Antivirus Program Labels Windows Explorer a Virus

By Michael Santo
Executive Editor, RealTechNews

Linux users might actually agree with this “false positive”. On the other hand Microsoft breathes a sigh of relief, as for once the antivirus software in question is not Windows Live OneCare.

Kaspersky Labs, a smallish but well-respected (in fact, many believe it to be the most effective AV solution) security firm, released a set of virus definitions Wednesday night that could cripple your system — if you listened to its warning, anyway. The error caused Windows Explorer (explorer.exe) to be marked as infected with the Huhk-C virus.

Normally an antivirus (AV) program will give you an option to quarantine or delete the file. Either way, it would be hard to use any version of Windows without Explorer. Kaspersky Labs fixed the problem with an update within two hours, but for some the damage was already done.

The company posted a KB article on their site with instructions on how to recover explorer.exe. Of course, that only helps if you quarantined, not if you deleted, the file.

We Say: The moral: I’ve said this before: if a critical Windows system file is marked as infected, do not immediately delete (or even quarantine it). Ask at the AV vendor’s site first. On the other hand, I realize that most people wouldn’t recognize a critical Windows system file.