file exphard.exe memory hog, help

[Guest]

My computer's been real, real slow. ctrl/alt/del, then process tab yields
the file exphard.exe is utlizing like 50mb-70mb (floating around) of ram.

I chose to 'end process' (selected the file) and the pc is back to normal
speed.

I recently tried to install XP sp2 (ordered the cd from MS) and was
unsuccessful. It didn't complete the install and the computer attempted to
do an undelete and restore. Wondering if this file has something to do w/ XP
sp2.

I searched google and it brought back nothing via exphard or exphard.exe
word search.

I searched my pc for the file and this is what it returned.
name: exphard.exe-07DDE2B4.pf
in folder: c:\windows\prefetch
size: 54kb
type file: pf file.

anyone have a clue why this file is active and eating up so much memory?

 

[Wesley Vogel]

Search for exphard.exe again, only set for...

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;302347

exphard.exe-07DDE2B4.pf in c:\windows\prefetch means it was there at one
time.

When you find exphard.exe, right click, Properties, check all tabs for info.

Most likely a virus or scumware. Update your anti virus software and do a
full system scan.

Free online virus scans:

Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php

Get Your AVG for free!
http://www.grisoft.com/us/us_dwnl_free.php

 

[Rick \Nutcase\ Rogers]

Hi,

It's a trojan, delete the one in the prefetch folder, then follow these
"relatively" simple removal steps:

Restart in Safe mode by hitting F8 as Windows first begins to load on boot.
Logon as administrator.

Start/search/files and folders, look for <filename> and delete it wherever
it is found.

Start/run regedit, expand the + signs to look under these keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Look in the right hand pane for the string or strings that load that file.
Delete just those strings that contain the reference. Do not delete other
strings or the keys from the left pane. Close the registry editor when
completed, make sure you check all strings.

Go to the Control Panel/System/System Restore tab. Check the box to "Turn
off system restore on all drives". Click apply/ok. This will remove all
restore points, however you don't want them back as some or all of them will
contain the virus depending upon how recently you got infected.

Restart the system normally. Go back to the Control Panel/System and restart
System Restore.

Update your antivirus software, run a full system scan.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Guest]

Rick,
This is what I did last night. I searched and read about the Windows
prefetch folder and decided to delete the full contents of the folder. I
then cleaned out my recycle bin. I then downloaded Ad-adaware SE. I was
running version 6.0 and man what a difference. It ID'd many more items as
compared to version 6.0. It took two complete scans and reboots (first scan
took 25 minutes) to clean-up everything that Ad-aware SE identified. I then
used live update and refreshed my NAV 2004 virus definitions. I plan to do a
full scan w/ NAV today whenI get home. Then run defrag.

Ae you sure this exphard.exe file is a virus? Can I confirm this at
Symantec or another site?

thanks, Pat