No explorer.exe
Results 1 to 10 of 10

Thread: No explorer.exe

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    No explorer.exe

    Hi Guys,

    Windows 7 32 bit doesnt start explorer once logged in , jsut get a blackscreen. Have to manually start explorer to get a desktop. Not much in Events log ...

    Any ideas?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    HYBR|D
    Guest
    Any changes made to the system prior to this starting to happen?

    Are there any noteworthy events in the event logs that could be relevant?


    Consider running chkdsk /r on your drives, and also try running sfc /scannow.


    You might use a program like ShellExView or Autoruns to manipulate what Explorer.exe loads. Often times this type of problem is caused by a faulty third-party shell extension or other module that is somehow caused to load into the address space of explorer.exe. Given that the faulting module path is unknown, it seems like a wild read/write, or else code may be referencing a module that is no longer loaded.


    In addition, check for malware with your anti-virus program.

  3. #3
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    Sounds like something malicious replaced the startup explorer.exe with a malicious program to spawn a backround shell.....I would go with HYBR|D on this, an sfc /scannow should do the trick......a Malwarebytes scan should be done as well......Good Luck!
    "It is a shame that stupidity is not painful" - Anton LaVey

  4. #4
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe rundll32.exe pgsb.lto csxyfxr) Good: (Explorer.exe) -> Quarantined and deleted successfully.
    Hmmm, i didnt check that key myself and jsut deleted. Anyone know what I would be looking for in there if I didnt clean it?


    Also, very embarrasing that our AV didnt pick this up and a freeware app like MB picks it up.

    Edit: does anyone know why Malware bytes has such an effective detection rate and its a free product? (besides the paid for version)
    Last edited by Cider; May 31st, 2010 at 03:37 PM.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #5
    Banned
    Join Date
    Jan 2008
    Posts
    605
    And I quote,
    After finding additional evidence, Malwarebytes conducted a test and added fake definitions for a fake rogue application to its database of malware.
    in a November 3rd, 2009 article on cnet.
    http://news.cnet.com/8301-27080_3-10389650-245.html

    cnet in itself has a habbit of under-the-table partnerships with small time software outfits. They write about and review these products while getting paid as an advertiser.

    These are the people you want secretly standing over your shoulders when your using a computer?

  6. #6
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Spec, what exactly are you saying in resposne to my question? That MB has a major false positive issue?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi there Cider, where were you when I was getting on my ?



    Spec, what exactly are you saying in response to my question? That MB has a major false positive issue?
    No, he is pointing out that Malwarebytes had a problem with some Chinese rip-off merchant and set a trap for them by including a bogus malware definition in their file. It caught the Chinks out well and good, but it might have caused a problem if it had detected a false positive in a user's system.

    His theory is fine, but has a real life probability of somewhere between zero and minus infinity

    Another thing:

    These are the people you want secretly standing over your shoulders when your using a computer?
    He cannot be referring to Malwarebytes' free edition as that only does something if you physically go in and tell it to?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Quote Originally Posted by nihil View Post
    Hi there Cider, where were you when I was getting on my ?





    No, he is pointing out that Malwarebytes had a problem with some Chinese rip-off merchant and set a trap for them by including a bogus malware definition in their file. It caught the Chinks out well and good, but it might have caused a problem if it had detected a false positive in a user's system.

    His theory is fine, but has a real life probability of somewhere between zero and minus infinity

    Another thing:



    He cannot be referring to Malwarebytes' free edition as that only does something if you physically go in and tell it to?

    When was it Nihil?

    I dont think this was a false positive. Whether or not MB does it via on-demand it has still picked up an infection where normal traditional AV with resident scanners failed to.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  9. #9
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    ... i didnt check that key myself and jsut deleted.
    Ah padawan, so how will you know if it was malicious, or if you still have the files on your computer even though they are not being called up right now? How can you provide a sample to your people to examine?

    Anyone know what I would be looking for in there if I didnt clean it?
    I am no registry expert, but how about explorer.exe rundll32.exe pgsb.lto csxyfxr

    or anything other then Explorer.exe ?

    AFAIK, that key can be used to start alternate shells, or additional shells, so having something other then Explorer.exe may not be malicious, depending on the Administrator: but it may. ( Can be used to customize Windows )


    Also, very embarrasing that our AV didnt pick this up and a freeware app like MB picks it up.
    No tool will get everything, that is why most here recommend running several.

    What is embarrassing is that Windows 7 got infected!
    And that maybe you are running with a privileged account?

