FileRepMalware explorer.exe contains a virus

General Topics
1

Hi there, I’ve been having issues with my computer over the past few weeks. Most recently (and most immediately pressing) is a notification from Avast stating that explorer.exe is infected with FileRepMalware. My computer will only boot in low-graphics mode (I seem to have been having problems with the graphics card lately-- maybe they’re related?) and is, as it has been for months now, running incredibly slowly, with Task Manager consistently listing Physical Memory usage as 90-95%. I’ve tried a number of fixes but am relatively new to the computer game and most seem to be on a case-by-case basis. Does anyone have any suggestions for me? I’m working with a 3 year old Acer Aspire One 725 netbook running Windows 7 (though I’ve been considering using Linux Mint as my OS lately) and have saved the most pertinent of my files to a jump drive (about 2 GB worth of .doc, .xls, and .pdf files; I don’t much care about the others) and am prepared to do whatever it takes to get my computer’s functionality back. If it comes down to it, I am not opposed to completely overhauling the system and installing Linux Mint as my main OS. Thanks!

2

see instructions https://forum.avast.com/index.php?topic=53253.0
attach Farbar Recovery Scan Tool diagnostic logs

3

Thank you so much for your help :slight_smile: I’m sorry about the duplicates for the post-- my browser didn’t register the page as having been submitted, so I hit refresh. I’m running aswMBR.exe scan now and will post the log when it’s finished.

4

I don’t know why I’m making this more complicated than it needs to be… super sorry. Here’s the other log.

5

log expert notified… if you dont get a reply in the next two hours, check back tomorrow after work hours european time

6

I think the problem is that you are using a theme patcher which alters explorer. I believe this is the one http://uxstyle.com/ and http://the-within-network-llc.software.informer.com/

So you may have to uninstall it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2375310332-3304637302-3732907884-1000\...\MountPoints2: {2d43ac4b-4883-11e3-92bb-047d7bc409a4} - D:\IronKey.exe HKU\S-1-5-21-2375310332-3304637302-3732907884-1000\...\MountPoints2: {d1f24912-240e-11e4-96c3-047d7bc409a4} - D:\GSLoader.exe HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2014-10-21 10:16 - 2014-10-21 10:16 - 00000000 ____D () C:\Users\Jodie\AppData\Local\{73D974CF-93EF-4759-908E-F6DBC0F6887F} 2014-10-19 22:59 - 2014-10-19 22:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-10-19 22:59 - 2014-10-19 22:59 - 00000000 ____D () C:\Users\Jodie\AppData\Roaming\OpenCandy EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

7

Well, now I feel dumb. I did install UxStyle awhile ago. Just uninstalled it. Are there any files I’d need to delete to make it complete, or is uninstalling it via the Programs and Features list sufficient?

8

I’m really on a roll today. Here are the logs you requested. Sorry, working on 2 hours sleep.

9

Is Avast still reporting problems with explorer, if so we will need to replace it

10

I’m not sure. What is the best way of figuring that out?

11

Run a system scan with Avast and see if that reports it

12

According to Avast I don’t currently have any malware or viruses. Sorry for the delay, I’m currently away from my computer and getting someone to report things to me.

13

No problem as soon as you are happy let me know and I will tidy up :slight_smile:

14

Is there any way to safely replace explorer.exe just to be safe, or could doing so cause other problems? Even after running all the above mentioned scans and fixes, my computer still booted and ran very slowly.

15

Yep let search for some spares

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

Run FRST and in the search box type the following :

explorer.exe

Press search files
On completion a log will be generated, please post that

16

Here you go :slight_smile:

17

All files now have the proper MD5 and signature so unless it is causing problems I would not replace it

18

Okay. When you say they now have them, do you mean they didn’t in an earlier scan you saw and have now been fixed? I’m still having issues with the CPU usage and physical memory usage hovering near 80-100% despite this. If I’m no longer in the right forum, is there anywhere you would suggest I direct future queries? Thank you for all of your help.

19

Could you open taskmanager and let me know what process is using the most CPU please

20

It seems to be Chrome doing all the CPU damage. I took a screen shot without any programs (aside from Task Manager) open and CPU usage was around 5%; as soon as I opened Chrome to a single tab, CPU usage shot up to 100%. I’ve attached both images here.