Explorer.exe virus disabled my pendrive ejection

I tried to safely remove my external hard drive but was unable to. Every time I go to the Safely Remove Icon to safely remove my external hard drive, I get this error message “The device ‘Generic Volume’ cannot be stopped right now. Try stopping the device again later. I can wait for hours but still unable to safely remove my external hard drive. Weird thing was, I closed all the running programs, and I can still see my external hard drive LED light blinking.

It means there is activity and something is accessing the external hard drive. The best tool to find out what is accessing the external hard drive is Unlocker. I right click on my external hard drive letter and select Unlocker. Clearly Unlocker shows that explorer.exe is accessing the folders in my external drive. I click the Unlock All button, and tried to safely remove my hard drive, I still get the message “The device ‘Generic Volume’ cannot be stopped right now. Try stopping the device again later.” Again I use Unlocker to check what is accessing my drive, it still shows EXPLORER.EXE but this time it is accessing a different folder. The only solution I can think then is to kill explorer.exe process using Windows Task Manager and then launch Safely Remove Hardware window using command line. It worked! However, this is only a temporary solution and not a real solution to this problem. To fix this problem, I need to know why is explorer.exe accessing all my folders in my external hard drive? In Services, there is an “Indexing Service” which indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. I stopped and disabled the service, still didn’t fix the problem. I also disabled Offline Files and System Restore, still the same problem. Finally I decided to install an anti-virus program and it detected that my explorer.exe is infected by JambanMu, Alman or Almanahe virus! I was shocked to know about this because I just reinstalled Windows with third party programs and restored files. The chances of being infected by Almanahe virus is quite slim. After a while, I also found out that many of my executable files (EXE) are infected by Almanahe virus. It seems that Almanahe virus can and will infect executable files. The next thing I did was tried using AVG Win32/Alman Removal Tool to disinfect the virus from my EXE files. After scanning and cleaning with the removal tool, I noticed that my external drive LED doesn’t blink when I am not accessing the drive and I can use Safely Remove Hardware. What I learn from this experience is EXPLORER.EXE shouldn’t access external hard drives. If it does, very likely a virus has infected the explorer.exe

You can leave a response, or trackback from your own site.

Leave a Reply