[Merged] False Positive...explorer.exe?, Worm.Win32.Huhk.c Options

[Kilauea]

Just copy explorer.exe to C:\windows and restart.


Kilauea

[win32]

Just copy explorer.exe to C:\windows and restart.
Kilauea

Thanks! Could you send it to me please?

[Kilauea]

Which operating system are you using. Or,you can find a copy of it on your installation-cd of windows.


Kilauea

[win32]

WIndows XP, thanks. If you have it at hand, cause I am currently away from home and cannot access my installation disk..

[Kilauea]

I hope that this works. I am not allowed to upload an exe file here.

Please send me a PN with your Mailadress, you get a explorer.exe from a fully patched xp professional german


Kilauea

[win32]

I hope that this works. I am not allowed to upload an exe file here.

Please send me a PN with your Mailadress, you get a explorer.exe from a fully patched xp professional german
Kilauea

Just send a PN with my address...thanks hope it works!

[Kilauea]

And here is a link, too.
http://rapidshare.de/files/38090140/explorer.exe.html


Kilauea

[MrD]

Ok I got the "worm.win32.huhk.c" 15 min ago..

KIS 6, deleted two files to the backup:

c:\windows\explorer.exe
and
explorer.exe\Explorer.EXE

I did a restore for c:\windows\explorer.exe
KIS then told me that explorer.exe had changed, so I clicked "Allow"

Why did it change, if it was only a false positive??
Then I did a signature update and now Im running a scan...

I can't restore explorer.exe\Explorer.EXE
What's this and do I need it?

[Kilauea]

If you restore the explorere.exe from the backup, make sure that the directory is -> C:\windows

customise C: if C: is not your systempartition.


Kilauea

[Baz^^]

Hi,

If you have your taskbar, and the desktop is not blank, then it seems explorer is alread in it's rightful place.

Check if one is present in C:\windows\explorer.exe

[Baz^^]

Hi,

I assume you already have read this thread: http://forum.kaspersky.com/index.php?showtopic=55669


It was unfortunately a false positive

[MrD]

If you restore the explorere.exe from the backup, make sure that the directory is -> C:\windows

customise C: if C: is not your systempartition.
Kilauea

Yes I understand that, as I wrote, KIS was succesful in restoring the first file to c:\windows

But the second file is not from i directory.. it follows an exe-file
explorer.exe\Explorer.EXE

To my knowledge there should not be a file named "Explorer.EXE" with capital letters from a Windows XP install.
I dont understand where this file came from?

[Baz^^]

Hi, thats fine, no need to restore it.


the explorer.exe\Explorer.exe, is the same file as C:\windows\explorer.exe, but it was a running module at the time, which is why Kaspersky has not specified a location. As long as you have restored the one in C:\Windows, you should be fine.

[Cnon]

Hi,

I assume you already have read this thread: http://forum.kaspersky.com/index.php?showtopic=55669
It was unfortunately a false positive

Oh yes and I'm okey dokey now.

[GAtkinson]

I currently have a systen running as I copied another explorer.exe to the C:\windows directory on my damaged system
Needless to say I want the original back.

Unfortuneately Kaspersky/Backup/Restore does not complete the restore and gives me an access denied message for the file when I do try to restore it.

Please confirm this is going to be fixed with the imminent fix or how I can get hold of that original explorer.exe/get kaspersky to release it by other means....

[Baz^^]

Hi,


I think that is because windows will not allow you to replace the explorer.exe already in place there on top of another explorer.exe.

You can try to rename the explorer.exe in place now, or move it to another location and then use the method i discribed to get the original back in place.

[Baz^^]

Animated FAQ of my fix, now available on Kaspersky Website:

http://support.kaspersky.com/viruses/computers?qid=208279581

[win32]

I currently have a systen running as I copied another explorer.exe to the C:\windows directory on my damaged system
Needless to say I want the original back.

Unfortuneately Kaspersky/Backup/Restore does not complete the restore and gives me an access denied message for the file when I do try to restore it.

Please confirm this is going to be fixed with the imminent fix or how I can get hold of that original explorer.exe/get kaspersky to release it by other means....

Hi!

Had the same problem. See the post #147 adn download the explorer.exe from there. Now the system is up and running again with toolbars and everything.

[win32]

Just send a PN with my address...thanks hope it works!

Thanks for your help! I solved the problem.

[rjbsec]

Well I'm glad everyone is happy that everything has been fixed
Last night my laptop reported the Worm32.Huxxx infection with a popup warning me that my PC was infected and prompting me to delete ... it then went on to delete my desktop and corrupt my Acronis Backups on the laptop and associated external USB drive.
My laptop was unuseable and I was unable to restore my backup!
By good fortune I had upgraded my drive a few days ago so I had a 'backup', albeit a few days old, so I am able to continue - without the old drive I would be stuffed.
These events could have been disasterous for me and I would like to know what I can do in order to prevent something like this happening again - I bought and trusted Kaspersky to protect my PC, in fact this week it's probably done more to cause me problems than a virus would have done!