Explorer.exe Help!!

[Guest Candace Sparks]

The CPU on a client's computer is running at 100%. I checked processes

running, and see that is explorer.exe. I have checked for solutions on the

Internet, but have not been able to solve the problem. I disabled

everything in the startup.

 

Thank you for your help in advance!

 

Candace Sparks

[Guest Bjarke Andersen]

Re: Explorer.exe Help!!

 

"Candace Sparks" <consultants1@comcast.net> crashed Echelon writing

news:XMidnddn9poPginanZ2dnUVZ_hqdnZ2d@comcast.com:

> The CPU on a client's computer is running at 100%. I checked

> processes running, and see that is explorer.exe. I have checked for

> solutions on the Internet, but have not been able to solve the

> problem. I disabled everything in the startup.

 

Use Process Explorer to find which process or thread who utilize the CPU.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

 

--

Bjarke Andersen

[Guest Candace Sparks]

Re: Explorer.exe Help!!

 

I ran the process explorer program and find that the thread causing the

problems is a file wsil32.dll. I have tried to delete the file, and am

unable to. Trend Micro finds it infected with a trojan, but does not do

anything with it.

 

I can kill the process, but the minute I go out on the Internet it starts up

again.

 

 

"Bjarke Andersen" <bjarke.andersen@gmail.com> wrote in message

news:Xns9A4484DB85B06bjoegdk@207.46.248.16...

> "Candace Sparks" <consultants1@comcast.net> crashed Echelon writing

> news:XMidnddn9poPginanZ2dnUVZ_hqdnZ2d@comcast.com:

>

>> The CPU on a client's computer is running at 100%. I checked

>> processes running, and see that is explorer.exe. I have checked for

>> solutions on the Internet, but have not been able to solve the

>> problem. I disabled everything in the startup.

>

> Use Process Explorer to find which process or thread who utilize the CPU.

> http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

>

> --

> Bjarke Andersen

[Guest Malke]

Re: Explorer.exe Help!!

 

Candace Sparks wrote:

> I ran the process explorer program and find that the thread causing the

> problems is a file wsil32.dll. I have tried to delete the file, and am

> unable to. Trend Micro finds it infected with a trojan, but does not do

> anything with it.

>

> I can kill the process, but the minute I go out on the Internet it starts

> up again.

 

Go through these general malware removal steps systematically -

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

Include scanning with David Lipman's Multi_AV and follow instructions to do

all scans in Safe Mode. Please see the special Notes regarding using

Multi_AV in Vista.

 

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html

- download site

 

The site is in German but David's tool is in English so don't let that worry

you. Scroll all the way down to almost the bottom of the page and you'll

see a box titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see

"Download von www pctipp.ch" and the live link to download Multi_AV.

 

You can also check to see if there are targeted removal steps for your

malware here:

Bleeping Computer removal how-to's -

http://www.bleepingcomputer.com/forums/forum55.html

 

When all else fails, run HijackThis and post your log in one of the

specialty forums listed at the first link above (not here, please).

 

Not all tools used will work in Vista and you will need to run them

elevated. If you are unable to remove the infection by following the

general steps, register at one of the HijackThis forums as suggested.

 

Malke

--

MS-MVP

Elephant Boy Computers

http://www.elephantboycomputers.com

Don't Panic!

[Guest Elmo]

Re: Explorer.exe Help!!

 

Candace Sparks wrote:

> I ran the process explorer program and find that the thread causing the

> problems is a file wsil32.dll. I have tried to delete the file, and am

> unable to. Trend Micro finds it infected with a trojan, but does not do

> anything with it.

>

> I can kill the process, but the minute I go out on the Internet it starts up

> again.

>

>

> "Bjarke Andersen" <bjarke.andersen@gmail.com> wrote in message

> news:Xns9A4484DB85B06bjoegdk@207.46.248.16...

>> "Candace Sparks" <consultants1@comcast.net> crashed Echelon writing

>> news:XMidnddn9poPginanZ2dnUVZ_hqdnZ2d@comcast.com:

>>

>>> The CPU on a client's computer is running at 100%. I checked

>>> processes running, and see that is explorer.exe. I have checked for

>>> solutions on the Internet, but have not been able to solve the

>>> problem. I disabled everything in the startup.

>> Use Process Explorer to find which process or thread who utilize the CPU.

>> http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

 

See if there's a reference to it in the registry. If so, delete it,

restart in Safe Mode and run a malware scan.

 

Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,

type the name of the file into the search pane. Click "Find Next", and

when located, delete the reference to the file. Press F3 to continue

the search.

 

You can click File, Export, and save the entry to the Desktop. If you

remove it and there's a problem, double-click the .reg file you exported

to the Desktop and it'll be added to the registry again. You can create

a restore point before editing the registry too.

 

Try one of these Virus Removal Tools:

 

Avast! One tool for any current virus

http://www.avast.com/eng/avast-virus-cleaner.html

 

Symantec Virus Removal Tools

http://www.symantec.com/business/security_response/removaltools.jsp

 

F-Secure Virus Removal Tools

http://www.f-secure.com/download-purchase/tools.shtml

 

Kaspersky Virus Removal Tools

http://www.kaspersky.com/removaltools

 

--

Joe =o)