explorer.exe problems

I may not be posting this in the right place, but I suspect a Trojan may be at the root of my problem.

Over the last few days explorer.exe (and to a lesser extent services.exe) have started eating up serious CPU time. It never gets to 100% - normally between 15 and 50%. Enough to be annoying and worrying.

A bit of searching here and elsewhere did lead me to a file called conime.exe which was lurking on my system and I believe is trojan related. But getting rid of conime did not solve the CPU usage problem.

Using process explorer revealed that the explorer.exe thread that's using all the CPU time is: "nt.dll!RTLAllocateHeap+0x18c". No idea if that info is of any help though. I have gone through the usual process of virus scan/Adaware/Spybot and appear to have the all-clear there. Any thoughts appreciated. My system is XP SP2.

 

I may be in the wrong place after all. After endless hours of very boring experimentation, the problem seems to be related to the XP Plug and Play Service. When I disable it (not recommended, of course), the CPU usage issue goes away. Switching the service to manual doesn't help.

So I'm guessing it's an issue with a device connected to the machine. Any thoughts still appreciated, of course. And thanks to those who've read the thread.

 

I did a little research..it seems conime.exe is indeed a trojan:
http://www.liutilities.com/products/wintaskspro/processlibrary/conime/

It's highly unlikely that 1 trojan would cause a system slowdown. You would have to have a few if not many installed to see any kind of slowdown. It also depends on which trojan is installed, behavior, etc. You should definately perform an online virus scan with bitdefender,kaspersky, or another online AV scanner...just to be sure you don't have any other trojans or backdoor programs on your PC.

I would try removing all plug and play devices from your machine...then rebooting? No idea though.

Maybe a system restore?

 

Thanks for your reply, Toby75. A system restore's not an option, I'm afraid. I have it switched off.

I have now spent the best part of three evenings trying to solve this without success. I do know that it I kill explorer.exe, my CPU usage falls to the normal 0-2% (when idle). But of course my desktop disappears. Similarly, if I use Process Explorer to suspend the dodgy process ("nt.dll!RTLAllocateHeap+0x18c" referred to above), that solves it too. So that's a workaround I guess.

I know that if I understood the ins and outs of Process Explorer I could probably zero in on the culprit. But it really should be easier than this to work out problems like this. Mr Gates still has a lot of work to do to make Windows really user friendly.

 

If you are using process explorer, go to the RtlAllocateHeap thread entry and click the "Stack" button.

This will tell you what called in to the allocation routine.

 

Hi,

You could use msconfig to try and stop it from starting up for now.

Upload conime.exe to here for analysis

http://www.virustotal.com/en/indexx.html

nt.dll!RTLAllocateHeap+0x18c is mentioned in here

http://www.experts-exchange.com/Operating_Systems/Q_21566397.html

As Toby75 suggests some scans might help. and Bitdefender should find and remove it if it's malicious,

http://www.bitdefender.com/scan8/ie.html

Also try these

http://housecall.trendmicro.com/

http://www.webroot.com/consumer/products/spysweeper/freescan.html

http://www.ewido.net/en/

Hope it helps


StevieO

 

I would also like to add that not every version of conime.exe is a trojan! conime.exe is also installed along with windows xp in the C:\WINDOWS\system32 folder, I also have this file and it turns out it's the ''Microsoft Console IME (Input Method Editor)''. It executes whenever a command prompt is opened, so it seems that it's used for Asian language input support in the command prompt.

heres some links

http://www.kephyr.com/filedb/index.php?viewtopic=conime.exe

http://discussions.virtualdr.com/showthread.php?t=185068

http://www.processlist.com/info/conime-5.html

 

I had a very similar problem. After the restart following certain installations or unexpected power losses etc. Explorer just keeps crashing on startup. This time I had a look with Process Explorer and RtlAllocateHeap+0x18c was the culprit.
Disabling Plug and Play solved the problem to a degree, the system started, but toolbars and Start menu etc. were unavailable.
For me the true problem was caused by Sunbelt Kerio Personal Firewall 4.3.246. It was freshly installed. Disabling its service let the system boot up completely normal, and if I started it after booting it causes no problems whatsoever. So it's on Manual right now as a workaround. Hope they fix this issue soon and also hope someone with similar problems will find this post helpful.