The Channel logo

back to article Kaspersky false alarm quarantines Windows Explorer

A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse. Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from …

COMMENTS

This topic is closed for new posts.

Page:

Gates Horns

so it's wrong how?

because Internet Explorer is (to all intents and purposes) one of the main conduits by which viruses and malware enter a computer. Hardly a safe app, is it?

0
0
Joke

It deleted Explorer.exe?

And this is a problem why?

0
0
Thumb Down

RE: so it's wrong how?

Sorry to correct you, but explorer.exe is actually the main windows shell. It takes care of displaying such things as the start menu.

You're thinking of iexplore.exe, a totally separate piece of software.

0
0
Bronze badge
Gates Horns

fair cop guv.

I thought explorer WAS malware? As Tawakalna comments, it seems to allow anyone and their dog a conduit into getting complete control over a system. Seems only fair to flag it for what it is.

0
0

@ Tawakalna

Windows Explorer is not the same as Internet Explorer.

0
0

Horrific

Can you imagine....

3am, your AV management server downloads the latest AV updates

4am, your clients are set to download from your management server

5am, your clients do their daily scan

5:10am - explorer.exe is deleted from Windows

5:20am - Your network is crippled....!

Stuff of nightmares....

0
0
Silver badge
Gates Halo

@Tawakalna

explorer.exe is not Internet Explorer, but I guess your still in 80's Linux retro land

0
0

Re: So it's wrong how?

First, this is Explorer, not IE. Deleting Explorer would require everything to be done from new task.

0
0
Gates Horns

Wrong because...

You're mistaking the process as iexplorer.exe, the Internet Explorer process. This is the explorer.exe process which runs the file browser, Windows Explorer.

Ben

0
0
IT Angle

Maybe, just maybe...

Perhaps it was a false false positive?

0
0
Alert

Explorer, not IE

Windows Explorer, wot does the GUI bit, not Internet Explorer, wot does t'internet.

Speaking of irritating anti-virus updates, maybe someone could also tell Grisoft that rc.exe, compiler of resources in Visual Studio, is also not a virus, as I've had to remove it just to get my projects to compile properly.

0
0
Anonymous Coward

Forget cyber terrorism

No need for Chinese or Russian covert hacking activities then? All that Putin and his mob need to do is to infiltrate Kaspersky, introduce a trojan in one of the updates and hey, presto, the FSB will have access to nearly every computer in the West.

Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows.

0
0
Flame

Double edge sword

This is alarming, both incidents are serious enough to cause IT people a nightmare, but something as simple as testing explorer.exe, how they missed that ??

I were in a planning stage to change all our clients from AVG/Panda to Kaspersky, after these incidents, I think I will sit tight until further notice.

0
0

Erm, explorer.exe isn't IE

IE is iexplore.exe

explorer.exe is the Windows file manager component.

I know they are linked, but hosing explorer.exe is far more system-destroying than hosing iexplore.exe

0
0
Pirate

@Tawakalna

Windows Explorer is not the same as Internet Explorer. I can't believe that people are still confusing these two terms. Shows how daft the M$ naming scheme was.

The "Windows Explorer" is your shell and file manager within Windows. If it is deleted, it does make life a little tricky getting anything done in XP. Though one could revert to the old Win 3.x progman.exe (found in Windows System32 folder...)

0
0
Silver badge

Now if could only flag Vista

As being a virus, it might get some attention.

I can see it now. "Your computer is infected with the Vista virus, do you want to upgrade to XP?".

I'd mention Linux, but that just arouses more flamage....

0
0
Black Helicopters

Good pun, but...

Isn't the point of AV software to stop things slipping through the net?

0
0
Thumb Up

*snork*

"stuck in '80s Linux retro land" huh? If you're going to toss in a random mild insult because you're sore about yet another problem with Winduhs while you helpfully correct someone's confusion of IEXPLORE.EXE and EXPLORER.EXE, at least get your decade right. :o)

I think Kaspersky could improve on this by having it delete any C:\WINDOWS or C:\WINNT directories it finds, since having them on your computer is definitely a security hazard.

0
0

Re: Now is could only flag Vista

I wouldnt nesscarily say virus so much as a world wide beta gone bad.

(I can see this now 'When OS' attack tonight on FOX')

Though with most people Linux is not an option because they have gotten so used to the way Windows works even what should be a minor change will cause them to forget everything that they have learned and be completely clueless.

(Celebrity deathmatch 'Linux vs Vista' WHO WILL WIN!!!!)

