Discussion in 'Windows 8' started by gonz621, May 12, 2014.
I am just wondering if this file is clean or not.
You need to login to view this posts content.
Too small to be real and has no digital signature. It probably is a virus because why would anyone give such a name to their program and hide it in appdata/roaming out of good intentions...
I would suggest to directly delete that file if you didn't have an extra machine (which isn't connected to any network!) for to test or follow at least the advice of s1ave77!
I would think its a virus. Heck look at all the blue smuggies in the pictures!
So here is the result from virustotal.
Anyone paranoid enough to state: "This virus is so well constructed that it is undetectable!" ?
I have installed Unhackme and it detected explorer.exe.tmp as malicious. Deleting it now using unhackme.
curious what it did to explorer.exe then, if anything
should have looked at your picture first. so the explorer.exe.tmp was probably your original exe and the current was infected, hence scanned the wrong file.
Impossible, explorer.exe is almost 1MB even under windows xp. It contains a lot of bitmaps, and code of course. The file on the pic is 20KB. Also there is no digital signature. It cannot be the original renamed.
Virustotal probably didn't detect it because it's something new. Antivirus software can only detect what is in its database.
Look here I have deleted the file already
yet Unhackme still detected it
. Seems I can't just get rid of it.
Start PC in safe mode and try to remove manually... tried that?
Install Malwarebytes and Make a Full Scan.
Also Check Your Startup Items and Disable you don't need.
Well try on that tomorrow. I have checked my laptop now and there is no explorer.exe.tmp present in the Roaming folder. So the desktop is sure to be infected.
I have numerous "explorer.exe" - different sizes and locations. The first two listed here are in C:\Windows and C:\Windows\SysWOW64 - how do we know which "explorer.exe" the OP is referring to? (Sorry if I missed it).
(At least I have no "explorer.exe.tmp" file).
Because it's in his 'C:\users\appdata\roaming' folder..?
And it's not supposed to be there.
It might be a multi-file crypted exe with the tmp just being the injector and another file being a payload.
If I were you I would definitely backup important files and then start to try to remove it.
Good luck with your continuing efforts; however, please remember the easiest part is getting rid of the malware but the hardest part (of making your PC whole again) is attempting the subsequent repair of all the damage left behind. From my experience, some of those nasties will literally destroy your registry beyond repair so hope for the best and be prepared for the worst.
As a prudent Windows operator, am I expected to roam around my roaming folder, or is that what a good antivirus does? I see "LiveSupport.exe.log" and "regsrv32.exe.log" text files, dated 11/14/2013. That's good, right?