Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is virus cause of "windows explorer" and "taskmanager" error lockout?


  • Please log in to reply
7 replies to this topic

#1 xdbguard

xdbguard

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 May 2010 - 08:58 AM

Hi. New to the forum.

I have a Dell Inspiron 1505, Vista, Wireless.
I have a Dell desktop of some sort, WinXP, wired.

The problem is with the laptop and following is the sequence of events as I best remember them.

Monday, May 17 a male user opened up a facebook message and when he alerted me something happened, I turned to see an "image" of my computer showing windows security alerts for viruses/trojans on each drive. Not believing he could have been infected from opening a text message on facebook, I gave a cursory glance and determined it to be a "gag" virus and failed to take any information or deem it any threat. At the time I did not have an anitivirus program.

I installed and ran mcafee full security suite and found some items. At that time I went to work and left the rest of the process to a family member. I assume he performed the recommended actions. He ran the scanner again and came up with nothing. When I returned home the next morning, the laptop was in proper working order.

Tuesday, May 18 I used the computer for most of the day, mostly internet tasks. About 8pm est I installed Black and White 2 on my (then) working dvd/cd rom. I played the game and got choppy graphics. I used the device manager to update the video drivers. I tried to play the game again and received errors indicating the ROM drive was no longer available, and confirmed this visually through device manager (this driver could not be loaded, corrupted or missing) and "my computer". I attempted to fix or update drivers, again through device manager. Device manager reported drivers were up to date.

I chose to "rollback driver" through device manager and received the same errors, although there were changes to the graphics because I had to reset my resolution, etc. The rom drive still did not function. I chose to system restore to a point before downloading the graphics drivers, which was ALSO the day this potential virus had been put on my system- the 17th.

Upon restart I was in a "windows explorer" error loop. I am unable to access my desktop or toolbar. Safe mode did not produce any different results. I read some forums telling me to go to taskmanager and run a new task, and although I can open the task manager, as soon as I begin typing in the new task, task manager begins an error loop similar to windows explorer.

I am unable to run a virus scanner, access the internet, run any programs and the windows explorer error can be stopped with taskmanager. I am able to cause a process to end. However, the desktop icons disappear after closing that program. I cannot give you much system information on the laptop because I cannot access it.

I would like to see a solution that would fix windows explorer and let me run a virus scan. That's my first choice.
I am willing to format the drive, however that's a browse through another forum.

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 19 May 2010 - 11:20 AM

Hello,,try

Click on Start, Then Control Panel
Click on Users
Create a new user account with Administrative Rights
Login as that user
Now run MBAM (MalwareBytes below) ,, Run a FULL scan this will search all user accounts on your machine.
Reboot your machine.
When your machine is at the login don't login into the infected account log into the new account you made.
Logout of the new account once the machine finishes booting up.
Log into your original account that was infected. Post the MBAM log.
Hopefully we are good.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again.

^^

If you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 xdbguard

xdbguard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 May 2010 - 11:40 AM

I cannot access the start menu because the "windows explorer has stopped working" window cannot be closed permantly.

Do you have a solution for this? Then I can try your fix

#4 xdbguard

xdbguard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 May 2010 - 11:49 AM

An update. The "text message" I assumed had been opened by the user was indeed the facebook virus that is currently circulating. It has me locked into a windows explorer has stopped working error loop. I cannot run a virus scanner or any other application or utility.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 19 May 2010 - 11:58 AM

Are we on the Xp Machine?
Do this to stop the screen so you can read it and post the error.

Click on Start, then right click on My Computer.
Scroll and select Properties, then choose Advanced tab.
Under Start up and Recovery click Settings.
Under System Failure uncheck Automatic System Restart.

Now when the BSOD occurs the screen will stop and you can write the complete error down to post.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 xdbguard

xdbguard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 May 2010 - 12:06 PM

The error is on the vista laptop. Error as follows (typed, not pasted)

Windows Explorer has stopped working
windows can check online for a solution to the problem the next time you go online and try to restart the program.

check online for a solution later and restart the program
restart the program


Problem Signature
Problem Event Name: APPCRASH
Application Name: explorer.exe
Application Version: 6.0.6002.18005
Application Timestamp: 49e01da5
Fault Module Name: StackHash_40d4
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 06ec0a03
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033
Additonal Information1: 40d4
Additional Information2: 4062ad41ec8067256aa4c5e2b56d3c79
Additional Information3: 40d4
Additional Information4: 4062ad41ec8067256aa4c5e2b56d3c79


If I "check online for a solution later and restart the program" I get a progress bar and the desktop refreshes and the error appears again.

If I "restart the program" I get a progress bar, the desktop refreshes and the error appears again.

If I "close the error box with the big red x" I get a progress bar, the desktop refreshes and the error appears again.

I cannot get the error to stop long enough to hit the start button and choose a program, or enter text into the search box, or do ANY thing.

If I can resolve this error, I can try your fix.

#7 xdbguard

xdbguard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 19 May 2010 - 01:22 PM

Good news is, I got that error fixed. I ran system restore to several different points on the computer. The one that seemed to make a difference is when I restored to the date I installed mcafee. Must have messed up some system files. I am out of the error loop and the computer is in a condition that I can run antivirus.

Thank you for your efforts.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:10 PM

Posted 19 May 2010 - 01:34 PM

Great!! run your AV and MBAM from above.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users