[filename.info logo]
[cn explorer.exe][de explorer.exe][es explorer.exe][fr explorer.exe][gb explorer.exe][it explorer.exe][jp explorer.exe][kr explorer.exe][nl explorer.exe][pt explorer.exe][ru explorer.exe][us explorer.exe]
 

explorer.exe ( 6.0.2800.1106)

Contenido en software

Nombre:Windows XP Home Edition, Deutsch
Licencia:comercial
Acoplamiento de la información:http://www.microsoft.com/windowsxp/

Detalles del archivo

Trayectoria del archivo:C:\WINDOWS\$NtUninstallKB820291$ \ explorer.exe
Fecha del archivo:2002-08-29 14:00:00
Versión: 6.0.2800.1106
Tamaño del archivo:1.007.104 octetos

La suma de comprobación y el archivo hashes

CRC32:D261ED0C
MD5:22B0 A56E 6C58 4729 2437 078B 484E C61B
SHA1:4061 AD77 8B22 5A9F 5197 A4A6 1D9C 8CC7 16B1 261E

Información del recurso de la versión

Nombre de compañía:Microsoft Corporation
Descripción del archivo:Windows Explorer
Sistema operativo del archivo:Windows NT, Windows 2000, Windows XP, Windows 2003
Tipo del archivo:Application
Versión del archivo:6.0.2800.1106
Nombre interno:explorer
Copyright legal: Microsoft Corporation. Alle Rechte vorbehalten.
Nombre de fichero original:EXPLORER.EXE
Nombre del producto:Betriebssystem Microsoft Windows
Versión del producto:6.0.2800.1106

explorer.exe fue encontrado en los informes siguientes:

Trojan.Eurosol

Sobre Trojan.Eurosol
...It does this by modifying the System.ini file and appending itself to the shell = Explorer.exe line in the [boot] section....
Instrucciones del retiro
...similar to the following: shell=Explorer.exe <additional text added by Trojan>...
...Delete all text (on the shell=Explorer.exe line only) that is to the right of Explorer.exe....
...done, the line should read: shell=Explorer.exe Click File, click Exit, and...
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/trojan.eurosol.html

W97M.Heathen.12288.A

Sobre Trojan.Eurosol
...Even when it works under a Windows 95 system, the modified EXPLORER.EXE becomes unstable. It may also crash MS Word...
Gravamen de la amenaza
...Similar to the way it tricks Windows to replace EXPLORER.EXE with HEATHEN.VEX, the virus adds a WININIT.INI file that contains: [rename] nul=System.dat...
Detalles técnicos
...infect MS Word 97 documents. 3. The virus modifies EXPLORER.EXE in the WINDOWS directory....
...modification adds a loading routine such that HEATHEN.VDL gets loaded every time EXPLORER.EXE is executed. 4. If it fails to modify EXPLORER.EXE...
...Then, it modifies HEATHEN.VEX. To have EXPLORER.EXE replaced by HEATHEN.VEX, the virus creates a WININIT.INI file that contains:...
...[rename] C:WINDOWSExplorer.exe=C:WINDOWSHeathen.vex This instruction in the WININIT.INI...
...file upon the next startup. When a modified EXPLORER.EXE runs, the following events occur:...
Instrucciones del retiro
...Unfortunately, the modification to EXPLORER.EXE is irreversible. EXPLORER.EXE needs to be restored...
...from a clean copy. A clean copy of EXPLORER.EXE can be found on the Windows Installation CD:...
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/w97m.heathen.12288.a.html

Bloodhound.Exploit.14

Sobre Trojan.Eurosol
...image files that could be used to exploit a Denial of Service (DoS) vulnerability in Explorer.exe on Microsoft Windows XP. The files that are detected...
Detalles técnicos
...The vulnerability is reported to exist when Explorer.exe handles certain TIFF format images....
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.14.html

W32.HLLW.Spirit

Sobre Trojan.Eurosol
...It copies itself as %Windir%System32Explorer.exe. W32.HLLW.Spirit is written...
Detalles técnicos
...Copies itself as %Windir%System32Explorer.exe. Copies itself to the Kazaa...
...IE 6 FULL.exe Internet Explorer.exe Kazaa Lite Hack 2.4.exe...
..."Explorer"="%Windir%System32Explorer.exe" to the registry keys:...
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.spirit.html

Trojan.Loome

Sobre Trojan.Eurosol
...detected as Spyware.Look2Me. Then, it ends the Explorer.exe process to load the .dll, which crashes Windows 2000/XP....
Detalles técnicos
...C:WindowsSystem32 (Windows XP). Ends the Explorer.exe process in order to load the .dll....
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/trojan.loome.html

VBS.Vanina

Sobre Trojan.Eurosol
...computer with a copy of itself. It also sends the file Explorer.exe two email addresses that are registered in Argentina....
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/vbs.vanina.html

VBS.Taber

Sobre Trojan.Eurosol
...The worm attempts to delete C:WindowsExplorer.exe and make some configuration changes to Internet Explorer by editing the registry...
Detalles técnicos
...HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerRestrictions Add the values:...
...HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel Adds the value:...
...HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternetExplorerInfodeliveryRestrictions...
...HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer Attempts to copy itself to...
...Attempts to delete C:WindowsExplorer.exe. Displays these two messages:...
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/vbs.taber.html

W32.Fourseman.A

Gravamen de la amenaza
...Deletes files: Overwrites explorer.exe with itself. Causes system instability:...
Detalles técnicos
...%Temp%Win_Security_Patch_2602.exed %Windir%Explorer.exe %Windir%SystemExplorer.exe...
Instrucciones del retiro
...Run a full system scan and delete all the files detected as W32.Fourseman.A. If Explorer.exe was overwritten, restore it from backup or re-install it....
...W32.Fourseman.A, click Delete. If Explorer.exe was overwritten, restore it from backup or re-install it....
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/w32.fourseman.a.html

Backdoor.Nota

Detalles técnicos
...C:\%Windows%All UsersStart MenuProgramsStartUpExplorer.exe NOTES:...
...It adds the following line: shell=Explorer.exe winfat32.exe These changes cause the Trojan...
Instrucciones del retiro
...the steps in this section. To do this using Windows Explorer, go to the C:WindowsRecent folder, and in the right pane delete the Win.ini file....
...similar to the following: shell=Explorer.exe winfat32.exe Delete all of the text to...
...that the line looks like: shell=Explorer.exe Click File, and click Save....
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nota.html

W32.Poscal.Worm

Gravamen de la amenaza
...C:WindowsSystem.ini, C:WindowsExplorer.exe C:WindowsRegedit.exe C:WindowsTelnet.exe...
Detalles técnicos
...C:WindowsF<??>K_AVs.exe C:WindowsSystemExplorer.exe C:Windows egedit.exe...
...C:WindowsTelnet.exe C:WindowsExplorer.exe NOTES:...
...The attributes of the C:WindowsF<??>K_AVs.exe and C:WindowsSystemExplorer.exe files are set to read-only and hidden....
...C:WindowsRegedit.exe, C:WindowsTelnet.exe, and C:WindowsExplorer.exe are valid Windows programs that are overwritten by the worm on Windows 95/98/Me-based...
......
Fuente: http://securityresponse.symantec.com/avcenter/venc/data/w32.poscal.worm.html



Valid HTML 4.01!