How to remove explorer.exe virus?

May 12, 2009 at 10:55:23
Specs: Windows XP, 1 GH / 256 MB
Hi, Guys!

I have a virus in my PC. When I scanned my full Computer by AVG 8.5 Free Edition, then it caught a virus whose name given by AVG is "Trojan horse Generic10.BTM" and also called "explorer.exe". Now virus is removed but when I Double click on any drive (C:, D: etc) then it opens in a new Window and if I do right single click then in menu an anknown language is replaced by "OPEN" command. So I request you to tell me how can I remove that unknown language and can open any drive by Double click?

If anyone knows about that I request him to answer me as soon as possible.


Qasim Ali. .

See More: How to remove explorer.exe virus?

Report •

May 13, 2009 at 02:13:24
1. Click Start > Run.
2. Type regedit
3. Click OK.

Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
4. Navigate to and delete the following entries:


5. Navigate to and delte the following registry subkeys:

* HKEY_CURRENT_USER\Software\mmtest

6. Restore the following registry entries to their original values, if required:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\advanced\folder\hidden\showall\"CheckedValue" = "0"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\[FILE NAME]\"Debugger" = "%System%\wuauc1t.exe"

[FILE NAME] represents any application executable file on the compromised computer, including, but not limited to the following strings:

* 360rpt.EXE
* 360safe.EXE
* 360tray.EXE
* Ast.EXE
* AutoRunKiller.exe
* AvMonitor.EXE
* CCenter.EXE
* Frameworkservice.EXE
* IceSword.EXE
* Iparmor.EXE
* KASARP.exe
* KRegEx.EXE
* KVMonxp.kxp
* Mmsk.EXE
* Navapsvc.EXE
* Nod32kui.EXE
* Regedit.EXE
* VPC32.exe
* VPTRAY.exe
* Wuauclt.EXE

7. Exit the Registry Editor.

Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.

Report •
Related Solutions

Ask Question