Virus in Explorer.exe

Hello mates.

My computer has act very strange the last time, Im nearly 99% sure that the virus is in Explorer.exe.

Everytime I open my computer and open the task manager, there’s an application wich is called AVG-Anti Virus (Deleted it, and downloaded Comodo) I pressed “Go to process” and I came to Explorer.exe

Due to this problem my computer act pretty weird, takes alot of CPU and also the most irritating I can’t alt-tab on some programmes.

I scanned it on virustotal and I found this: eSafe 7.0.17.0 2009.04.23 Win32.Banker ← the threat.

If anyone knows how to solve this problem, would you please make a reply as fast as possible?

Kind Regards,
Jeppish

Greetings, please follow this guide and afterwards post back the hijackthis log.

https://forums.comodo.com/virusmalware_removal_assistance/what_to_do_if_youre_infected_experience_rev2-t32467.0.html

Good luck,

Xan

Here is my hijackthis logfile.

[attachment deleted by admin]

I’m wondering what these entries are ?

C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘SYSTEM’)
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User ‘SYSTEM’)

Xan

That’s not normal. SYSTEM isn’t meant to have entries in the Startup directory. However, I don’t know if these would actually be executed by explorer since it should only run All Users\Programs\Startup and [user]\Programs\Startup. And explorer wouldn’t be running as SYSTEM.

That multi IP address changer seems to have a bad reputation and could be causing problems:

http://www.prevx.com/filenames/4074204249689711903-X1/TIBIA+MULTI-IP+CHANGER.EXE.html

Before I suggest anything, what do the other mods think?