0
0
Gates Horns

Wrong name

I reckon they had it right in the first place, but the wrong name. It should have been W32.Monopoly.Worm.

0
0
Bronze badge

Whatever happened to system integrity?

I thought that you'd weren't supposed to be able to delete critical Windows files like that? Surely even as an admin, deleting explorer.exe from WITHIN explorer.exe (as a shell) should be one of those impossible things? Shouldn't Windows be disallowing it anyway, with all it's fancy system file protection etc.? I'm not going to try it but even as an admin I didn't think you could actually delete explorer.exe. Or does Kaspersky put it on the list of files to delete on the next startup?

I know that Linux wouldn't stop you doing "rm -rf /" if you're daft enough to do it when running as root but I thought that Windows didn't like you having that sort of control over your own machine.

0
0
Gates Horns

There's a hole in my bucket dear Liza

Henry: Karspersky's deleted explorer.exe, dear Liza, dear Liza, Karspersky's deleted explorer.exe, dear Liza, deleted.

Liza: Well fix it dear Henry, dear Henry, dear Henry, well fix it dear Henry, dear Henry, fix it

Henry: With what shall I fix it, dear Liza, dear Liza, with what shall I fix it dear Liza, with what?

Liza: with progman.exe, dear Henry, dear Henry, dear Henry, with progman.exe, dear Henry, dear Henry, with progman.exe.

Henry: But how do I run progman.exe dear Liza, dear Liza?

{There are ways, thanks to DOS. ..and win3.1 comes in handy too sometimes. We still can't live without 'em)

0
0

Quarantine, not delete

Setting Kaspersky AV to delete anything it deems suspicious is an incredible show of faith in its accuracy. Setting it to quarantine suspect items is much safer, and explorer.exe could have been simply recovered using the recovery shell, could it not? For that matter, if one knew what had happened, simply extracting explorer.exe from the same recovery shell would have fixed things right up.

Probably the bigger issue was with not knowing what had happened, and being unable to contact Kaspersky to find out.

0
0
Coat

COMRADES! STUDENTS! CO-MILITANTS!

GET BACK TO WORK, STUDY FOR YOUR UPCOMING EXAMS, GET A BEER OR GO OUT TO A PARTY AND GET SOME INSTEAD OF POSTING RETARDED/PREDICTABLE STUFF IN THE REG COMMENT SECTION ABOUT HOW INTERNET EXPLORER IS NOT THE SAME AS EXPLORER AND HOW QUARANTINING EXPLORER IS ACTUALLY A "DO WHAT I MEAN" KINDA THING.

This Message has been brought to you by the Reg Overwatch and Desensitization One-Man Committee.

Thank You.

0
0
Boffin

@ The Reg Overwatch and Desensitization One-Man Committee

You are confusing explorer. exe with iexplore.exe, the Internet Explorer application file...

Had to be done.

0
0

RE: Forget cyber terrorism

"Or take the simpler solution - ditch Windows"

This problem was not actually caused by windows itself, but by a trusted process being given permission to delete core files. Do the same on linux or mac and the results will be exactly the same (a hosed system).

If all windows users switched to linux or mac (or even BSD), it would not be a simple solution. Given that windows users like to run "admin" or root accounts, the security implications on any OS would be major. All OS's including *nix and macOS are susceptible to viruses, rogue code and mistakes. If you believe your OS is invulnerable then you're just asking for trouble.

If you believe your OS is able to withstand treatment from the average windows user, I dare you to run every single process as root for a week. When bind or sendmail are not attacked with exploits you may have a point.

This message comes to you from a windows machine that against all common beliefs held by *nix and apple fanbois is not actually a virus drone, and has never sent a single unauthorised email.

0
0

This post has been deleted by its author

yo

Nod32 and bit Defender Internet security 2008 i use here at office and home (nod32 in office casue i have ISA in place and Bit Defender at home casue of its uber firewall) i Hate symantec casue its shite.... and kapersky i dont use cause its ... well ok but not as good as afore mentioned.. most i have tested have mist common virusus such as bagle but not nod or BT !! both updated hourly too

0
0

iexploder eexploder, I'm the one with the hosed system.

I set my default shell to sol.exe and was moderately happy for a while but this cut my output at work by at least 10 percent and I had to change it back.

That sucked.

0
0
Pirate

Kasperspy sucks

I don't understand why anyone is suprised. It's a naff piece of software and anyone with an ounce of common sense is running NOD32.....

