I'm pretty sure my laptop has been infected with a virus but I can't identify it or remove it.


  • Multiple explorer.exe processes being spawned some consuming lots of memory enter image description here

  • When I launch IE the history shows lots of sites/pages I've never visited. enter image description here

  • When I shutdown I see flashes of images that look like they are from web sites filled with ads.

I'm guessing the background explorer.exe process are visiting sites to either increase views or click-thrus and to make it look like it's coming from different computers.

What I've tried:

  • Downloaded CCleaner and remove temp internet files, etc
  • Downloaded and run multiple anti-virus programs including McAfee, AVG, Malwarebytes and Ad-aware
    • Scans have been run in both normal Windows and safe-mode.
    • Most of the AV programs haven't found much. Mostly bad cookies which I think are related to the hidden browsing going on.
    • AVG did find an HTML/Framer and Java/Downloader virus on first run but claimed it cleaned it and then ran clean on the next runs.
  • I can end the explorer.exe process from Task Manager but new spawn again. If delete all explorer.exe process then eventually I hit the real one and the task bar, etc goes away.

    • I've also download Process Explorer to try and find the parent process but the parent looks like the system process: enter image description here

I am reaching the point where I think a clean install is my only option but hoped there is an solution to remove this without resorting to that.

  • 1
    You could sift through the DLLs the rogue processes have loaded. That might help identify the malware, at least. Still, I think it'd be better to nuke the system.
    – Daniel B
    Commented Feb 24, 2014 at 15:24
  • 1
    Did you try scanning your system with AdwCleaner? Also, check How do I get rid of malicious spyware, malware, viruses or rootkits from my PC? if you haven't already.
    – and31415
    Commented Feb 24, 2014 at 15:43
  • Does this problem surface when Safe Mode is used?
    – Ramhound
    Commented Feb 24, 2014 at 16:00
  • No I don't see the multiple processes in Safe Mode. Commented Feb 24, 2014 at 16:09

2 Answers 2


You may need to try the Combofix tool next. It's a very powerful tool, so make sure you have backups of your important data. It works on Windows XP, Vista, 7 and 8; make sure you run it as an Administrator though. This tool goes through many more checks than typical anti virus programs

DISCLAIMER: I only use this product, I do not help develop it or receive compensation for telling others of its use. It works well for me, so I am offering it as a possible solution.

  • Running this over night. Will check the results in the morning. If that doesn't work I think reinstall is my only option. Commented Feb 25, 2014 at 1:39
  • ComboFix hung after rebooting (sat there all night). Ended up going with re-imaging the system. Commented Feb 26, 2014 at 3:29
  • That sucks, sorry to hear that Commented Feb 26, 2014 at 13:49

Yes. I've seen this multiple explorer.exe before and even if you kill the processes, they still come back. Malwarebytes is the only software that fixed the virus.

  • OP already tried Malwarebytes Commented Feb 24, 2014 at 19:57

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .