[Merged] False Positive...explorer.exe?, Worm.Win32.Huhk.c Options

[Baz^^]

Word back from viruslab:

Hello, it is a false alarm. Will be fixed in the next update.


--
Best regards, Shvetsov Dmitry
Virus analyst, Kaspersky Lab.

e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

[__d_mode__]

What's the easiest way to get this? Is there a built-in MD5 hash program in Windows, or Kaspersky? If not, where do I get the utility?

TIA

Alan

u can send explorer.exe to virustotal.com for scan,also it says md5 and sh1 hash like that:
http://www.virustotal.com/tr/resultado.htm...28c590feeea87bb

just kaspersky says infected worm

[Baz^^]

If you still have use of the pc, you can restore the explorer.exe from the Kaspersky backup:

http://support.kaspersky.com/faq/?qid=198984858 -Version 6

http://support.kaspersky.com/faq/?qid=208279413 - Version 7

[GAtkinson]

u can send explorer.exe to virustotal.com for scan,also it says md5 and sh1 hash like that:
http://www.virustotal.com/tr/resultado.htm...28c590feeea87bb

just kaspersky says infected worm

===========================================================================

1st post here so apologies if I get the format, appropriacy wrong, etc.

After commiting the Kaspersky delete action against the explorer.exe, I get a blank desktop

Here's how I recovered:

From a blank desktop
Bring up task manager
Select file and run
CMD to the dos prompt
with a usb drive with a good copy of explorer from another machine plugged in
use DOS commands to copy to C:\Windows where it should live
Got my PC back
Will now need to disable Kaspersky until this is fixed

Any timescale on 'the next release' from Kaspersky - this is pretty much a show stopper.

[alanrew]

u can send explorer.exe to virustotal.com for scan,also it says md5 and sh1 hash like that:
http://www.virustotal.com/tr/resultado.htm...28c590feeea87bb

just kaspersky says infected worm

OK, my copy of explorer.exe has the MD5 hash
97bd6515465659ff8f3b7be375b2ea87

Win XP SP2, C:\windows\explorer.exe

Regards

Alan

[Anthony1uk]

I now don't have Explorer running. I'm still trying to figure out how to get that back. If anybody knows how to do that quickly, I'd appreciate a pointer.

Just hold down Control + Alt + Deleate. (This should bring up task manager)

Go to File in the top left then click run.

Type in Explorer.exe

Then click OK.

_______________

I was using the internet all day without worries, turned my PC off for about an hour at 8.45pm. Came back now at 9.45 and got this trojan warning on Explorer.exe too.

I immediately assumed it was a FP but came here to be sure.

This post has been edited by Anthony1uk: 20.12.2007 00:59

[bbk7]

Hello,

I'm having the same problem as Malucarp. The Kaspersky error message shows up on the start up screen. Delete/skip does not work and the computer boots again automatically. Can you please tell me what to do?

Thank you,

[Heathcliff Huxta...]

If you still have use of the pc, you can restore the explorer.exe from the Kaspersky backup:

http://support.kaspersky.com/faq/?qid=198984858 -Version 6

http://support.kaspersky.com/faq/?qid=208279413 - Version 7

Thank you

[Malucarp]

Word back from viruslab:

Thanks very much.

Mike

[kaboro]

After i ran the Kaspersky update today, i got this popping on my screen:

Running module contains virus and cannot be disinfected
Virus:
Worm.Win32.Huhk.c
Running module:
explorer.exe\Explorer.exe

I selected "delete" and a second warning popped up about same virus, selected delete again, after the second delete the PC restarted by itself.
When windows XP restarted, i had no desktop icons and no bottom taskbar anymore, tried restarting in safe mode and got only a black screen.
I accessed kaspersky from the ctrl-alt-del file menu and restored explorer.exe, that made my PC operative again.
Now the scan shows six instances of this Huhk.c worm, here are the locations:

1: detected: virus Worm.Win32.Huhk.c Running module: explorer.exe\Explorer.EXE

2: detected: virus Worm.Win32.Huhk.c File: C:\WINDOWS\Explorer.EXE

3: detected: virus Worm.Win32.Huhk.c File: C:\System Volume Information\_restore{79B739DD-F9C6-4DE4-9E6F-57736A2DF999}\RP62\A0011393.exe

4: detected: virus Worm.Win32.Huhk.c File: C:\System Volume Information\_restore{79B739DD-F9C6-4DE4-9E6F-57736A2DF999}\RP62\A0011394.exe

5: detected: virus Worm.Win32.Huhk.c File: C:\System Volume Information\_restore{79B739DD-F9C6-4DE4-9E6F-57736A2DF999}\RP62\A0011405.exe

6: detected: virus Worm.Win32.Huhk.c File: C:\windows\system32\dllcache\explorer.exe

[Baz^^]

Hi, yes, they will carry on to show until the fix is rolled out via the updater. This will be very soon.

[Baz^^]

If you have no icons/taskbar/menus/etc, you can try to restore explorer as follows:


Open task manager (CTRL+SHIFT+ESC)


click on file- New task (run)

 K_1.JPG ( 65.41K ) Number of downloads: 76


In the box that pops up, type in the path to your kaspersky installation and avp.exe,

 K_2.JPG ( 66.48K ) Number of downloads: 67


so for example, mine is located at

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

Replace the \Kaspersky Anti-Virus 7.0\ with whatever version you are runnning, so for example, it could be
\Kaspersky Anti-Virus 6.0\
\Kaspersky Internet Security 6.0\
\Kaspersky Internet Security 7.0\

Click OK (you will have to repeat this process once more if you have disabled Kaspersky from starting up with Windows, to bring up the Kaspersky interface)


Kaspersky main window should pop open

Now, restore from the Kaspersky "backup" which can be accessed via "reports and data files" tab - backup

 K_3.JPG ( 67.7K ) Number of downloads: 49





Explanation of the backup tab:

Version 6- http://support.kaspersky.com/faq/?qid=198984858
Version 7- http://support.kaspersky.com/faq/?qid=208279413

This post has been edited by Igor Kurzin: 20.12.2007 12:17

[Baz^^]

If you have lost taskbar/startmenu etc, try this method to get it back from the backup of Kaspersky:

http://forum.kaspersky.com/index.php?showt...st&p=503423

[Timodinho]

Is this a real or a false virus ?

[Baz^^]

If it is in C:\WINDOWS\Explorer.EXE,

Then at the moment it is a false alarm. It will be fixed shortly.

[Fred]

Hi Guys,
Virus Doctors informed about this, it should be solved in the next minutes if false-positive.

Bye Fred

[Fred]

Ok Guys,
Reply from Virus Doctors :
"It is false alarm. It will be fixed as soon as possible. Thank you for your help"

Don't delete the Explorer.exe and do NOT format your system

Bye Fred

[Baz^^]

Fred, you missed the train by about 5 mins


http://forum.kaspersky.com/index.php?showt...st&p=503379

[Timodinho]

If it is in C:\WINDOWS\Explorer.EXE,

Then at the moment it is a false alarm. It will be fixed shortly.

Yeah its in that map, but it delete's my 'taakbalk'
taakbalk is dutch, I don't know the english word for it sorry...
and my computer is closing down by himself if I don't close my kaspersky virusscanner

[Timodinho]

The word that I mean is Task beam or something