0
0
Linux

re: RE: Forget cyber terrorism

@system

Erm, yeah you've actually made the last guy's point for him. Linux/OSX users don't run every process as root, therefore it's actually very difficult for a process to delete core system files. They're not invulnerable (and anyone who claims as such is a fool), but this is the second time in as many weeks that we've heard of a userland app hosing Windows systems (the last one was the update for an MMORPG - can't remember which one - that removed boot files if you restarted after an update). It would be difficult for this to be replicated in the OSes, especially since the current favourite, Ubuntu, doesn't even allow root login in the standard way (everything's sudo-ed).

Most users aren't going to run bind or sendmail, but everyone in Windows land (including you I suspect) are running an AV checker like Kaspersky. Maybe you haven't got a virus, but how do you know that your virus checker won't do something like this next?

0
0
Unhappy

Stop Talking about IEXPLORE & EXPLORE

PLEASE PLEASE PLEASE stop talking about the above, its getting boring now!

0
0
Paris Hilton

to Paul Talbot

EVe-Online is the MMORPG you mean - it deleted the boot.ini file. Lets hope XP SP3 adds at least a little protection for key system files!

Anyone found the paris hilton angle yet?

0
0
Thumb Down

Love it

... reminds me of when they did the same thing to SQL Enterprise Manager when we were trialling it last year. I do seem to recall shouting at them something along the lines of "....and what if it does the same thing to explore.exe?" Glad to see that they're learning by their mistakes.

0
0
Silver badge
Alien

@Forget cyber terrorism

"No need for Chinese or Russian covert hacking activities then? All that Putin and his mob need to do is to infiltrate Kaspersky, introduce a trojan in one of the updates and hey, presto, the FSB will have access to nearly every computer in the West.

Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows."

IT is not cyber terrorism, AC, it is the Beta Use of CyberIntelAIgents and one would hardly XPect anything less from an Intelligence Man such as a Mr Putin. It is said that "Once a KGM officer, always a KGB officer" and such shenanigans are Stock and Trade Elements in all such Services. Making Better Beta Use of them though, is what sorts out the Men who know what they should be doing with them from the Boys who really don't.

And when Home forces are doggedly in the Boys camp, for whatever dumb reason, deaf, dumb and blind to home-grown CyberIntelAIgent Help, then IT easily finds a Ready Home elsewhere in the more Enlightened Surroundings/Regimes which display their Increased Awareness for a Reinforced and Reinforcing IntelAIgents Match...... CyberIntelAIgent Cultural Attache XXXXChange.

Now there's AI Novelty for the Boys in the Militarising Band of the Foreign and Commonwealth Office to mull over........ but only if they are in Fully Funding Support of dDeep Private Initiatives..... in Virtually Real, Out of this World, State Matters.

One is always hopeful that they can grown into Future Men rather than remain as Lackeys, lacking the System. It is not as if they do not receive regular upgrades and taunts to jog their own brains into working the much wwwider Fields of Global Operating Devices C2C Communications rather than relying on duff, short-sighted, Visually and Intellectually Impaired orders and instructions.

C2C???? Copy to China and Control to Command. Both Viable Options for XXXXPorting in AIRegister of Mutiple Use Interests.

0
0
Bronze badge
Alien

Thank goodness!

Thank goodness for amanfromMars, whose cogent discussion of... erm... whatever that was a discussion of, made a refreshing change from endless discussons of Explore.exe and IExplore.exe.

For anyone still not aware of the distinction, Explore.exe is the windows file explorer, iExplore.exe is the Apple version.

0
0
Anonymous Coward

COMRADES! STUDENTS! CO-MILITANTS!

As a direct result of failing to extricate its head in a timely fashion, The Reg Overwatch and Desensitization One-Man Committee has suffered massive implosive rectal failure, and will forthwith be taking some much-needed time off to become familiar with the uncomfortable procedure of delivering thru a plastic tube.

This Message has been brought to you by the Doctors of the Reg Overwatch and Desensitization One-Man Committee.

Stay Safe

0
0
Flame

@Stu Reeves

If you're going to make snide remarks about others, it's probably a good idea not to make any mistakes in your critique.

That would especially include making a fundamental error in grammar such as mistaking 'your' for 'you're'.

(If I've made a mistake here, I'll now feel really silly.)

0
0
Alien

I thought Explorer got iced a couple of weeks back?

http://www.theregister.co.uk/2007/11/23/ms_explorer_ufo_sinking_ship_not_software/

I'm *so* glad my enterprise don't use Kraperski - the support calls would be hell....

