I was recently playing CS:GO, and I noticed it was more laggy than usual, so I decided to check Task Manager. I then noticed that Windows Explorer was using ALOT of CPU, so, I looked at the "command line", and it said
C:\Windows\syswow64\Explorer.exeSo not thinking, I though "It must be doing something", until I decided to end it, but it didn't do the normal thing where you have to start it up again, and then I found another "Explorer.exe", hardly using any CPU, but this time, in
C:\WINDOWS\Explorer.EXEHeres a screenshot of the location, in windows explorer:
Here is a screenshot of Task Manager, filtered to highest CPU Usage:
Screenshot of Taskmanager, filtered to highest CPU usage
After looking at alot of forums and stuff, I don't know if its a virus or not :P
Anyway, if anyone could answer, that would be great
Thanks
5 Answers
Upload file in question to to be sure it isn't malicious substitution.C:\Windows\syswow64\Explorer.exe itself is legitimate program on windows
No, this is the 32Bit Explorer.exe on a 64Bit Windows. This is called Windows 32-bit on Windows 64-bit (WOW64) to be able to still run 32 Bit applications on a 64 Bit Windows.
Don't worry, your PC is fine.
No. Most likely is not (of course you can do a virus check to make sure it isn't a replacement).
Windows has two variants of the explorer.exe: one for 32 bits and one for 64 bits use. It is the Windows shell executable. There is nothing wrong in having two versions hanging around.
Most likely a shell plug-in or something like that caused the massive CPU load.
Check its digital signature!
A freshly installed version of Windows 10 Anniversary Update has an Explorer.exe at C:\Windows\SysWOW64. It is digitally signed, so even if one byte of it is changed, its digital signature will tell you.
To verify that it is the authentic Explorer.exe, check its digital signature by doing the following:
- Right-click on the Explorer.exe and select "Properties..."
- From the "Properties" dialog box, choose the "Digital Signature" tab. (If this tab doesn't exist, then there is no digital signature in the file and that means it is not authentic.)
- From the signature list, choose the signature and click on "Details".
- Look at the second line of the dialog box that appears. Does it say "This digital signature is OK"? If it doesn't, the Explorer.exe is not authentic.
Doesn't have to be in your computer
You can always do the verification in another computer. i.e. copy explorer.exe to a flash drive, take it to another computer (or even a virtual machine on another computer), and verify it there.
This action is effective if you fear that your computer is deeply infiltrated by a super-virus that can even alter the result of a digital signature check. Like in the movies! (Of course, in the real world, if such deep infiltration happens, the virus no longer bothers hiding itself because all is already lost and it is already in full control of your system. It is like saying a petty criminal took over POTUS just to remain hidden and has no intention of ruling over the whole US!)
2So, as it turns out, it was a virus.
I rebooted my Windows after scanning it to find that it had triggered a diskpart on my machine, wiping my hard drive.
I took it to the local computer store, and the guy that worked there said that it would of caused it. (He somehow managed to check logs that were on my motherboard.)
Virus Total said it was a virus and Malwarebytes said it was a virus, but I couldn't remove it.
Ah well, i'll just switch to Linux then :D
3
