Spyware, Viruses, & Security forum

General discussion

I can't shake this virus! (explore.exe)

by cnetboy1 / September 10, 2008 3:29 AM PDT

Hello all. Four days ago I downloaded a p2p-tv program (uusee) which installed like forty viruses on my computer. I scanned with avg, bitdefender, mcafee, and norton (online), and now it doesn't detect any viruses(i scanned in safe mode also) but I still see signs that there are. For starters, I can't use Hijackthis, or run regedit, unless I rename them (i renamed hjt folder to game1 and regedit to game2.exe).I renamed hjt.exe to "awesome.exe".

Secondly, My registry contains [hbservice] explore.exe (not explorer.exe), from which my research states that it is a virus, and no matter how many times I delete it, it comes back. I should state that there is no sign of the actual exe virus though. If I try to uncheck it from startup in msconfig, I get an error saying I don't have administrative rights. Also my computer is still a little slower than it was pre-virus.Can you guys help me? Let me know if you need any more info.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Discussion is locked
You are posting a reply to: I can't shake this virus! (explore.exe)
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: I can't shake this virus! (explore.exe)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
[hbservice] explore.exe
by Marianna Schmudlach / September 10, 2008 4:01 AM PDT

That seems to be a very ugly one Sad

What I suggest you to do is....

Please download Malwarebytes Anti-Malware or alternate download link

* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll


IF it doesn't help, I would suggest posting your HJT log at the Malwarebytes forum > here:

http://www.malwarebytes.org/forums/index.php?s=b8287bdc72bf90a431bf845d0d5ecf92&showforum=7

Collapse -
Thanks!
by cnetboy1 / September 10, 2008 5:35 AM PDT

Thanks so much for your reply. The program found a ton of malware/trojans (i wonder why adaware/norton/mcafee didn't find anything). I deleted everything, and then went to the registry to delete explore.exe because it hadn't been picked up my the scan, and it hasn't reappeared yet. Thanks again!

Collapse -
(NT) You Are Welcome - Thanks for posting back :)
by Marianna Schmudlach / September 10, 2008 5:37 AM PDT
In reply to: Thanks!
Collapse -
Still one problem
by cnetboy1 / September 10, 2008 5:40 AM PDT

I can run regedit now, but for some reason I still get an access denied error when I try to modify something in msconfig. I wonder if maybe I deleted an important registry key a while back that involved msconfig? Anyway, thanks again.

Collapse -
msconfig
by Marianna Schmudlach / September 10, 2008 5:49 AM PDT
In reply to: Still one problem
Collapse -
2 msconfigs
by cnetboy1 / September 10, 2008 6:51 AM PDT
In reply to: msconfig

not sure if this has anything to do with it, but when I search it, i have 2 msconfig.exe's. One in C:\WINDOWS\system32\dllcache and the other in C:\WINDOWS\pchealth\helpctr\binaries.

Collapse -
Not a problem ...
by Kees Bakker / September 10, 2008 6:58 AM PDT
In reply to: 2 msconfigs

to have a file with the same name in dllcache. That's what a cache is for!
Check what other files are there and you'll be convinced.

Kees

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?