File Search: 

ThreatExpert's awareness of the file "explorer.exe":

Across all ThreatExpert reports, the file "explorer.exe" was mostly identified as a threat.
File "explorer.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "explorer.exe"1,089
Number of incidents when this file was found to be a threat888
Statistical volume of cases when "explorer.exe" was a threat82%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "explorer.exe" is known to be created under the following filenames:
%AllUsersProfile%\cncdown.exe
%AppData%\1.exe
%AppData%\bifrost\server.exe
%AppData%\blaah.exe
%AppData%\calc.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\eiofax.exe
%AppData%\explorer.exe
%AppData%\hose.exe
%AppData%\icsys.icn.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\ldr.exe
%AppData%\lsass.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\microsoft\winnt.com
%AppData%\mrsys.exe
%AppData%\mutant.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\narrator\explorer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\services.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
%CommonAppData%\38d3ff69.exe
%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe
%CommonAppData%\av1\av1.exe
%CommonAppData%\av1\av1i.exe
%CommonAppData%\av1\av1i2.exe
%CommonAppData%\av1\av1two.exe
%CommonAppData%\av1\qwprotect.dll
%CommonAppData%\av1\svchost.exe
%CommonAppData%\av2010\av2010.exe
%CommonAppData%\av2010\iedefender.dll
%CommonAppData%\av2010\svchost.exe
%CommonAppData%\dyned\eng_loc.exe
%CommonAppData%\e4a12b7\extraav.exe
%CommonAppData%\e4a12b7\ua2009.exe
%CommonAppData%\e4a12b7\valarm.exe
%CommonAppData%\e4a12b7\vmelt.exe
%CommonAppData%\e4a12b7\vsweep.exe
%CommonAppData%\explorer.exe
%CommonAppData%\fetion\fetionupdate.exe
%CommonAppData%\gav\sgav.exe
%CommonAppData%\n1\n1.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "explorer.exe" has the following possible countries of origin:
OriginNumber of Incidents
China116
United Kingdom48
Germany15
Spain9
Russian Federation8
Sweden7
France4
Israel3
Thailand3
Turkey3
Brazil2
Iran2
Belgium1
Philippines1
Portugal1
Romania1
Saudi Arabia1