    Happy belated nihil
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  10. #10
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    By default, Windows 7 doesn't let you run as admin. It has a decent permissions set up out of the box, which shocked the **** out of me, because with the other OSs they put out, not only was Admin the default account, in early version you couldn't do otherwise out of the box.

    And XP not having a password on the admin account and doing auto login was pretty funny... So with Windows 7, I was pretty shocked to see that not only does it NOT use admin by default without a password, but, when you DO log in, nothing is running as the admin account right at the start like before.

    Basically, if you want to run something as admin (Like, say, Spybot, so you can do updates properly, and do that Immunize thing properly, and so on) you have to right click on the Icon, and tell it to Run this as the admin. I haven't changed that much on my machine. Somewhat because I haven't felt like it, and somewhat because I didn't have to do much. I did lock a few things down, and I did turn off those damn auto updates...

    Which is another thing; Why do they have this set this way? Shouldn't they instead, have a check run to see the hardware you have and so on, and THEN decide?

    That was one thing I hated when I had Windows on my Laptop; I'd turn it on, log in, and then, WAIT.... Because even if I had the thing fully charged, I had to wait around for like EVERYTHING to sit there and look for updates. Windows update would tell me it was ready... Even if the damn thing wasn't connected to the net, it was trying to look for updates.... And then AVG did the same thing when it finally got done loading, and then everything else wanted a chance to look for updates.... And did it matter if there was no connection to the net? Of course not! It would try and waste my time and battery anyway!

    If it checked first this wouldn't have been a problem. And being that I had to get a Laptop I could actually pay for at the time, it wasn't like I went all out either. So it took a while before I could actually do anything.

    First thing I did was turn off those stupid updates. I turned off Windows update and had it set where I'd personally check myself (Which I did, all the time) and then it complained about THAT....

    And then AVG I told not to do the same, and then Windows Security center went on about that.... And you can see where I'm going here.... If you have a Laptop and you were trying to do something quickly because you didn't have time and needed to hurry up and do something, and you weren't even connected to the net, you had to wait for a LONG time before you could use the machine, because everything on there was trying to do an update check. And then you had to tell it "Yes I know you aren't connected to the net....No I don't want you to try again until I throw you through a brick wall...No I don't give a **** the machine isn't connected" And so on.

    A Smarter idea would be having Microsoft have something you can run when you first boot the OS that checks all your hardware out, and sees what you have, and makes a sane decision on what is going to happen when you boot. That way if you don't have top of the line everything, you don't have to wait for a half hour to type a note out real quick in the middle of a class room just to try and keep up.

    This is why my Wife has Slackware on Her Laptop; She can boot up without waiting for everything installed to try and update itself. And then of course in Windows if you turn that crap off in XP, Ohhhhhh are YOU going to be waiting... Because THEN you have to sit there while it tries ANYWAY to do updates, and click OK 50 times when it says it couldn't.

    I understand there are people in the World who NEED this stuff because they don't know HOW to do an update, and they don't get why they should, and they don't know a thing about the machine they're using. But for those of us who know how to click on "Windows Update" and have it install them...And for those of us who know how to right click on a little Icon in the bottom right of the screen, and select "Check updates" without the thing doing it... Couldn't they make a little application that ran, checked the hardware, and saw "Hmm, a Battery is detected, and no plug is plugged in charging, and there is no connection to the net....And the Cable isn't even plugged in...Maybe not run this **** right now?".

    My Laptop had XP and could not only tell me if it was plugged in or not, it could tell me how much battery I had left, and then, when I did plug it in, it could tell me I did that too. And even react to it with a brighter screen and more CPU power. And then, if the Cat5 got unplugged, it could tell me that too, and it could tell me when I plugged it back in that I had done so. So why can't it make a few more reactions?
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Similar Threads

  1. explorer.exe not executing
    By som2006 in forum Spyware / Adware
    Replies: 16
    Last Post: August 21st, 2008, 08:38 AM
  2. explorer.exe application error
    By al1aprize in forum AntiVirus Discussions
    Replies: 10
    Last Post: August 21st, 2006, 12:33 PM
  3. Running Desktop seperate from Explorer.exe
    By ShagDevil in forum General Computer Discussions
    Replies: 0
    Last Post: July 5th, 2006, 09:11 PM
  4. explorer.exe utilizing all available resources
    By imported_all_smiles in forum Operating Systems
    Replies: 8
    Last Post: May 2nd, 2006, 08:36 PM
  5. explorer.exe
    By mrg81 in forum Microsoft Security Discussions
    Replies: 7
    Last Post: June 30th, 2004, 10:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides