0
Operating system: Windows 7 Architecture: 32 bit Antivirus software and on-demand scanners on this system : ESET smart security Malwarebytes Antimalware Spybot Search and Destroy
Date and how issue started: I don't remember how it started, but when I boot into my Windows OS, A default browser (Chrome) Window opened with indiasearcher.in/fsquirt.exe page.
If I close the browser, "Windows explorer has stopped working" message box appears and system becomes very slow. I couldn't open control panel as well as windows update and other control panel items.
I somehow managed to boot into safe mode with networking and cleaned with Malwarebytes as well as Spybot S&D. I had Bitdefender IS 2013 at that time and also performed a scan with it. I think I succeeded partially.
Current issues and symptoms: Right now, "Windows explorer has stopped working" no longer appears, but still A browser windows opens at startup. I installed ESET smart security now and performed scan again. It cleaned two .js files JS/Kryptik.ALI Trojan, but my issue still persists.
Any ideas how to identify which process initiates the browser launch during startup?
kunaguvarun
Posted 2013-09-20T03:49:35.287
Reputation: 117
as silly has it seems, could you check that it hasn't changed your browser short cut? If it was firefox, I'd also reset it to default settings, but I have no clue if it works on chrome. – Journeyman Geek – 2013-09-21T07:09:04.103
Thanks for responding. I think malware is trying to launch whichever the default browser is. I'm not sure how to detect which process in my system us helping it during startup... – kunaguvarun – 2013-09-23T14:20:57.660
Guess I've figured out the process which helps the malware.
It is "explorer.exe". I now tried to kill process from task manager and tried to open a new task "explorer" in task manager. Voila. Google chrome opened with fsquirt.exe web page.
Now how do I stop this? – kunaguvarun – 2013-09-23T14:55:32.903