Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer Has Gone Poof! Desktop Is Blank


  • Please log in to reply
5 replies to this topic

#1 gofergal

gofergal

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 29 June 2007 - 02:28 PM

Hi I have a friend I am trying to help and so far nothing has worked. He ended a task (tree) in Task Manager (he is not even sure which task it was.. something using all his memory... but I suppose it was explorer.exe) and now he only gets a wallpaper screen when he logs in. There are NO icons.. NO task bar.. NO right click...etc. IN fact the ONLY thing he can do is bring up Task Manager and try things from there.
Here is a list of things other people have suggested and we have tried.


Task manager is only thing we could access and we tried to switch to system restore, and explorer.exe. Neither of them worked.

We could use the command prompt, but I am not very knowledgeable about working from DOS... but we were able to run sfc /scannow twice but it appears it did not do anything. We even tried to create another user account and when we logged in with it the screen was just blue..and still no icons or task bar. Also, when browsing in Task Manager we could not find any windows folders. The only folder that appeared under C:/WINDOWS was the System32 folder. So, we were unable to find the explorer.exe file to try and restore.

We saw from command prompt that explorer.exe was in the windows directory but have no idea how to get it working.

He has a partially installed/deleted corrupt version of windows on his computer, so we tried both windows and windows2 to make sure we were in the right one.

We did what was suggested in a couple of forums:
We downloaded a .vbs file from here: http://www.kellys-korner-xp.com/xp_tweaks.htm line 195(right column) the "Restore Desktop Icons and Taskbar" .vbs file. We Saved it to the thumb drive and transferred it over to the damaged computer and tried to run it from task manager but were unsuccessful. I kept saying it could not find the file.

It was suggested that maybe he had a virus or malware... but we couldnt figure out how to run that without the computer working.

We tried to do the repair installation and it didnt work. It would just abort.
We also tried most of these from safe mode as well.. and no difference.

At this point we are totally frustrated and don't know where to turn for help. He has a ton of files that he would like to preserve... maybe if we have to reinstall windows..as an absolute last resort... someone could walk me thru how to save his files before. I have never done that .. I am hoping it is simple?? haha.. wishful thinking.

Any other suggestions are appreciated...
Thanks
gofergal

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:01:36 AM

Posted 29 June 2007 - 03:09 PM

You can try to access the drive using the Ultimite boot disk
Mark
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Marigold

Marigold

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 30 June 2007 - 09:20 PM

Have you tried bringing up Task Manager and in Applications choosing New Task.

In the box that comes up type explorer.exe

#4 gofergal

gofergal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 10 July 2007 - 11:29 PM

And now Chapter 2....
We were finally able to do a repair to windows... but we are crippled.. since he cannot get the SP2 to finish installing and thus, not all the updates. We are now trying to battle his trojans.. He seems to have something caught in his system32 file that won't give up. We have tried all of the programs we can think of.. from Ad-Aware, Spybot S&D, Avira, ClamWin, Super Antispyware, HouseCall, and a few more I am sure I forgot. The problem is...... his Windows Installer is damaged and we cannot repair/register or get it working so we cannot install some of the programs we wanted to try. Avira scans and when it gets to that trojan it cannot quarantine or delete it .. it says it is running or something. We even downloaded killbox and it did nothing. The dang trojan is still there.
Here is the avira scan. Any help would be appreciated. Even if someone can tell us how to get Windows Installer to work.
Thanks
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS2\$NtServicePackUninstall$\secdrv.sys
[DETECTION] Contains signature of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '46f56e5a.qua'!
C:\WINDOWS2\system32\fzoobjxy.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS2\system32\ijjbijj.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS2\system32\ijjbijj.dll.bak
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS2\system32\drivers\secdrv.sys
[DETECTION] Contains signature of the rootkit RKIT/Agent.DQ.31.A
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Runtime//Enum]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services//Runtime]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME\0000//Control]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME//0000]
[INFO] RKIT/Agent.DQ.31.A:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root//LEGACY_RUNTIME]
[INFO] The file was moved to '46f572fa.qua'!
C:\WINDOWS2\system32\drivers\txmjyryd.sys
[WARNING] The file could not be opened!
C:\WINDOWS2\Temp\startdrv.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.buy.42
[INFO] The file was moved to '46f37323.qua'!
Begin scan in 'E:\' <WD Passport>


End of the scan: Monday, July 09, 2007 13:39
Used time: 1:39:31 min

The scan has been done completely.

6946 Scanning directories
335338 Files were scanned
6 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
335332 Files not concerned
6160 Archives were scanned
6 Warnings
0 Notes
0 Hidden objects were found

#5 Timthetec

Timthetec

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 29 November 2007 - 05:42 PM

Hi guy:

I like to post this for everyone to see and help them kill the nasties that is infecting yours and others computers.

I see from your hijack you are infected, BAD!!! Running Anti-virus in save mode will get rid of most of them. However, On a computer that I just recently service, startdrv.exe is copy of the orginal nasty. No AV running on your computer (even in safe mode) will get the master. By the way the master is ntos.exe. It is loaded right after userinit.exe to give an ideal how powerful it is (it is a service level).

The only way that I can remove it (It took me 4 hrs for the answer and I was pisst!!!) was to removed the drive from the computer and hooked it up to my laptop and scan it.

I WIN!!!! it LOSE!!!! :thumbsup:

Again, This is to help people that keep seeing startdrv.exe in there windows\temp folder.

Timthetec.

#6 usasma

usasma

    Still visually handicapped, new avatar (a camel) :0)


  • Members
  • 16,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:36 AM

Posted 29 November 2007 - 06:39 PM

Virus removal is a real chore - and if the malware is messing up the OS, it's even worse.

Here's a couple of suggestions:
1) Boot into a PE mode and run the scanners there
2) Backup the data and then do a clean install Windows.
- John
**If you need a more detailed explanation, please ask for it. I have the Knack. **




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users