How to remove W32 – Explorer.exe
Version: 13.2g
Revision: 122 Build 12c
How to remove W32 – Explorer.exe
Introduction: recently, my computer was attacked by a bunch of spammers. But, guess what? One of the email had an infected attachment. So, I decided to analyze the source and write an article to revert the infection. Anyway, you don’t have to worry… I am testing it on my Virtual Server. Its pretty sealed and protected!
All of my Windows Files and everything else are Fake! These malware are stupid and they are only written by idiots, just to fool your computer and steal your privacy!
Now, if you’re infected with “W32/ExploreZip.pak” virus, then please print this article and disconnect your computer from the internet. After that, you’ll need to take a deep breath and go through this article carefully. But, be careful…
——————————————-
Warning: if you’re on a server, you’ll need to tell your company to shut down all active computers! If you don’t, this infection will spread itself into another computer by LAN connections – mostly, the server’s “Shared Documents”.
Overview: This particular Worm travels, by sending email messages to random users. It drops the file: “explore.exe” and modifies either the “WIN.INI” or modifies the Registry. However, this malware is still active and I am not sure how it comes into my inbox (Gmail). But, the user who sent the attachment, he / she is a very stupid user!
What you’ll need for this procedure…
——————————————–
Notepad++ [http://notepad-plus.sourceforge.net]
1.] Click Start >> Run >> Type: REGEDIT
2.] Wait for the registry to appear and navigate yourself to these locations and look for this registry binary. However, you’ll need to be very careful!
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Notes: if the binaries doesn’t exist, you’ll need to expand “Windows” directories and look into another folder called: Run.
Binary to locate and remove: run=C:\WINNT\System32\Explore.exe
Notes: You’ll need to do the same to these files, if they exist within the registry library.
File Name: explore, zipped_f, zipped_files or _setup
3.] Reboot your computer, then remove the following file: “C:\WINNT\System32\Explore.exe” from your “System32″ Folders.
4.] Repeat Step 3 for “_SETUP.EXE and ZIPPED_FILES.EXE”.
5.] Find this file: “WIN.INI” and remove either of these commands, if they exist.
run=c:\winnt\system32\explore.exe
run=c:\winnt\_setup.exe
6.] Scan your computer with Avira Antivirus or Kaspersky.
After that, just clear computer’s temporary files with CCleaner.
7.] Finish!
Copyrighted By Lair360
