Check http://processchecker.com/file/explorer.1.exe.html
http://www.herdprotect.com/explorer_1.exe-fda5acaddcdcf7d24b97f502bc359769b753a3a2.aspx
HJ
Its malware run Malwarebytes
Please download the free version of Malwarebytes.Update it immediately.
Do a full system scan
Let us know the results at the end.
http://www.malwarebytes.org/products
this is my result
Memory Modules Detected: 1C:\Users\User\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
Registry Keys Detected: 1
HKCR\thunder (Trojan.Agent) -> No action taken.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\Windows\SysWOW64\rundll32.exe "C:\Users\User\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\User\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\User\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.
Files Detected: 10
C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderFW.exe (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.222_1111\ThunderFW.exe (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.223_1111\ThunderFW.exe (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\GreyGray\GreyGrayBHO.dll (PUP.Optional.Greygray.A) -> No action taken.
C:\Program Files (x86)\Thunder Network\Thunder\tp\ThunderFW.exe (Trojan.Downloader) -> No action taken.
C:\Program Files (x86)\Thunder Network\Xmp\TP\ThunderFW.exe (Trojan.Downloader) -> No action taken.
C:\Windows\explorer_2.exe (PUP.Optional.BitCoinMiner) -> No action taken.
C:\Users\User\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\User\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\User\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.
HJ
You ran it in scan only mode. You need to run it in scan and repair.
HJ
You might want to start by reading the instructions with Malwarebytes. I don't have it installed on this machine and cannot install it here. If the instructions don't help try Googlin
Hi,
Tried the Malwarebytes solution but it does not work.
Even after deleting all the PUPs found by Malwarebytes the process explorer_1.exe is visible in the task manager and it consumes up to 45-50% of the CPU.
Sorry it was not helpful.