Exp1orer.exe process Trojan Removal Method

Source: Western Network

This trojan is tricky to kill. Based on the experience of other experts, I will describe in detail how to clear it in NT/2000/XP. For ease of use.

After the trojan enters the computer, the three main files are generated: interapi32.dll, interapi64.dll, and exp1orer.exe is easy to confuse with javaser.exe. It is the number 1, not the letter l. After the virus enters the process, it will consume a lot of system resources and start with the resource manager. The removal method is as follows:

1. Disable the restore function of the XP system. Specifically, you can go to the Group Policy search or right-click my computer properties to disable the system restoration function.

2. Enter regedit at run and open registry editor. Delete the following key values

[HKEY_CLASSES_ROOT \ CLSID \ {081FE200-A103-11D7-A46D-C770E4459F2F}]
@ = "Hookmir"

[HKEY_CLASSES_ROOT \ CLSID \ {081FE200-A103-11D7-A46D-C770E4459F2F} \ InprocServer32]
@ = "C :\\ WINNT \ system32 \ interapi64.dll"
"ThreadingModel" = "Apartment"

[HKEY_CLASSES_ROOT \ CLSID \ {081FE200-A103-11D7-A46D-C770E4459F2F} \ ProgID]
@ = "Interapi64.classname"

[HKEY_CLASSES_ROOT \ interapi64.classname]
@ = "Hookmir"

[HKEY_CLASSES_ROOT \ interapi64.classname \ Clsid]
@ = "{081FE200-A103-11D7-A46D-C770E4459F2F }"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ ShellExecuteHooks]
"{081FE200-A103-11D7-A46D-C770E4459F2F}" = "hookmir"

3. restart the system, go to the Folder Options menu, and click the view tab to display the hidden files and folders, and the system files and extensions. Find the interapi32.dll, interapi64.dll, and exp1orer.exe files under Windows/WINNT (2000/NT)/system32and delete them.
(Note: exp1orer.exe is disguised as an image icon in jpg format. Be cautious. In addition, you can change the folder tab to its original status after virus removal)

You can clear the Trojan horse. If you have any questions, please advise. Thank you!