Question

Locked

Infected by explorer.exe and xmss.exe that will affect start-up/auto play p

By jaomadn ·
hi about this explorer.exe and xmss that exe is this normal in my system

Few days fast when my S&amp tea timer detected this two .exe file that will write to the registry entry when i used my friend USB flashdrive i permanently block by remembering or putting in the blacklist but this two will be really want to write in the registry and it is very anoying because the tea timer will pop-up everysecond or keep on pop up in the top of all windows since i block it in the block list.i search this two file and delete it in my system and solve the problem but have some undesired result because my system had lost the start-up when something put in like USB flash drive or DVD and CD, the autoplay has dis able i look and done already in the hardware and enable the autoplay but still doesn,t work hope you can help me,

and in few days i used again the USB but not the same is used before but this one also infected since antivirus detected some of them. and this two problem again happens. and i noticed that the startup or autoplay is ok if this two file is my system but i know that this two files is infected since my taskmenu is disable i cannot open it, my regedit in the run command has gone and others *.msc config in the run command in the start menu has malfunctioning.
i already send this two files in S&amp detection group since i installed there program but the say it is a startup program.Trend micro, S&D, Superantispyware did't detect this two file has problem.i installed reganylizer and found this two file in the reg. at winlogon dir.

is ther someone know or happen to them i know how to solved this problem

hope someone help..

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Answers

Collapse -

Some links that will help

by seanferd In reply to Infected by explorer.exe ...

http://ensilage.blogspot.com/2008/01/remove-xmssexe-and-funny-ust.html
<br><br>
http://www.5starsupport.com/ipboard/lofiversion/index.php?t9137.html
<br><br>
http://www.trustedsource.org/TS?do=threats&subdo=malware_threat&id=840057
<br><br>
http://greatis.com/unhackme/
<br><br>
Search the net for trojan removal tools. You have been infected. Do not use your infected computer or USB drives. Do not put another USB drive into your computer, it will become infected as well. Disconnect your computer from your network connections and leave it disconnected until it is fixed. You most likely will be going to be re-formatting your hard drive and USB drives. Back up (just copy) your personal files from your hard drive to a CD if you can. You will need to scan the CD for malware later.

Good luck to you.

Collapse -

my problem

by jaomadn In reply to Some links that will help

before this happen my DVD and USB flashdrive is ok to autoplay and the regedit and taskmngr is ok to open.but when i used this usb that write in the registry with explorer.exe and xmss.exe i didn't allow it. and will keep on writing but since i blocked it with tea timer.it always popup says want to write in the registry every second.because of this popup i allow this two process and i noticed that the regedit in the run command is malfunction and also the taskmngr doesn't display or open so i suspect this two was the cause.i have question also is this two process is a valid for the XP system.

Collapse -

Here you go

by seanferd In reply to my problem

Explorer.exe is a normal process <i> on an uninfected computer. </i> However, your computer's behavior and the presence of xmss.exe indicate an infection. In this case, explorer.exe is part of the infection.<br><br>

You can try to recover using information from the website listed below, and also refer to my previous post. The thing is, it might be easier to re-format the drive and re-install Windows.

<br><br>
Links below: The fist will tell you about the infection. The second link is the Sophos home page. Visit this site.
<br><br>
http://www.sophos.com/virusinfo/analyses/w32sdbotdiq.html
<br><br>
http://www.sophos.com/
<br><br>

After the infection is removed from the hard drive (either through re-format and re-install, or by an anti-malware product that is able to kill the infection) <i> make sure to follow the instructions at the following site exactly. </i> <br>
http://ensilage.blogspot.com/2008/01/remove-xmssexe-and-funny-ust.html
<br><br>
<b> I cannot stress enough that you should not use your usb flash drive in any computer until it has been disenfected. </b>
<br><br>
Good luck. I hope this helps. Again, post back if you need to. <br><br>
P.S.: Just Google xmss.exe to see what I am talking about. <br><br>

edit: See also the site listed in Dumphrey's post below. There is a lot of stuff there that can help (info and programs) if you choose to remove the infection rather than re-format and re-install.

Collapse -

Hi Jao, a lot of content

by ComputerCookie In reply to Infected by explorer.exe ...

but not sure what your problem is.

Tea Timer is very strict, I would only use it on a PC where the users could not be trusted. Even wants you to stop reading newspapers online.

Haven't used it recently, so not sure what new features that Spybot S&amp have included.

I would try to restore from a "System Restore Point".

If that fails to achieve your outcome I'd post back to this question.

Collapse -

If that doesn't work I'd

by ComputerCookie In reply to Hi Jao, a lot of content

considerer backup and reformat.

Then you shpould be able to restore you files safely after a scan.

Collapse -

Well, if it isn't an infection

by seanferd In reply to Hi Jao, a lot of content

You need to re-enable auto-insert notification for the drives. Otherwise, just open them in Explorer.

It sounded like Jao was certain of infection, and explorer.exe and xmss.exe are common infection files for several trojans. Sorry if I am jumping the gun here.

If the system is slow or having other issues, I would expect infection. Explorer writing to registry is normal, especially when inserting a CD or flash drive, but if there are other issues, you may be infected. Look for files with odd names in Windows and System32 directories. Make sure you have Show All Files/ Show Hidden Files set in View > Filetypes.

Do an internet search for explorer.exe xmss.exe to see what I am talking about. Various oddly named files installed by trojans (e.g. I Like You/ scandal) are listed at some websites. Check them out.

Collapse -

Also sysinternals

by Dumphrey In reply to Well, if it isn't an infe ...

Autoruns can be a big help.
Watch the video at the bottom of the page for some decent tips on locating and removing suspecious processes.
http://www.microsoft.com/technet/sysinternals/Security/Autoruns.mspx

Collapse -

thanks for the reply guys

by jaomadn In reply to Infected by explorer.exe ...

hi all thanks for the reply
what i did in this problem as you said i was really affected with malware i installed a norton and scan and clean the trojans that cause by it i forget the name of that virus and now it is working fine.. but i think there a side effect of it the auto play of the USB and External drive it not working but all external can be detected in the my computer. i already enable the auto play in the drive property but still doesn't work..
can any one know how to enable the auto play.

Back to Hardware Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums