Windows – Multiple explorer.exe processes consuming large amounts of memory

anti-virusviruswindowswindows 7

I'm pretty sure my laptop has been infected with a virus but I can't identify it or remove it.

Symptoms:

  • Multiple explorer.exe processes being spawned some consuming lots of memory
    enter image description here

  • When I launch IE the history shows lots of sites/pages I've never visited.
    enter image description here

  • When I shutdown I see flashes of images that look like they are from web sites filled with ads.

I'm guessing the background explorer.exe process are visiting sites to either increase views or click-thrus and to make it look like it's coming from different computers.

What I've tried:

  • Downloaded CCleaner and remove temp internet files, etc
  • Downloaded and run multiple anti-virus programs including McAfee, AVG, Malwarebytes and Ad-aware
    • Scans have been run in both normal Windows and safe-mode.
    • Most of the AV programs haven't found much. Mostly bad cookies which I think are related to the hidden browsing going on.
    • AVG did find an HTML/Framer and Java/Downloader virus on first run but claimed it cleaned it and then ran clean on the next runs.

  • I can end the explorer.exe process from Task Manager but new spawn again. If delete all explorer.exe process then eventually I hit the real one and the task bar, etc goes away.

    • I've also download Process Explorer to try and find the parent process but the parent looks like the system process:
      enter image description here

I am reaching the point where I think a clean install is my only option but hoped there is an solution to remove this without resorting to that.

Best Answer

You may need to try the Combofix tool next. It's a very powerful tool, so make sure you have backups of your important data. It works on Windows XP, Vista, 7 and 8; make sure you run it as an Administrator though. This tool goes through many more checks than typical anti virus programs

DISCLAIMER: I only use this product, I do not help develop it or receive compensation for telling others of its use. It works well for me, so I am offering it as a possible solution.

Related Question