How to remove windows explorer malware

**dalfish** · 2010-10-27, 06:53

Hi friends,

I got infected with 177 malware items. I just tried to download opensuse11.3 from mirrorackspace.com. So i cleaned the 170 infections with Spybot. When i run the spybot the items now detected are

1 Adobe flash player cookies

2 cache

3 history

4 MS direct3D

5 Windows

6 windows explorer (THis is the one )

The windows explorer is not removed rest of all are removed by spybot Spybot asks for a startup scan. i have done that but the items detected wont show up Instead Spybot windows show 3 detected at the bottom left side. Spybot dialog box say it is resident in the memory. How to remove the no 6 item called the windows explorer

Regards

Dalfish

**tashi** · 2010-10-28, 02:00

Hello dalfish,

Could you copy paste the top of the log showing the items found please.

Best regards.

**dalfish** · 2010-10-29, 03:47

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (1 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Excel\File MRU

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (2 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Word\File MRU

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (28 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Cache (7) (Cache, nothing done)

History: [SBI $49804B54] History (4) (History, nothing done)

Congratulations!: No immediate threats were found. (Status)

This is log that is generated after the scan

Regards

Dalfish

**tashi** · 2010-10-29, 17:41

Hello dalfish,

Please open Spybot Search & Destroy > Help > About and let us know the version of Spybot and the date of last definitions.

Best regards.

**dalfish** · 2010-10-30, 03:54

Dear Tashi,

Spybot search and Destroy1.6.2.46

Definition 27/10/2010

Regards

Ashik

**tashi** · 2010-10-30, 17:15

Hello dalfish,

Please see this FAQ "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) which also includes instructions on posting a preliminary DDS log.

Then start a new topic in the Malware Removal Forum and a volunteer analyst will advise you when available.

Best regards.

Thread: How to remove windows explorer malware

Thread Tools

Display

How to remove windows explorer malware

The log that you requested

Definition information and spybot version

Tags for this Thread

Posting Permissions