The following threats are known to be associated with the file "explorer.exe":
Threat AliasNumber of Incidents
Generic.dx [McAfee]19,201
Exploit.Win32.IMG-WMF.fk [Kaspersky Lab]19,125
Troj/PWS-AXY [Sophos]14,620
Hacktool [Symantec]13,873
Exploit.Win32.IMG-WMF [Ikarus]12,241
Exploit.IMG-WMF!sd6 [PC Tools]10,115
Exploit.IMG-WMF [PC Tools]8,840
Win-Trojan/ExploitTool.3740 [AhnLab]6,715
Packed.Generic.181 [Symantec]6,035
Trojan.Zlob [Ikarus]5,525
IRC/Client [McAfee]2,376
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]2,329
Mal/Generic-A [Sophos]2,253
Backdoor.IRCBot [PC Tools]1,980
Trojan-Dropper.Agent [Ikarus]1,532
not-a-virus:Client-IRC.Win32.mIRC [Ikarus]1,476
Win-Trojan/MircPack.1790464 [AhnLab]1,452
Exploit.Win32.IMG-WMF.ex [Kaspersky Lab]510
Trojan.StartPage.AKF [PC Tools]425
IRC-Worm.Win32.Tedeto.a [Ikarus]288
Generic Dropper.ex [McAfee]170
W32.SillyFDC [Symantec]160
Infostealer.Lineage [Symantec]124
Virus.Win32.VB.bu [Kaspersky Lab]116
Worm.AutoRun.J [PC Tools]116
PE_VBAC.A [Trend Micro]114
Virus.Win32.VB.bu [Ikarus]114
Virus:Win32/VB.BU [Microsoft]114
PWS-LegMir [McAfee]112
W32/Bacalid-A [Sophos]112
Trojan Horse [Symantec]95
W32/Virut.gen [McAfee]42
Backdoor.Trojan [Symantec]35
Win-Trojan/Xema.variant [AhnLab]35
Trojan.VB.EPP [PC Tools]34
Worm.Win32.AutoIt.ci [Kaspersky Lab]32
W32/Autorun.worm.f [McAfee]31
W32.IRCBot [Symantec]29
New Malware.u [McAfee]28
PE_HUNK.NY [Trend Micro]26
Virus:Win32/Huhk.7005 [Microsoft]26
W32.Huhk.A [Symantec]26
W32/Huhk.c [McAfee]26
Worm.Win32.Huhk.c [Kaspersky Lab]26
Trojan.Monicker [Symantec]25
W32/Autorun.worm.i.gen [McAfee]25
Trojan.Win32.VB [Ikarus]24
Trojan.Win32.VB.atg [Kaspersky Lab]23
Downloader [Symantec]22
not-a-virus:PSWTool.Win32.FirePass.af [Kaspersky Lab]21
IM-Worm.Win32.Sohanad [Ikarus]20
Infostealer [Symantec]20
W32/Autorun.worm.ct [McAfee]20
PSWTool.FirePass!sd6 [PC Tools]19
Generic PWS.y [McAfee]18
Keylog-SClog [McAfee]18
TrojanSpy.SCKeyLog.A [PC Tools]18
Trojan-Spy.Win32.SCKeyLog.am [Kaspersky Lab]18
TSPY_SCKEYLOG.J [Trend Micro]18
W32.Spybot.Worm [Symantec]18
PE_VIRUT.XP [Trend Micro]17
Backdoor.Mechbot [PC Tools]16
Backdoor.Win32.Mechbot.d [Kaspersky Lab]16
Gen.Trojan [Ikarus]16
TROJ_AGENT.ABUW [Trend Micro]16
W32/IRCbot.gen.f [McAfee]16
Win-Trojan/Autorun.259263 [AhnLab]16
Trojan.Astry [Symantec]15
Trojan.Win32.VB.bmr [Kaspersky Lab]15
Trojan-Downloader.Win32.Banload [Ikarus]15
W32/Autorun.worm.gen [McAfee]15
W32/Autorun-DP [Sophos]15
W32/Generic!worm [McAfee]15
W32/Virut.gen.a [McAfee]15
Backdoor.Win32.Rukap.gen [Kaspersky Lab]14
Generic VB.b [McAfee]14
W32/Vetor-A [Sophos]14
Worm.Win32.AutoRun.acq [Kaspersky Lab]14
Adware.DService.Gen [PC Tools]13
Backdoor:Win32/Poebot.gen [Microsoft]13
Infostealer.Gampass [Symantec]13
New Malware.hr [McAfee]13
Virus.Win32.PcClient.NM [Ikarus]13
Virus.Win32.Trojan [Ikarus]13
W32/Huhk-C [Sophos]13
Worm:Win32/Autorun.FO [Microsoft]13
Packed/eXPressor [PC Tools]12
Suspicious.MH690 [Symantec]12
VirTool:Win32/CeeInject.gen!J [Microsoft]12
Virus:Win32/Sality.AM [Microsoft]12
W32.Virut.W [Symantec]12
W32/Sdbot.worm [McAfee]12
W32/Shahrokh-A [Sophos]12
Win32.Virut.Gen.4 [PC Tools]12
Win32/IRCBot.worm.variant [AhnLab]12
Backdoor.Win32.Poison.pg [Kaspersky Lab]11
Backdoor:Win32/Poisonivy.H [Microsoft]11
Keylog-Ardamax [McAfee]11
Mal/Behav-043, Mal/Behav-033 [Sophos]11
PE_VIRUT.GEN-2 [Trend Micro]11