Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost explorer.exe after Kapersky Scan


  • Please log in to reply
11 replies to this topic

#1 cayuse

cayuse

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 13 May 2005 - 04:36 PM

Hello. My main problem is that I have "lost" explorer.exe on my personal PC after running Kapersky Anti-Virus Scan today. One of the threads in this forum said to ask the forum if this occurs.

Approximately six weeks ago I ran McAfee Viruscan and there was a virus/Trojan that is didn't recognize and couldn't delete. This is when my problems started. It disabled McAfee and I have spent much of the six weeks trying to recover from all of this. I finally came upon this forum suggesting Kapersky and I think this one will work; I actually got a window from McAfee Security Center wanting to update my files.

I currently sit here using my work PC (I telecommute) to write as my personal PC only shows the desktop background and I can only access Task Manager. When I try to run C:\Windows\explorer.exe, I get the error that it cannot be found, even though I just browsed and selected it.

Is this recoverable so I can get my desktop back?

Thank you.

BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:55 PM

Posted 13 May 2005 - 07:26 PM

Hi cayuse and welcome to Bleeping Computer

What is your operating system and do you have the Cd for that system?

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 cayuse

cayuse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 13 May 2005 - 07:32 PM

I'm sorry. It's been a very long day and it's Friday.

I am running XP Home. And, no CD for OS. It's an HP Pavillion that has the recovery/restore on a separate partition. We did have to purchase a Home Edition for another computer because XP Pro kept screwing up things.

Thank you for responding so quickly.

#4 cayuse

cayuse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 13 May 2005 - 07:35 PM

I did forget to note that the explorer.exe file was modified during the scan, or just when it finished. The original file was created Aug 17, 2001.

I also ran sfc /scannow with no results.

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:55 PM

Posted 13 May 2005 - 07:38 PM

Running a Restore will probably work. Have you tried Safe Mode with Networking to either download Kapersky or run some on line scans?

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 cayuse

cayuse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 13 May 2005 - 07:49 PM

No, I have not done either. I am avoiding getting back online until I have some protection. Though I'll give it a try later and respond with the results.

Otherwise, might it be a good idea to install the new version of XP Home recently purchased?

Thanks.

#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:55 PM

Posted 13 May 2005 - 09:04 PM

Rather than do that, if you are not worried about losing your data, you could run the restore. You should probably identify your hardware and obtain the needed drivers before loading the new XP in case some of your hardware is not supported. The restore contains the proper drivers but the XP may not as the restore partition is customized to that machine.

Have you tried a recovery? That might be all thats needed.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#8 cayuse

cayuse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 16 May 2005 - 05:48 AM

System restore did not work. I got too anxious and tried loading (from CD) and upgrade. Nothing. Then performed a complete load. Test performed prior to load indicated hardware was compatible, etc., Still nothing. Any thoughts before I call the repairman?

#9 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:55 PM

Posted 16 May 2005 - 07:03 AM

I don't believe it is possible to "upgrade" from XP Home to "Pro".

You would have to fdisc the drive and do a complete install.

Why anyone would want to do that is curious though - pro is a far better op system.

The best thing to do is repair what is wrong with your system and keep pro.

#10 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:55 PM

Posted 16 May 2005 - 08:30 AM

I am avoiding getting back online until I have some protection


Doesn't seem it will make much difference now. Ensure that you have the XP firewall working and only do an online scan or download Kapersky and you will be fine. Don't check email or go to any other websites.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#11 cayuse

cayuse
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 16 May 2005 - 09:02 AM

Thank you to all.

I did not upgrade to Pro. Still on Home Edition because I'm on satellite for internet and the installer didn't recommend Pro with the satellite. But it has SP2 on it. I still get no desktop except for the background screen I was using and I can access task manager.

One item I am curious about is when I ran msconfig, under boot.ini, it reads:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Is this right? I googled the last line and all but one of the answers to quetions with similar problems wrote with the last line not having the /noexecute. The one that said it was ok of course said it was ok for SP2. What does it mean? A dummie like me would read noexecute and don't execute Windows, which I'm sure is not the case.

Thanks again to all for your help.

#12 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:55 PM

Posted 16 May 2005 - 09:46 AM

/noexecute
The /noexecute parameter enables Data Execution Prevention (DEP), a set of hardware and software technologies designed to prevent harmful code from running in protected memory locations


On Windows XP with SP2 and later versions of the Windows client operating system, the default value is /noexecute=optin


So I would say that noexecute is stopping explorer.exe from loading because of Data Execution Protection as it sees that file as harmful due to its corruption that you mentioned earlier.

What you do about that is an entirely different matter. The other parameters that you can change optin to are listed here.

alwaysoff
Disables DEP. Attempts to enable DEP selectively are ignored. This parameter also disables physical address extension (PAE). To re-enable (PAE), use the /pae parameter.


The way I read that, if you change optin to alwaysoff, you will be able to load explorer.exe and get your desktop back. But I don't know what the consequences might be. BSOD? Maybe. Certainly no physical damage. If you need data off the machine that might allow you to do that. If you can get that explorer.exe out of McAfee quarantine (if it was backed up) you have a virus infected machine, albeit a running one.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users