0
0
Paris Hilton

PH angle...

Clearly PH doesn't know the difference between explorer.exe and iexplore.exe.

0
0
Joe

Explorer

Well I loaded Explorer, and played it for a while, but I can't see what all the fuss is about. We are talking about the ZX81, right?

0
0
Anonymous Coward

explorer.exe is indeed a massive virus

... and not a clever one as it takes a CD and 40 minutes to install.

0
0

@Paul Talbot

You said something to the effect of "...AV is a userland app, how come it can kill Windows system components?..."

What would the point of it running in the user's context be? It would only be able to protect the user's files, it has to run at a relatively low level, just in case a system component is infected, as it will need to interact with the component (delete/move/deny access etc) therefore it has to be installed by the Administrator (root, if you have Apple/Linux/UNIX AV - yes, it is out there!)

You'll also find that all the people who installed and operated whatever game it was that killed boot.ini, in their user's context didn't end up with a knackered system. It was the eejits who insatlled and operated the game with Administrator that were the victims.

Duh!!!!

0
0

re: re: RE: Forget cyber terrorism

"Erm, yeah you've actually made the last guy's point for him. Linux/OSX users don't run every process as root"

That was kind of the point. It's about the users rather than the OS. Windows users are used to doing things with a single login. If you encourage them to jump to linux, they'll take the single login habbits with them and run as much as they can under root. Windows can support none-admin logins (which would have prevented this), just like linux, but it is not something the average windows user will consider.

Yeah, there are some distros and software coming out on linux that do their best to discourage running as root, but it's not all like that. The majority of distros are susceptible to all kinds of bad things happening if they were run like the average copy of windows.

Moving the majority of windows users to another OS is not a "simpler solution". If the other OS is not going to end up as bad as windows, it would require hardening of the OS and training of the users.

Moving the majority of "boy racers" out of Golf GTIs and into Porsche 911s is not going to solve speeding problems without speed limiters on the cars and retraining of the drivers :-P

0
0

Genius!

I knew someone would figure it out eventually. All those people complaining that IE is uncompetitive as it can't be uninstalled have been proven wrong! Thank you Kapersky -you have opened the way for freedom of choiec in the browser market.

0
0
Coat

@Paul Talbot

You can actually run Ubuntu as root in the normal way. Login as your normal user, then 'sudo su'. Enter password and Voila, you are now root.

You could also 'sudo nano /etc/passwd', change your UID to 0, log out and login and you're running as root without having to Sudo ever.

Of course the more important point is how it works out of the box, which is how most users would continue to use it anyway.

Now I'll run away and keep my pedantic comments to myself. Merry Christmas!

0
0
Alert

@Lee Dowling

You have identified the main flaw with windows and it's supposed user accounts.

In order to do anything, you have to run as a privileged user so windows lets AV run with all power to do anything, even delete core system files. Great approach eh.

Its because this would be unlikely on a linux system that so many people here are taking exception to the anti-linux comment further up, by someone who criticises what they dont understand.

0
0
Thumb Down

@Forget Cyber Terrorism

"Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows."

That sounds great. Will you be paying for all the re-training of the sysadmin and users, software replacement and downtime needed for all the 'upgrades' and changes?

Despite the anti-windows seniment you get everywhere from overly-vocal linux fanatics, windows is still everywhere. And it will continue to be, as its what people know and can use easily. So unless you're happy to dress linux up EXACTLY like XP, and have it function EXACTLY like XP, then its easier in the long term to stick with what people can already use.

Linux aint free when it comes to upgrading corporate systems. The hidden costs are still there.

0
0

@Ross

Someone else who hasn't read the thread. How many more posters have got to say it? IT IS NOTHING TO DO WITH INTERNET EXPLORER.

0
0
Coat

What's that y'say?

Something wrong with Internet Explorer?

I use Firefox...

0
0

Page:

This topic is closed for new posts.

Opinion

frustration_anger_irritation_annoyance pain

Felipe Costa

Pressure to perform for stock market bearing down on disties
Columns of coins in the cloud

Michael Cote

Anything that simple to use has got to be complex to set up
Internet of Things

Gavin Clarke

This time, Larry's Oracle is going after the networking giants

Features

No email? No CRM? No Daily Mail iPad edition? You need a plan
Sinofsky's hybrid strategy looks dafter than ever
Failure to crack next-gen semiconductors threatens to set back humanity
SMEs get lip service - what they need is dinner at the Club