explorer.exe infected


Comodo antivirus came up with an infection on explorer.exe
It’s said it’s infected with Heur.Gen.Lama@117020836
I tried to let Comodo solve this but it wasn’t able to do that.
Any ideas on how to remove this thread or what it does?


Hey and Welcome!

Cracked Windows OS have the potential to contain malware and if the antivirus can’t quarantine it then I don’t know. Tell me do you have a cracked windows OS?

Can you tell me more about the os, like how did you got it.

Even if you can delete this infection be aware that you may not see start menu anymore


I have the same problem with the exact same error code Heur.Gen.Lama[at]117020836. I have legitimate version of windows 7, it came with the PC. So basically suddenly comodo started reporting that it hasnt whitelisted actions done by windows and reports explorer.exe as infected. I haven’t visited any suspicious sites or downloaded anything when this happened. Any help?

Hey and Welcome Kettu

If your windows copy came with the laptop then click on ignore. I recommend you to download malwarebytes, update it and fist a quick scann and then a full system scan. (the link below is the download link)



Thanks Valentinchen!
It’s a cracked version of windows 7 ultimate I got from torrents.

And it’s the explorer.exe in the sysWOW64 folder that’s infected…

I’t must’ve infected my pc because it didn’t came up when I first did a systemscan.

Does anyone now what this virus does? Can’t find it anywhere on the net.

I will try to what I can find out.

look here https://forums.comodo.com/av-false-positivenegative-detection-reporting/changing-the-start-orbfp-t60425.0.html


I’ve looked into that thread but forgive for being a newbie but I have no clue what this means:

“Reported FP has been fixed with DB 5733.If you still experience any problem on this,please let us know.”

Seems it was fixed but no idea how…

And it’s gone…
Really weird, I didn’t do a thing but tell Comodo to remove the thread and it gave me the report that it wasn’t, now if I scan the same file or the folder it’s in it doesn’t come up with any malware…
Maybe Comodo removed it after all?

of what i know comodo wouldn’t do anyting behind your back. It can be quarantined.

It’s not in quarantine… it worries me…

did you press ignore?

I don’t think that I did… Can I undo it if so?

Found it,
It should be in the exclusionstab in scanner settings and it’s not…
Is there a way to be sure that the file is clean?
I’ve sent the file to Comodo for analysis

I will put this topic in the malware research so that they can check it and give you advice. explore.exe is apart of the OS and if you delete it then will have problem unless you know how to do things through dos (cmd)

ok, thanks for all the help!

Hello, i also have this problem.
I just ran updates to:
PV: 5.0.162636.1135
VSDV: 7002
My computer was clean before i updated.

2010-12-09 16:09:22 C:\Windows\SysWOW64\explorer.exe Heur.Gen.Lama@117020836 Detect Success
2010-12-09 16:09:31 C:\Windows\system32\Wbem\WmiPrvSE.exe Heur.Gen.Lama@117020063 Detect Success
2010-12-09 16:53:53 C:\Windows\SysWOW64\explorer.exe Heur.Gen.Lama@117020836 Quarantine Failure
2010-12-09 16:53:54 C:\Windows\System32\wbem\WmiPrvSE.exe Heur.Gen.Lama@117020063 Quarantine Failure
2010-12-09 16:54:37 C:\Windows\SysWOW64\explorer.exe Heur.Gen.Lama@117020836 Quarantine Failure
2010-12-09 16:54:38 C:\Windows\System32\wbem\WmiPrvSE.exe Heur.Gen.Lama@117020063 Quarantine Failure

And all programs are not trusted anymore, they all ask if i will block or allow every thing.

I have submitted the files to comodo as FP.
I use win7 64 legal copy.

I’ve read on the forum that this was fixed but in my case it still isn’t.

Hi woodywood,

File is being detected due to heuristic rules. This means that respective sample is not in our white list, therefore was modified/altered. Please submit the detected file as false-positive at Comodo Antivirus Database | Submit Files for Malware Analysis and we’ll verify it.

Thanks and regards,

The one thing that sucks is you CAN’T delete an infected explorer.exe file, only cure it

I don’t think comodo can cure files yet, so something that can cure files will be needed

Dr Web can cure files and hopefully it can cure your infection

check you PM :slight_smile:

Thanks Jay2007tech!

After I submitted the file it was gone for some reason, I’ve scanned my computer and it didn’t come up with any problem anymore…
So the file is gone (it has never been in use I believe, it was not the explorer.exe in the windows folder, I have no clue on what it did or why the whole sysWOW folder excists).
Does Commodo do this if you send a file?
It keeps getting weirder and weirder…
Maybe a fresh install of windows is a good idea at this point

Maybe a fresh install of windows is a good idea at this point
I hear ya, Once a computer gets infected it's hard to trust it again

I hope you followed by PM exactly step-by-step and not try to cut corners. :■■■■