remember now I had a problem a while ago where Explorer was crashing and I couldn’t get it to restart. A solution I found online was to copy it to the System32 folder and run it from there, which seemed to work at the time. Anyway, that problem is no longer occurring so I’ve deleted the copy in System32 and all is well now AFAICT.

Thank you all for your input.

Heuristics were probably detecting binary because it was not expected to be there. Heuristics often use certain mechanisms to exclude clean apps and their actions from triggering unnecessary warnings. And explorer.exe being in a wrong location was not treated by those exclusions and thus triggered the warnings. Would make sense.

If you’re having problems, just install Windows 7 over old install and it should basically repair it while keeping all the user files and settings. That’s how we used to fix without full reinstallation back in the day before the Refresh function in Windows 10.