PDA

View Full Version : "Windows Explorer Has Stopped Working" loop in Vista


Lance Uppercut
03-07-2010, 05:41 PM
I'm attempting to fix a friend's computer. After an abnormally long startup time, Windows Explorer will just suddenly close, and attempt to restart. It'll do this several times until Explorer just stops working for good and I have to restart it manually through Task Manager, then it'll start the loop all over again. System Restore did nothing, and I left her for now with her PC on safe mode with her anti-virus running. I suspect some kind of trojan or worm. She also doesn't know where her Vista disc is (it's her boyfriend's pc, custom built for him, so I'm guessing it would have to be an OEM disc, but he's out of town and not reachable at the moment). Any ideas on what it is and how to fix it?

Lance Uppercut
03-08-2010, 06:20 AM
update:

-It is a trojan
-It is very persistent. I booted to safe mode and ran Stinger AVG, Malware Bytes, and Ad Aware, but it still won't work.

I found out you can burn a Vista disc from Microsoft and use it as long as you have the serial key, so I'll be doing that. But wiping everything and starting over is a last resort, and I want to avoid that as much as possible. Anybody have any suggestions?

Seika
03-08-2010, 06:35 AM
I've seen this one before.

One time Combofix worked and cleaned it completely. :)
Another, I had to wipe the drive and reinstall. :(

CappinCanuck
03-08-2010, 08:43 AM
Anything worth saving on the comp that can't be backed up? It's pretty tough to manually clean some virii.

If you were up for the task, you could start by finding out the running processes, going through the registry and look at any other dlls or strange file types associated with those reg keys to build a network of the filenames that this virus creates. You'll need to delete everything within 1 startup because it will likely reproduce them all the next startup. Also, some of the files could have randomized names each startup. You can use Hijackthis to get a complete list of running processes and killbox to delete the running dlls. This will usually take a long time, lots of trial and error until you figure out the extent, of its spread, well enough to clean it in one go. Also note any changes after killing the first or second process, there can be redundant ones that come up after.

You can manually start all the services in safe mode, like the ones associated with installation and running programs. Sometimes this will be blocked by some virii so you'll have to get creative.

Karak
03-08-2010, 11:19 AM
update:

-It is a trojan
-It is very persistent. I booted to safe mode and ran Stinger AVG, Malware Bytes, and Ad Aware, but it still won't work.

I found out you can burn a Vista disc from Microsoft and use it as long as you have the serial key, so I'll be doing that. But wiping everything and starting over is a last resort, and I want to avoid that as much as possible. Anybody have any suggestions?

Combofix.exe

CappinCanuck
03-08-2010, 02:37 PM
Combofix.exe

Always worth a try. Even if it doesn't work, it'll help go through your hijackthis log.

http://www.combofix.org/

Lance Uppercut
03-08-2010, 08:46 PM
Will that work on Vista? It says something about needing Windows Recovery Console, which is on XP.

edit: yes it does. Got rid of the thing with a combination of combofix and Malware Bytes.