Is this a virus? (explorer.exe.tmp)

Discussion in 'Windows 8' started by gonz621, May 12, 2014.

  1. gonz621

    gonz621 MDL Junior Member

    Nov 15, 2012
    85
    11
    0
    #1 gonz621, May 12, 2014
    Last edited: May 12, 2014
    I am just wondering if this file is clean or not.
    t1.JPG t2.JPG t3.JPG
     
  2. s1ave77

    s1ave77 MDL Guide Dog/Dev

    Aug 15, 2012
    15,343
    21,419
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. eydee

    eydee Guest

    Too small to be real and has no digital signature. It probably is a virus because why would anyone give such a name to their program and hide it in appdata/roaming out of good intentions...
     
  4. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,861
    2,029
    210
    I would suggest to directly delete that file if you didn't have an extra machine (which isn't connected to any network!) for to test or follow at least the advice of s1ave77!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,730
    6,673
    270
    I would think its a virus. Heck look at all the blue smuggies in the pictures!
     
  6. gonz621

    gonz621 MDL Junior Member

    Nov 15, 2012
    85
    11
    0
    So here is the result from virustotal.
    t4.JPG
     
  7. Leslie_Coffelt

    Leslie_Coffelt MDL Member

    Feb 6, 2014
    135
    37
    10
    Anyone paranoid enough to state: "This virus is so well constructed that it is undetectable!" ? :)
     
  8. gonz621

    gonz621 MDL Junior Member

    Nov 15, 2012
    85
    11
    0
    I have installed Unhackme and it detected explorer.exe.tmp as malicious. Deleting it now using unhackme.
    r1.JPG
     
  9. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,730
    6,673
    270
    curious what it did to explorer.exe then, if anything

    should have looked at your picture first. so the explorer.exe.tmp was probably your original exe and the current was infected, hence scanned the wrong file.
     
  10. eydee

    eydee Guest

    Impossible, explorer.exe is almost 1MB even under windows xp. It contains a lot of bitmaps, and code of course. The file on the pic is 20KB. Also there is no digital signature. It cannot be the original renamed.

    Virustotal probably didn't detect it because it's something new. Antivirus software can only detect what is in its database.
     
  11. gonz621

    gonz621 MDL Junior Member

    Nov 15, 2012
    85
    11
    0
    #12 gonz621, May 12, 2014
    Last edited: May 12, 2014
    (OP)
    Look here I have deleted the file already r2.JPG yet Unhackme still detected it r3.JPG . Seems I can't just get rid of it.
     
  12. Evides

    Evides MDL Member

    Apr 6, 2014
    113
    24
    10
    Start PC in safe mode and try to remove manually... tried that?
     
  13. Asam

    Asam MDL Novice

    Jan 8, 2014
    2
    0
    0
    Install Malwarebytes and Make a Full Scan.
    Also Check Your Startup Items and Disable you don't need.
     
  14. gonz621

    gonz621 MDL Junior Member

    Nov 15, 2012
    85
    11
    0
    Well try on that tomorrow. I have checked my laptop now and there is no explorer.exe.tmp present in the Roaming folder. So the desktop is sure to be infected.
     
  15. Leslie_Coffelt

    Leslie_Coffelt MDL Member

    Feb 6, 2014
    135
    37
    10
    #16 Leslie_Coffelt, May 12, 2014
    Last edited: May 12, 2014
    I have numerous "explorer.exe" - different sizes and locations. The first two listed here are in C:\Windows and C:\Windows\SysWOW64 - how do we know which "explorer.exe" the OP is referring to? (Sorry if I missed it).

    (At least I have no "explorer.exe.tmp" file).
     

    Attached Files:

  16. Evides

    Evides MDL Member

    Apr 6, 2014
    113
    24
    10
    #17 Evides, May 12, 2014
    Last edited: May 12, 2014
    Because it's in his 'C:\users\appdata\roaming' folder..?
    And it's not supposed to be there.
     
  17. murphy78

    murphy78 MDL DISM Enthusiast

    Nov 18, 2012
    6,680
    10,126
    210
    It might be a multi-file crypted exe with the tmp just being the injector and another file being a payload.
    If I were you I would definitely backup important files and then start to try to remove it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. my2cents

    my2cents Guest

    Good luck with your continuing efforts; however, please remember the easiest part is getting rid of the malware but the hardest part (of making your PC whole again) is attempting the subsequent repair of all the damage left behind. From my experience, some of those nasties will literally destroy your registry beyond repair so hope for the best and be prepared for the worst.
     
  19. Ming_the_Merciless

    Ming_the_Merciless MDL Member

    Feb 7, 2014
    139
    48
    10
    As a prudent Windows operator, am I expected to roam around my roaming folder, or is that what a good antivirus does? I see "LiveSupport.exe.log" and "regsrv32.exe.log" text files, dated 11/14/2013. That's good, right?