Hello everyone,
I'm new to this forum. First I'd like you to know that I'm an IT specialist...
I've deleted over 1000 Virusses in my life. Most of them manually without the help of a Spy/Virus-scanner (It's always something different and it makes me feel good when I do accomplish deleting it without the use of Scanners)
This is the first time I'm having trouble with one. A customer received a "virus" through e-mail. At first it looked like a PDF (Known file extensions were turned off), So the customer didn't know it was an executable.
So they runned it multiple times wondering why it didn't show up on their screen, but instead they installed it.
As usual I cleaned the mess up. As far as I could see it was gone, because this was my first time seeing this Virus/Spyware I runned MalwareBytes and a full scan with Trend Micro. They found nothing at all... So I assumed it was gone.
A week later they called me telling that the computer was slow. After looking at the CPU usage I noticed that Explorer.exe was always at 15%+...
With procexp (Process Explorer) I took a look at it and noticed the following:
There are no weird stuff loaded with it.
At the Tab "Threads" There is one thread that causes the problem. I can Suspend or Kill it (Everything works fine after this), but it'll come back after restarting explorer.exe (Also the computer).
Is there any way to view the Thread detailed or make it stop from starting?
Start Address:
ntdll.dll!RtlUserThreadStart
Thanks for any help
I'm new to this forum. First I'd like you to know that I'm an IT specialist...
I've deleted over 1000 Virusses in my life. Most of them manually without the help of a Spy/Virus-scanner (It's always something different and it makes me feel good when I do accomplish deleting it without the use of Scanners)
This is the first time I'm having trouble with one. A customer received a "virus" through e-mail. At first it looked like a PDF (Known file extensions were turned off), So the customer didn't know it was an executable.
So they runned it multiple times wondering why it didn't show up on their screen, but instead they installed it.
As usual I cleaned the mess up. As far as I could see it was gone, because this was my first time seeing this Virus/Spyware I runned MalwareBytes and a full scan with Trend Micro. They found nothing at all... So I assumed it was gone.
A week later they called me telling that the computer was slow. After looking at the CPU usage I noticed that Explorer.exe was always at 15%+...
With procexp (Process Explorer) I took a look at it and noticed the following:
There are no weird stuff loaded with it.
At the Tab "Threads" There is one thread that causes the problem. I can Suspend or Kill it (Everything works fine after this), but it'll come back after restarting explorer.exe (Also the computer).
Is there any way to view the Thread detailed or make it stop from starting?
Start Address:
ntdll.dll!RtlUserThreadStart
Thanks for any help