Is C:\Windows\syswow64\Explorer.exe a virus?

windows windows-10 windows-explorer virus

9,522

Solution 1

So, as it turns out, it was a virus.

I rebooted my Windows after scanning it to find that it had triggered a diskpart on my machine, wiping my hard drive.

I took it to the local computer store, and the guy that worked there said that it would of caused it. (He somehow managed to check logs that were on my motherboard.)

Virus Total said it was a virus and Malwarebytes said it was a virus, but I couldn't remove it.

Ah well, i'll just switch to Linux then :D

Solution 2

No. Most likely is not (of course you can do a virus check to make sure it isn't a replacement).

Windows has two variants of the explorer.exe: one for 32 bits and one for 64 bits use. It is the Windows shell executable. There is nothing wrong in having two versions hanging around.

Most likely a shell plug-in or something like that caused the massive CPU load.

Solution 3

No, this is the 32Bit Explorer.exe on a 64Bit Windows. This is called Windows 32-bit on Windows 64-bit (WOW64) to be able to still run 32 Bit applications on a 64 Bit Windows.

Don't worry, your PC is fine.

Solution 4

Upload file in question to https://virustotal.com/ to be sure it isn't malicious substitution.
C:\Windows\syswow64\Explorer.exe itself is legitimate program on windows

View more solutions

9,522

MaliciouZzHD

I am a student currently in year 9 that asks ALOT of questions, because I am keen to learn! I code in C#, bash and python, and am hoping to get a job en either: Cyber Security IT and/or Software

Updated on September 18, 2022

Comments

MaliciouZzHD over 1 year
I was recently playing CS:GO, and I noticed it was more laggy than usual, so I decided to check Task Manager. I then noticed that Windows Explorer was using ALOT of CPU, so, I looked at the "command line", and it said
```
C:\Windows\syswow64\Explorer.exe
```
So not thinking, I though "It must be doing something", until I decided to end it, but it didn't do the normal thing where you have to start it up again, and then I found another "Explorer.exe", hardly using any CPU, but this time, in
```
C:\WINDOWS\Explorer.EXE
```
Heres a screenshot of the location, in windows explorer:

$Screenshot of C:\Windows\syswow64\Explorer.exe$

Here is a screenshot of Task Manager, filtered to highest CPU Usage:

Screenshot of Taskmanager, filtered to highest CPU usage

After looking at alot of forums and stuff, I don't know if its a virus or not :P

Anyway, if anyone could answer, that would be great

Thanks
Admin over 7 years

Using explorer to check the signature of explorer. What could possibly go wrong?
Admin over 7 years

I tell you what could go wrong: The result comes as not okay. Just as a leopard can't change its spots, a virus cannot mask its own SH256 signature.
Peter about 7 years

While it's very good of you to come back and write an update, please make sure that what's written can actually be read. Aside from grammar spelling and punctuation, it's also good form to include sufficient information so the reader can follow the thought process. P.S: I wasn't the downvoter.
Ramhound about 7 years

"Malwarebytes said it was a virus" - Why didn't you originally state this in your question?
MaliciouZzHD about 7 years

Because I didn't have MalwareBytes when I asked the question. I donwloaded it after I asked .-.