0

I have Windows Server 2012. I faced some slow issue due to Expl0er.exe file and its located in

C:\Program Data\Expl0er.exe

I don't know about the file. its take more CPU usage up to more then 70% CPU, and its take less ram memory. please help anyone let us know its virus or any other file or explain about the file. Thank you

Neo Vijay
  • 103

1 Answers1

4

It looks totally like a virus.

  • Its name mimics the legitimate explorer.exe, but not exactly.
  • It's in ProgramData, which is a folder dedicated for program data (obviously), not programs themselves. Why would a real program install in there? A virus could, though, because it likely doesn't have administrator rights which are required to install in Program Files.
  • Programs usually install in dedicated per-program folders, not directly into system folders.
  • etc.

It looks like the infected machine is a server, possibly an important one. Now it has been compromised. It means that you can no longer trust this machine. You don't know what the virus did: which configuration changes it made, what other malware it installed etc.

You should:

  1. Immediately disconnect the machine from network to prevent other computers from infection and other nasty actions taken by malware.
  2. Nuke the infected server from orbit, reinstall from scratch and restore backups. Yes, it's necessary.

Let me emphasize that it's not worth attempting to remove the malware because you can never be sure that you succeeded. You should also find out how the malware got onto server in the first place. Viruses don't appear out of thin air. It could have been:

  • downloaded by something/someone (intentionally or not)
  • carried over on an thumb drive
  • it may have "jumped" to the server over the network

Anyway, it's very likely that other machines that interact with that server are infected and you'll have to deal with them too.

gronostaj
  • 58,482