virus in explorer.exe?

ok I have a bit of a long story to get out of the way… I do regular scans on my computer with a few antiviruses spyware/ad ware applications… none of the programs I use detected any problems. (avast, malware bytes, spy-bot search and destroy, ad-aware, Microsoft security essentials) but I ran another program called hitman pro and it detected my explorer.exe to be infected but it didn’t say what the infection is… it doesn’t have much of a log but i can post what it said about it:

http://i757.photobucket.com/albums/xx219/Archon_of_Fate/2011-04-17_2220.png?t=1303093320

I am experiencing no effects at all on my machine it is operating fine with no slow downs or crashes… could this be a false positive?
well there is one effect my libraries folder opens up automatically at startup for some reason…

I just need some advice on how to deal with this threat if it is one.

oh and I have windows 7 64 bit installed if you need to know that…

thank you for any help :smiley:

update

I did a scan with virus total web scanner and it lists: medium risk malware from prevx the company that made hitman pro.


Antivirus	Version	Last    Update	   Result
AhnLab-V3	2011.04.18.00	2011.04.17	-
AntiVir	        7.11.6.147	2011.04.18	-
Antiy-AVL	2.0.3.7	        2011.04.17	-
Avast	        4.8.1351.0	2011.04.17	-
Avast5	        5.0.677.0	2011.04.17	-
AVG	        10.0.0.1190	2011.04.17	-
BitDefender	7.2	        2011.04.18	-
CAT-QuickHeal	11.00	        2011.04.17	-
ClamAV	        0.97.0.0	2011.04.18	-
Commtouch	5.2.11.5	2011.04.17	-
Comodo	        8380	        2011.04.18	-
DrWeb	        5.0.2.03300	2011.04.18	-
eSafe	        7.0.17.0	2011.04.17	-
eTrust-Vet	36.1.8274	2011.04.15	-
F-Prot	        4.6.2.117	2011.04.17	-
F-Secure	9.0.16440.0	2011.04.18	-
Fortinet	4.2.257.0	2011.04.18	-
GData	        22	        2011.04.18	-
Ikarus	        T3.1.1.103.0	2011.04.18	-
Jiangmin	13.0.900	2011.04.16	-
K7AntiVirus	9.96.4404	2011.04.16	-
Kaspersky	7.0.0.125	2011.04.18	-
McAfee	        5.400.0.1158	2011.04.18	-
McAfee-GW-Edition 2010.1D	2011.04.17	-
Microsoft	1.6702	        2011.04.17	-
NOD32	        6050	        2011.04.18	-
Norman	        6.07.07	        2011.04.17	-
Panda	        10.0.3.5	2011.04.17	-
PCTools	         7.0.3.5	2011.04.17	-
Prevx	        3.0	        2011.04.18	Medium Risk Malware
Rising	        23.53.05.03	2011.04.16	-
Sophos	        4.64.0	        2011.04.17	-
SUPERAntiSpyware 4.40.0.1006	2011.04.16	-
Symantec	20101.3.2.89	2011.04.18	-
TheHacker	6.7.0.1.176	2011.04.17	-
TrendMicro	9.200.0.1012	2011.04.17	-
TrendMicro-HouseCall  9.200.0.1012	2011.04.18	-
VBA32	        3.12.16.0     2011.04.15	-
VIPRE	        9046	      2011.04.18	-
ViRobot	        2011.4.16.4414	2011.04.17	-
VirusBuster	13.6.309.0	2011.04.17	-

I am experiencing no effects at all on my machine it is operating fine with no slow downs or crashes... could this be a false positive?
It may...you can upload the file to Avira and have it analysed http://analysis.avira.com/samples/
(avast, malware bytes, spy-bot search and destroy, ad-aware, Microsoft security essentials)
so you are having 3 virus engines installed....avast. ad-aware with Ikarus AV engine and MSE....not smart having multiple AV engines installed can create all kind of mysterious windows errors and FP detections

Never install two antivirus (see reply from quietman7)
http://www.bleepingcomputer.com/forums/index.php?s=7c8217673a726b92cfc91ecfd4294a29&showtopic=260844&view=findpost&p=1441638

and SpyBot is no good http://forum.avast.com/index.php?topic=75288.0

Oh… I had no idea never encountered an issue so I thought it was fine… I’ll have to fix this thanks :smiley:

I submitted my file and I’ll see what the results are thank you for your help

stick with avast, malwarebytes and superantispyware, that is a great problem free trippel

ok i got super spyware and i like it I got rid of security essentials… I haven’t gottem anyword back yet about my file analysis but ill post the results when I do…

also wouldn’t spybot be good to keep even for the immunize feature? if not are there other preventative programs out there?

