Explorer.exe Help!!

[Candace Sparks]

The CPU on a client's computer is running at 100%. I checked processes
running, and see that is explorer.exe. I have checked for solutions on the
Internet, but have not been able to solve the problem. I disabled
everything in the startup.

Thank you for your help in advance!

Candace Sparks

 

[Bjarke Andersen]

The CPU on a client's computer is running at 100%. I checked
processes running, and see that is explorer.exe. I have checked for
solutions on the Internet, but have not been able to solve the
problem. I disabled everything in the startup.

Use Process Explorer to find which process or thread who utilize the CPU.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

 

[Candace Sparks]

I ran the process explorer program and find that the thread causing the
problems is a file wsil32.dll. I have tried to delete the file, and am
unable to. Trend Micro finds it infected with a trojan, but does not do
anything with it.

I can kill the process, but the minute I go out on the Internet it starts up
again.

 

[Malke]

I ran the process explorer program and find that the thread causing the
problems is a file wsil32.dll. I have tried to delete the file, and am
unable to. Trend Micro finds it infected with a trojan, but does not do
anything with it.

I can kill the process, but the minute I go out on the Internet it starts
up again.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
- download site

The site is in German but David's tool is in English so don't let that worry
you. Scroll all the way down to almost the bottom of the page and you'll
see a box titled "Infos Zum Download - Multi-AV Scanning Tool". You'll see
"Download von www pctipp.ch" and the live link to download Multi_AV.

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Not all tools used will work in Vista and you will need to run them
elevated. If you are unable to remove the infection by following the
general steps, register at one of the HijackThis forums as suggested.

Malke

 

[Elmo]

I ran the process explorer program and find that the thread causing the
problems is a file wsil32.dll. I have tried to delete the file, and am
unable to. Trend Micro finds it infected with a trojan, but does not do
anything with it.

I can kill the process, but the minute I go out on the Internet it starts up
again.

See if there's a reference to it in the registry. If so, delete it,
restart in Safe Mode and run a malware scan.

Click Start, Run, type REGEDIT, click OK. Press the Home key, press F3,
type the name of the file into the search pane. Click "Find Next", and
when located, delete the reference to the file. Press F3 to continue
the search.

You can click File, Export, and save the entry to the Desktop. If you
remove it and there's a problem, double-click the .reg file you exported
to the Desktop and it'll be added to the registry again. You can create
a restore point before editing the registry too.

Try one of these Virus Removal Tools:

Avast! One tool for any current virus
http://www.avast.com/eng/avast-virus-cleaner.html

Symantec Virus Removal Tools
http://www.symantec.com/business/security_response/removaltools.jsp

F-Secure Virus Removal Tools
http://www.f-secure.com/download-purchase/tools.shtml

Kaspersky Virus Removal Tools
http://www.kaspersky.com/removaltools