General discussion

I can't shake this virus! (explore.exe)

Hello all. Four days ago I downloaded a p2p-tv program (uusee) which installed like forty viruses on my computer. I scanned with avg, bitdefender, mcafee, and norton (online), and now it doesn't detect any viruses(i scanned in safe mode also) but I still see signs that there are. For starters, I can't use Hijackthis, or run regedit, unless I rename them (i renamed hjt folder to game1 and regedit to game2.exe).I renamed hjt.exe to "awesome.exe".

Secondly, My registry contains [hbservice] explore.exe (not explorer.exe), from which my research states that it is a virus, and no matter how many times I delete it, it comes back. I should state that there is no sign of the actual exe virus though. If I try to uncheck it from startup in msconfig, I get an error saying I don't have administrative rights. Also my computer is still a little slower than it was pre-virus.Can you guys help me? Let me know if you need any more info.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Discussion is locked
Follow
Reply to: I can't shake this virus! (explore.exe)
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: I can't shake this virus! (explore.exe)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
[hbservice] explore.exe

That seems to be a very ugly one Sad

What I suggest you to do is....

Please download Malwarebytes Anti-Malware or alternate download link

* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll


IF it doesn't help, I would suggest posting your HJT log at the Malwarebytes forum > here:

http://www.malwarebytes.org/forums/index.php?s=b8287bdc72bf90a431bf845d0d5ecf92&showforum=7

- Collapse -
Thanks!

Thanks so much for your reply. The program found a ton of malware/trojans (i wonder why adaware/norton/mcafee didn't find anything). I deleted everything, and then went to the registry to delete explore.exe because it hadn't been picked up my the scan, and it hasn't reappeared yet. Thanks again!

- Collapse -
(NT) You Are Welcome - Thanks for posting back :)
- Collapse -
Still one problem

I can run regedit now, but for some reason I still get an access denied error when I try to modify something in msconfig. I wonder if maybe I deleted an important registry key a while back that involved msconfig? Anyway, thanks again.

- Collapse -
msconfig
- Collapse -
2 msconfigs

not sure if this has anything to do with it, but when I search it, i have 2 msconfig.exe's. One in C:\WINDOWS\system32\dllcache and the other in C:\WINDOWS\pchealth\helpctr\binaries.

- Collapse -
Not a problem ...

to have a file with the same name in dllcache. That's what a cache is for!
Check what other files are there and you'll be convinced.

Kees

CNET Forums