Multiple explorer.exe in task manager

Viruses and worms
1

Hi so 2 days ago I got some strange things going on whenever I open task manager I see too many explorer.exe open(see image) and RAM and CPU usage is also high I did scanned with Avast to see if there is any virus but no treat found so I am not sure what can it be…
So if you guys have any idea how to fix it,I would really appreciate it :smiley:
And thanks for any help!

2

Go Here

Download and Run in ordered list: Malwarbytes, OTL, aswMBR (Windows 7 ONLY!!)

Attach the following log files in your next reply.

  • OTL.txt
  • Extras.txt
  • aswMBR.txt
  • Malwarebytes.txt
3

I have also notified a remover to assist you

4

thanks for help i did what you said.

5

Are all the explorer.exe still there? You had a backdoor bot. Due to the fact I told the removal team logs weren’t posted. I’ll give this thread until tomorrow at noon (5/9/2014) AST (Atlantic time). Then I will re-PM it.

6

Nope they are gone THANKS :smiley: :smiley: :smiley: :smiley:
and btw is this over now? ;D

7

Re-looking through your files. I saw this (svchost). Check Task Manager for svchost. There will more then likely be a lot. Look for the one with your Username on it. Is it there?

With this infection (I believe blackbeard), do not run any scans unless directed to do so.

And no! Wait for someone to help you.

Explorer might’ve been modified. I don’t know

8

no i don’t see any of them ???

9

That is odd. Wait for 10 ish hours. Most removers are either in bed or heading there soon.

10

Hi Wizard75, :slight_smile:

Did you pirate your version of Adobe Photoshop?

Due to the presence of the Backdoor Bot, I’d counsel you to remove all your login information from a different clean computer. If you do financial transaction(s) with this PC, there is a good chance that they are compromised as well and I’d again counsel you to notify the proper authority and change the details.

PunkBuster Advice:

There are some issues with infections in relation to PunkBuster…

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

[*]Step #1 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.

[b][color=maroon][*]Java 7 Update 51 (Version is outdated. New version available here.)

[*]Step #2 P2P Warning
**IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

[*]BitComet 1.34

I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

[]P2P File-Sharing: Evaluate the Risks
[]ITSC: Risks in Peer-to-peer File Sharing

Note: Even if you are using a “safe” P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.

[*]Step #3 Fix with OTL
[*]Re-run OTL by right clicking and choosing Run as administrator;
[*]Under the Custom Scans/Fixes Box copy and paste the following contents inside the code box.

:Commands
[createrestorepoint]

:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
[3 C:\Users\Admin\Desktop\*.tmp files -> C:\Users\Admin\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
@Alternate Data Stream - 4 bytes -> C:\temp:rnd.dat
@Alternate Data Stream - 4 bytes -> C:\temp:pid2
@Alternate Data Stream - 4 bytes -> C:\temp:pid1
@Alternate Data Stream - 23 bytes -> C:\temp:srv

:Commands
[emptytemp]
[resethosts]

[*]Click on “Run Fix” and let the program run unhindered;
[]Your PC will reboot automatically and a log will be opened;
[]Please attach it in your next reply.

[*]Step #4 Fix with AdwCleaner
[*]Download AdwCleaner by Xplode to your Desktop from the following link.
[list][]Download Link #1
[]Download Link #2
[*]Right-click on AdwCleaner.exe and choose Run as administrator;
[*]Click on Scan and let the program run unhindered;
[*]When done, click on Clean and allow the system to reboot after it is done;
[]A log will be opened automatically after the restart;
[]Attach the log in your reply.[/list]

[*]Step #5 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
[]Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
[*]Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
[*]Please be patient as the tool cleans your system;
[*]After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
[]Attach the log in your next reply.

[*]Required Log(s):
[]OTL Fix Log
[]AdwCleaner Log
[*]Junkware Removal Tool Log

Regards,
Valinorum

11

Thank you Valinorum for coming to help!

12

Ok,here are logs

13

Thank you. You haven’t reply to my query I asked in the previous post. Please do so and tell me how is your system performing?

No problem. I am little slow because of my exams and I apologize for this.

14

Yes I did,and everything is working fine now ;D ;D ;D
THANK YOU! :wink: :wink:

15
Did you pirate your version of Adobe Photoshop?
This was my query.
16

Hi Wizard75, :slight_smile:

[*]Step #6 Scan with Malwarebytes’ Anti-Malware
[*]Download Malwarebytes’ Anti-Malware from the suitable link below –
[list][]Download Link #1
[]Download Link #2
[]Download Link #3
[*]Double-click mbam-setup.exe to install the application.
[*]Before clicking Finish perform the following actions –
[*]Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
[*]Check the box beside Launch Malwarebytes Anti-Malware
[*]Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
[*]Click on Setting
[*]Navigate to the tab Detection and Protection and check all the boxes under Detection Options
[*]From the Dashboard click on Scan Now;
[*]If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
[*]On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
[]Attach the log in your next reply.[/list]

[*]Step #7 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
[*]Download esetsmartinstaller_enu.exe by clicking here.
[*]Right-click on the program and choose Run as administrator.
[*]Accept their terms and condition and proceed.
[*]Install Add-On/Active X if prompted.
[*]From the Computer Scan Setting
[list][*]Uncheck the box beside Remove Found Threats;
[*]Check the box beside Scan archives
[*]Click on Advanced Setting and check the following boxes–
[*]Scan for potentially unwanted applications
[*]Scan for potentially unsafe applications
[*]Enable Anti-Stealth Technology
[*]Click on Start and wait for the virus signature database to update.
[*]The online scan will begin automatically and can take several hours.
[*]Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
[*]After the Scan finishes –
[*]If no threats were found:
[list][*]Put a checkmark in Uninstall application on close.
[*]Close the program and report that nothing was found
[*]If threats were found:
[*]Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
[*]Attach the log file in your next reply.[/list][/list]
Note: Enable your security programs afterwards.

[*]Required Log(s):
[]Malwarebytes’ Anti-Malware Log
[]ESET Scan Log

Regards,
Valinorum

17

I did

18

Remove all of your pirated Adobe Software. This is a white hat site and we do not condone piracy. Failure to comply will deprive you of further assistance.

19

Not specific to Adobe. All pirated software must be removed.

White Hat = Good Guys. We are them. We will not help those who use cracked software. A good case of why pirating software is a horrible idea… ( This happened to a friend. His computer had to be formated.)

His Case

20

Uh that one took some hours of scanning