I also notice from your signature that you have malware bytes pro is that worth it or should i stick to the free version?

thank you :smiley:

What is super spyware? A rogue? Spy bot is a thing of the past and MBAM free is all you need for on demand scanning once a week.

also wouldn't spybot be good to keep even for the immunize feature? if not are there other preventative programs out there?
there have been some cases where teatimer is conflicting with avast
I also notice from your signature that you have malware bytes pro is that worth it or should i stick to the free version?
yes, i use the PRO version, it has a autoupdate and a protection module with process monitor that will see if malware try to install and also IP block that will block you from entering IP listed as bad The price is a one time fee for a lifetime license

He means SuperAntiSpyware…

I was being facious.

you mean facetious…

The price is a one time fee for a lifetime license

Oh thats cool I thought it was a subscription >.>

and yes I meant super anti spyware :stuck_out_tongue:

you all have been really quick to respond thank you

click the green button http://malwarebytes.org/ :wink:

ok I got it I plan on running a full scan with it after avast completes its… about explorer being infected I doubt it no other program detects it only prevx does and it doesn’t list what type of infection it is so it may just fulfill the conditions all I can really do is wait for the report to be emailed to me from avira all I can do till then is speculate :smiley:

Prevx has a high false positive rate.

ok I got my results back but there is a big problem… um I cannot read any of it T.T

Eine Auflistung der Dateien und Ergebnisse sind im folgenden aufgeführt:
Datei ID	 Dateiname	 Größe (Byte)	Ergebnis
26106712	 explorer.exe	 2.28 MB	 DAMAGED FILE (UNKNOWN)

Genaue Ergebnisse für jede Datei finden sie im folgenden Abschnitt:
 Dateiname	Ergebnis
 explorer.exe	 DAMAGED FILE (UNKNOWN)

Die Datei 'explorer.exe' wurde als 'DAMAGED FILE (UNKNOWN)' eingestuft. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file. 
Alternativ können Sie die Ergebnisse der Analyse hier einsehen:
http://analysis.avira.com/samples/details.php?uniqueid=V0LpZbnjDQMsRVyVE8Djxks7jcT3Dpz5&incidentid=722170

Zusätzlich finden Sie eine Übersicht aller Einsendungen hier:
http://analysis.avira.com/samples/details.php?uniqueid=V0LpZbnjDQMsRVyVE8Djxks7jcT3Dpz5
Hinweis: Bitte wenden Sie sich mit spezifischen Fragen an support@avira.de
Mit besten Grüßen
Avira Virenlabor

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Telefon: +49 (0) 7542-500 0
Telefax: +49 (0) 7542-525 10
Internet: http://www.avira.de

Geschäftsführer: Tjark Auerbach
Firmensitz: Tettnang
Handelsregister: Amtsgericht Ulm HRB 630992
---------------------------------------------

my original submission was in English and my submission email was too but the report for some reason is in German?
anyone able to translate?

update
it identifies my explorer file to be damaged but I’m running it fine so not sure where to go from here…

Seems a false positive.
Prevx to detect more get a lot of false positives.

Your submition was to whom? Which site?
Sorry, got it was Avira. Another false positive winner. Or should I say looser? ;D

If you seem to have a virus attached to Internet Explorer, you’ll want to get rid of it as soon as possible. In addition to the issues that arise with your Internet browsing, it could be doing significant damage behind the scenes.

  • Run Microsoft’s Malicious Software Removal Tool. To do so, click your “Start” menu and open the “Run” dialog. Type “MRT,” then press “Enter.” This application comes preinstalled with Windows 7, Windows Vista, Windows XP, Windows 2000 and Windows Server 2003. If you cannot run or find the repair tool for whatever reason, you’ll have to download a new copy from the link in Resources.
  • Click the “Next” button.
  • Select “Full Scan.” Although this scan takes a bit longer than the default quick scan, it gives a better chance of deleting a virus attached to Internet Explorer.
  • Click the “Next” button. Wait for the program to complete its scan of the infected PC.
  • Follow the prompts to delete the Internet Explorer virus, along with any others it may have downloaded.
  • Click the “Finish” button.
  • Restart your computer.

Always remember that antivirus software is very important to have to protect your computer from harmful virus that could damage the system. Whether it’s Avast or other antivirus like Norton, AVG, McAfee, etc…

Its explorer.exe. NOT iexplorer.exe. Two different things. By chance archonoffate…Are you using any sort of patch for themes? Some patches will replace your original explorer.exe for another one. Be sure that explorer.exe is located in C:\Windows\Explorer.EXE.

thank you for your reply but I should have been more specific it isn’t internet explorer it is explorer.exe in the C:/windows folder and its appears to be a false positive because though avira said the file was damaged it also said it was clean and prevx shows alot of false positive… i’m 90% sure its a false positive unless someone has more to add :smiley:

ummm… Dieselman funny you should mention that I am actually… ^^;

sorry I’m not sure why I didn’t mention this in my op

update
yes it is in c/windows along with a backup of the original that the patcher backed up