Question Wlanext.exe trojan?

Offlinex

Honorable
Jan 12, 2014
22
1
10,515
0
I have a process running wlanext.exe which is hogging up cpu. I did a bit of digging and found the location of this file isnt in system32 as well as the file hash doesn't match but I have scanned it with malwarebytes and superanti spyware both of which were unable to find it I also cant end the process or remove it. Help?
 

Offlinex

Honorable
Jan 12, 2014
22
1
10,515
0
Well I know its not a regular process due to the fact I have 2 Wlanext.exe with one location at C:\Windows\wmu3 and the other at C:\Windows\System32. They dont even share the same icon or file hashes

"Important: Some malware disguises itself as wlanext.exe, particularly when not located in the C:\Windows\System32 folder. Therefore, you should check the wlanext.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World."
 

Offlinex

Honorable
Jan 12, 2014
22
1
10,515
0
It instantly restarts, I actually started the system32 wlanext and they were both running I could end the system32 version and it wouldnt start back up. Also I have 0 Wireless capabilities on this desktop if that has any bearings.
 
process explorer's lower pane of data might identify what is causing the respawn, potentially allowing both to be suspended, then deleted, with any luck...

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

On the positive side, one can completely delete partition and reinstall Win10 from USB to a fast SSD in about 4-5 minutes or so these days...

(Freefixer might also show what is starting this up, particularly if it is relatively new file)

www.freefixer.com
 
May 13, 2019
1
0
10
0
I had the same issue recently. This process was consuming 50% CPU for apparently no reason. The file causing it was C:\Windows\wmu3\wlanext.exe

Scanning with virustotal.com confirmed it's definitely malicious. I also remember reading on some forum somewhere it might be a cryto mining trojan, which would explain the CPU use.

Anyway, I was able to stop the process from restarting itself by renaming wlanext.exe, then deleted it with no problems to the system. That seemed to have solved the problem.

https://www.virustotal.com/#/file/01da6a1ba810ab6cf70bb7d4e3ab3d7e88dd183bce6fa3b949e0f0d01de526ea/detection
 

Similar threads


ASK THE COMMUNITY

TRENDING THREADS