explorer.exe using 100% cpu

I am sorry Dave, I have been trying to find the log for an hour and I have no Idea where it was saved. If you have any idea that would be helpful.

I opened the program again and found where to look in the settings. There are several files though, so I am going to attach a zip folder with all the .txt files from last night.

I went through some of it, and I also found a windows log while searching. The windows log had warnings starting on the 23rd about a proxy, but most of the rest I didn't understand. These logs from last night showed a bunch of registry key warnings but that was all i really got out of it.

Download this file: ZbotKiller.zip

Save it to your Desktop. Right-click on it, and click Extract All...

Follow the prompts to get it saved to your Desktop.

There should be a new folder called ZBOTKiller on your Desktop that is not zipped.

Then, open Notepad and enter in the following:



Then, click File > Save as...

In the file name box, enter in zbotkiller.bat

Choose Save as type... All Files.

The location will be the new ZBOTKiller folder located on your Desktop.

Once you have it saved correctly, exit Notepad.

Go to the new ZBOTKiller folder and double-click on ZBOTKiller.bat

It will create a log. Please post the log in your next reply.

I tried to break it up in half and then quarters and then thought maybe I will just attach it.

Any change?

I don't know for sure. I haven't seen the explorer.exe multiplying like it was, but I downloaded Avast free adition and installed it since I uninstalled Avira because I couldn't turn it off and the scans I was running were complaining.

So I know I'm only supposed to do what you tell me, but you did say I need to have an antivirus, so when I installed Avast it doesn't even ask it just runs a scan. When it finished it asked what to do with the corrupt or infected files and I said fix or send to chest. But while it was fixing it I got oh maybe 165 little boxes that says Threat Detected
url//mini-max/b/opt/thensomething that looks like a sessionID
And it says it's comming from explorer.exe

there were other urls I didn't write them all down yet that was just the last one that I saw, the first one was vine-ripe.com/b/opt/ID

After Avast restarted the computer it ran a system scan that took like 5 hours and it then asked me the same question and I picked the same solution, if you can't fix then send to chest. When the computer did finally start it is giving me the same alerts.

Ok, download and install MSE from MS and try running a scan with that AV and we'll see what turns up.

Avast actually just found Boot:Cidox-A, and it says severe by it. When I tried to move to the chest it says action not supported.

Let's see what MSE does with it.

I am going to have to wait on it, I left the window open on Avast to wait for your next response and when I went back there was a new window that said it recommend removing it immediately and rerunning the system scan to make sure it was removed. It took a few hours the first time, so when it is finished if it is still giving me the alerts I will try it.

After everything finished last night the threat was still coming up, so I downloaded MSE and turned off all active monitoring with Avast and installed MSE. It got through the install process and I got into the security center and turned everything on and it said that my MSE was outdated and recommended that I update it? So I hit update and I guess it was getting all the new definitions and about 5 minutes later the computer crashed. The screen turned black and a message came up that said explorer.exe was not running restart or go online to find a solution. I restarted and tried to get back in to try to fix things but I seemed to have pissed off this virus because it is multiplying in my task manager at a more rapid pace than before. I didn't have time to play with it this morning because I have to go work. I did see other manual removal procedures online when I was trying to find out more about this virus, most said try at your own risk though.

I did see other manual removal procedures online when I was trying to find out more about this virus, most said try at your own risk though..

Most of those other removal procedures involves download another tool which will probably more matters worse.

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

When you say uninterrupted do you mean don't touch the computer, or I should stop the process of the extra .exe's that crash the computer. When I had Avast running it blocked the exe's but MSE doesn't do anything. I didn't see where your turn off MSE so that I can turn Avast back on. Sorry, I don't know Windows very well, I've been on a Mac for 8 years.

SuperDave, I tried running that program last night without interrupting and after 4 hours I shut it down, and then I did the unthinkable. I broke our agreement, well not immediately after, first I tried running mbar again since Avast was recognizing it, and it did say there were 2 sector problems but after clean up it was still the same. Then the unthinkable, I down loaded tdsskiller and ran it, and it took 59 seconds to run and find the problem and about the same to delete it. It then restarted the computer and ran a system scan and came back clean. Funny thing though, after it was done MSE recognized this program as a virus and recommended I remove it immediately. So I either made things much worse, or MSE only recognizes cures as a virus. Either way, the exe has not multiplied, I turned Avast back on and it hasn't had an alert, and I am now rerunning the Tweaking fixit tool to fix my registry again. I am sorry if this is disappointing or if I wasted your time, but it's been 8 days of sharing my computer with my wife and it was either that or divorce. Not really, I was going to replace windows with some Linux system, but thank you again for all of your effort, and if you know anything bad that I did I would love to hear back, or if you didn't know about this other program and it is a help to you in your quest to free the Gate's followers from infection.

I didn't see where your turn off MSE so that I can turn Avast back on.

Open MSE, click on Settings and then click on RealTime Protection and you can turn it off there.

after it was done MSE recognized this program as a virus and recommended I remove it immediately. So I either made things much worse, or MSE only recognizes cures as a virus.

No, that's not unusual for an AV to recognize a cleaning program as malicious.

I am sorry if this is disappointing or if I wasted your time, but it's been 8 days of sharing my computer with my wife and it was either that or divorce.

That's not a problem. I hope that TDSSKiller did the job. That's the one I was going to try next. Give it a few days and let me know how things are.

I haven't looked at it since this morning, but after writing my last post I finished the tweaking tool and when rebooting it took a very long time to load. It isn't the fastest laptop being 4+ years old, but it was unusually slow from password page to load the user page. I am glad that I was just a step ahead. Is there some where that I can see what processes windows needs to have running and which ones I can work on taking out of the startup.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

Hey SuperDave, so just an update, I ran startuplite and it stopped a few processes but not too many. The computer was still too slow, more than likely corrupt files or something from the virus, and I wasn't going to spend another week trying to fix it. I wiped the drive and put Kubuntu on the computer, which surprisingly is very "windows" like, but doesn't come with the same problems I guess. The problem now is to teach my wife how to handle formats, and find programs to replace the ones she lost with her vista machine. But the computer runs like new now, and there is a much better chance that it will last long enough to save up for a new one.

On another note, I noticed that when you run these linux systems in trial mode it runs off the disc/usb drive, yet you can still access the stuff in the windows system. When I realized that I wondered why someone doesn't build a virus killer in with a linux distro that can run from a flash drive (for persistence). Since the viruses that infect windows doesn't seem to do anything to linux, if it were possible to do then you wouldn't be battling against a virus that is trying to protect itself. Just a thought, I don't know that much about how these things work, but if it were possible then it could make life easier for people like you that have to put up with people like me.

PS. If you take this idea and make millions make sure to remember the little guy!

PS. If you take this idea and make millions make sure to remember the little guy!.

We do have a few Linux based recovery systems and I'm sure that the big AV companies have looked at such things. I'm glad you have your computer up and running. Good luck!