Explorer.exe hogging my CPU

[Mollox]

My pc has suddenly started running uber slow in the last couple of days. Even just ticking over with nothing running, Task Manager is showing Explorer.exe as constantly above 90% CPU use - often 97/98.

What the feck is going on?

Just done a full norton scan and it identified a couple of potential adware threats but nothing of any real concern.

Any ideas what might be going on or how I can get to the bottom of this?

ta

[Rustynuts]

Maybe you need some more memory?

[skifly]

my lappy often does it - usually at the same time as scan32.exe is running or shortly afterwards.

Kill the process then do the CTRL-ALT-DEL combo and on the Applications tab click the new task button - then type explorer.exe and OK. Fixes it for me.

[shark_90]

Sounds like a problem Molly.. first of all ditch Norton and get some decent virus protection - McAfee Enterprise if you can stretch to it. Far superior. What is explorer doing at the times of your problems? Do you have loads of directory trees open? Or perhaps a folder full of pictures/videos which are displaying as thumbnails? Or is it just being poop - which is probably the most likely option.

[Mollox]

I have no windows open....well I mean i do now for example, but closing them all doesn't change anything.

I've never had problems with Norton before tbh...

[Mollox]

Lol Rusty - sorry- I'll pm you in a min

[shark_90]

It does sound like a virus problem unless explorer is doing something really intensive.

[Mollox]

Surely Norton would have found it?

[shark_90]

I'd have thought so..it's really difficult to say what else it might be. Unfortunately "re-install" springs to mind if it really is causing a problem

[Mollox]

Forgot to mention, I started getting bloody winfixer popups last week but these seem to have gone now. Having a read around the net I see CPU hogging often associated with this piece of malware.

I've found a few removal instrucitons on the web but they're all in forums, are fecking complicated (I've removed a lot of crap manually before) and seem to be unique to each user's circumstances. Is there a Win xp test or list of associated files to a) determine I have the winfixer problem and

B) a generic set of instructions for removing winfixer?

I suspect this could be it....

[Chris_B]

If you can be bothered, you could download and run Process Explorer, File Monitor and Registry Monitor from http://www.sysinternals.com/ and see what the explorer.exe process is actually up to when it takes all your CPU.

You could also down their rootkit revealer and run it just as another check that you're clean as some spyware/viruses hide from virus scanners.

[shark_90]

Absolutely.. try every bit of anti virus/spyware/malware software you can as they all end up with different results.

http://www.softwarepatch.com/tips/winfixer-remove-popup.html seems to have a good explanation of what to do.

[Mollox]

Hmmm that seems a bit simplistic - what do you think of this?

I've used Hijackthis based solutions before and they've always worked...

Winfixer removal

Another Q - what's the score with different profiles and this sort of stuff?

We have my profile (admin) and Liz's (user). Hers is always much slower than mine - does she have separate registry entries?? (I doubt this)

Just wondering as some of the solutions mentioned that the fix would be different if it was a multiprofile pc...

Ta everyone

[shark_90]

She does have HKLU registry entries of her own but that wouldn't often create major problems. You could delete the NTUSER.DAT from her profile to force the creation of a new one if you wanted to? She would lose her desktop appearance settings though.

I was trying to read the castlecops page when I found the other one but for some reason it's taking FOREVER to open.. they are usually very, very thorough and successful fixes

[Mollox]

Yep but they seem to be tailored to each user's Hijackthis output....no?

I don't want to take specific actions that might be unique to a particular pc...

Interestingly, i haven't had any winfixer popups for a week....

[shark_90]

The link you posted looks very thorough Molly, but the thing is you just never know. It looks and reads true, so I guess if you go ahead with it you're likely to be alright.

But as soon as something started fecking with your registry as deep as that, I'm of the school that it'll never be right again until it's installed clean. I know that's not always simple so go ahead with the castlecops suggestions first and see how you go.

[Mollox]

hmm oppml.dll is using all my CPU

Google doesn't recognise it either

[Mollox]

killed it and we're working better already. Still don't know WHAT it is, what's causing it or how to properly remove it though

I also suspect tusst.dll of being dodgy

Cheers for the Process Explorer link btw Chris

[Riz]

Mmmmmm just FORMAT C:\

Riz

[Thorburn]

[ QUOTE ]

Surely Norton would have found it?

[/ QUOTE ]

Thats the theory, but Norton has a reputation for being a bit, errrrm, rubbish!

[Mollox]

I'm pretty sure its winfixer...

oppml.dll is a randomly created filename by the fecking malware - no wonder google can't find it. Can I be bothered to run through the process tonight though...hmmm

[activa]

I've had a similar problem in the last few days with a browser hijacker.

It was called security2k.net and it appeared as what looked like a bona fide antivirus company with a bogus webpage and everything.

It made the machine run slow,pop-ups galore,hard to access websites properly and left some dodgy dll file somewhere on my machine,that when I erased it,it recreated it at next start up.It also stopped me accessing Microsoft repair options on their website-pretty complete.

After trying remedys from geek sites with no results(because I think it creates files unique to each machine)I decided the only way was to clear the disc of everything and reload windows.

Well,that's what I did and the machine is perfect once more.

I know it's a time consuming job but tbh I see it as the only way you're gonna cure this.

By recommendation I've also now loaded Panda security onto the machine and it seems to be taking care of things nicely.

Good luck!

[Mollox]

Think its fixed

[Mollox]

OK, flying again now

If you get a popup that looks anything like this and mentions Winfixer then you're infected with a very annoying and resource-sapping piece of ad/malware. Let me know and I'll show you how to get rid of it

[activa]

Nice one,piece of mind again!

So how did you eventually get rid of it?