Explorer.exe eating too much memory

Status
Not open for further replies.
V

Vladimiros92

Posts: 7   +0
hey ive been using xp sp3 as long as it has been released and everything was running smoothly. Recently, though, there seems to be a problem with explorer.exe which takes up 80k-120k of memory without any programs running. I suspect a virus or spyware/malware stuff but my pc is totally clean according to: avira antivir free, counterspy, spyware doctor (with antivirus), stopzilla, combofix, malwarebytes antimalware and many more programs. Same thing seems to happen with messenger too but that can be justified by the presence of messenger plus or even the lastest version of live messenger wich is supposed to be resource ''hungry''. I'm worried about explorer.exe because I think its the cause of the fan noise that is piercing through my ears! Can anybody plz help me out? Any ideas are welcome...
 
Well, you ran all the program and think the system is clean. IF you want help with the possibility of malware, you need to run the programs in the Virus and Malware Removal HERE and attach the logs for us to review.

Malware can use the name of any legitimate files, so that must be eliminated first.

It is not recommended that Combofix be run unless the helper instructs you to do it.

Please include information about your system:
Make
Model
RAM
 
Well all iu can tell you about my pc is that it has one Intel Pentium D processor at 2.68Ghz and two ram kits of 1GB each (2Gb on the whole). My pc is running windows xp sp3 and i have noticed that all windows processes such as explorer.exe and svchost.exe are taking up unreasonably high amounts of ram such as 80k or even 120k at times. I have used combofix in the past to fix some malware problems and thats all. I've scanned again with the programs you told me to and my pc is 100% clean according to avira antivir, malwarebytes antimalware and superantispyware. Here are the logs of the last two as well as the hijackthis log, as you requested :)
 
Oh and also i should inform u about the malware removal instructions on the link u gave me. I have no p2p program installed and i have been using ccleaner for 2 years scanning at least 5 times a day for junk files as well as registry problems. As far as java is concerned i check for new versions on a daily basis and i sure have the latest one ;)
 
Sorry for the continuous replies i have to tell u one more thing. I don't know if it is normal but when I press ctrl alt del and i take a look at the task manager i can see svchost.exe is running four times! Is there a problem with that or is it normal? :S:S:S
 
That is normal, svchost (like the name might imply) hosts a number of different services that run as their own processes.
 
I have 7-9 svchost.exe running all the time. As mentioned, many services present with this name. However, malware can spoof itself as almost any file so if there are other problems, it's always a good idea to check it out.

Regarding:
i have been using ccleaner for 2 years scanning at least 5 times a day for junk files as well as registry problems.
Click to expand...
If you have this much 'junk' getting on the system, then you need to check your security settings. If they are set correctly and if you have reliable programs running, you shouldn't need to run this 5 times a day!

Do you empty the Recycle Bin after deletions?

There are some entries in the HijackThis log I'd like to ask you about, so open HijackThis to 'do system scan only' and look at the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.gr
This is a Google Greece search page. Did you set it as your homepage? If Yes, leave. If no, check for removal.

Did you set this? Is the language correct? If Yes, leave. If No, check for removal.

These two restrictions are present. Did you or the Administrator set them? Were you aware of them? If Yes/Yes, leave. If No, check for removal:
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close all open Windows except HijackThis and click on Fix Checked

You should verify the location of explorer.exe:
Note: The explorer.exe file is located in the folder C:\Windows. In other cases, explorer.exe is a virus, spyware, trojan or worm.

I would also like to verify this:
You are referring to explorer.exe, not Internet Explorer> is that right? I ask because you have IE8 and it is one big fat, bloated browser!

explorer.exe is Windows Explorer: a file manager application. It is the basic graphical file-system user interface in Windows and will always be running. It is also the component of the operating system that presents the user interface on the monitor and enables the user to control the computer.

Are you actually having any problems- other than the need to run CCleaner so often? IF you removed any of the entries in HijackThis that I asked about above, disable the STOPzilla Real Time Protection and run HJ again, attach new log.

Other than the entries I asked about, the logs are clean.
 
windows explorer is in c:/Windows and google.gr is in deed the home page i have chosen since i am from greece. I had no idea what the other two entries were about so i deleted them as u said...
 
I dont have any other problems and i have to admit that my pc is running ok now... i dont need to run ccleaner so often i just do it.... the only thing is the memory problem :S
 
i dont need to run ccleaner so often i just do it...
Click to expand...
Don't! It's not necessary. Did you see my question about deleting the contents of the Recycle bin?

. the only thing is the memory problem
Click to expand...
Okay, I still don't know if this is an actual "memory problem."

Did you verify the location of the explorer file as requested?
(Note: The explorer.exe file is located in the folder C:\Windows)
Right click on Start> Explore> Windows> on the right screen> do you have just the word 'explore' plus the 'explorer.exe' entries? That's what you should have. Do you have more than one of each?

Recently, though, there seems to be a problem with explorer.exe which takes up 80k-120k of memory without any programs running.
Click to expand...
Do you have a time line for 'recently'? If you do, try doing a system Restore to date right before 'recently' began. It's possible that you got some kind of update.

  • [1]. How often do you do a defragmentation? try doing that an see if the memory usage goes down.
    [2]. Is there any CPU usage at times when memory is high?
    [3]Is the problem that you open the Task Manager and see these numbers-or-are you actually having any problem. My guess is Yes/No.
But let's remove the cleaning tools you're carrying around:
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTCleanIt by OldTimer:
  • Save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the button marked "Create a Restore Point" on the first screen then click Next
  • Give the Restore Point a name then click "Create".
    The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you want.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Some Services run as svchost. You can review and customize the Startup type for the Services using this as your guide:
http://www.blackviper.com/WinXP/servicecfg.htm

Scroll down to the table of Services:
NOTES: Some Services NEED to start automatically on boot. Other can be set to Manual to start only as needed.A few can be disabled:
When in doubt, leave on Manual
Always check the Dependencies tab
 
Status
Not open for further replies.

Similar threads

B
Inactive Something is eating my my disk space, had a previous virsus
Replies
9
Views
4K
Broni
Broni
B
Solved 30 + ddlhost.exe processes spawned & connecting to anonymous IP addresses
2
Replies
28
Views
9K
Broni
Broni
smartzak
  • Locked
Inactive [A] Buffer overrun detected in Explorer.exe
Replies
9
Views
6K
Broni
Broni

Latest posts

Back