Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lost Windows Explorer


  • Please log in to reply
22 replies to this topic

#1 DottieR

DottieR

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 20 June 2010 - 02:19 PM

XP, Service Pack 3.
I have completely lost Win Explorer. I did a search and only found 4 shortcuts. When I click on them I get My Documents.

Found an old forum post about this problem, but I do not find this -
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell

no "WinLogon" under CurrentVersion.

Thanks,
Dorothy

BC AdBot (Login to Remove)

 


#2 keller

keller

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Madison, WI
  • Local time:04:19 AM

Posted 20 June 2010 - 02:26 PM

Did you search for "explorer.scf" in windows? How about "explorer.exe"?

#3 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:19 AM

Posted 20 June 2010 - 02:30 PM

Just for clarification windows exlorer is not running, so you have no taskbar and no desktop icons? or are you talking about internet explorer? Also when was the last time you scanned for malware?

sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat too! |


#4 DottieR

DottieR
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 20 June 2010 - 03:39 PM

I have all the normal stuff on my desktop. Nothing is abnormal.
Just the Windows Explorer icon disappeared from the quick launch bar.
The other shortcuts I found with search just give me My Documents. It is not in the acessories file in Programs either.
Internet Explorer is fine although I do not use it.

I ran MBAM yesterday and Avast today. Nothing there.

#5 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:04:19 AM

Posted 20 June 2010 - 03:40 PM

If you are talking about Internet Explorer, to browse the internet, the file name is iexplore.exe
If that is the case, maybe you just accidentally deleted the icon?
In the beginning there was the command line.

#6 DottieR

DottieR
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 20 June 2010 - 04:46 PM

Internet Explorer has nothing to do with my question. I just said it worked fine because you asked about it. I am talking about not being able to pull up Windows Explorer like I used to.

#7 DottieR

DottieR
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 20 June 2010 - 04:50 PM

>Did you search for "explorer.scf" in windows?

That worked. Thank you.

#8 keller

keller

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Madison, WI
  • Local time:04:19 AM

Posted 20 June 2010 - 05:29 PM

>Did you search for "explorer.scf" in windows?

That worked. Thank you.


Were you able to get the shortcut back on your desktop?

#9 DottieR

DottieR
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 20 June 2010 - 08:55 PM

>Were you able to get the shortcut back on your desktop?

Yes. I dragged the icon to the quickstart bar and it was still there after I re-booted.
But no Avast. I went to the program list and clicked on it. It said the configuration was corrupted and a reinstall might help, so that is what I am doing now.

This is all really wierd. Nothing significant has happened lately. Do I have a horrid bug?

#10 keller

keller

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Madison, WI
  • Local time:04:19 AM

Posted 20 June 2010 - 11:56 PM

Well, a virus or other malware is not out of the question. Sometimes generally "weird" behavior like you're seeing is the result of an infection, and the fact that Avast reported itself as corrupted may be cause for concern. Still, a virus is not the only possible cause of file or program corruption. The only way to be sure is to give your system a thorough once-over with a combination of scanning programs. No one program can find all viruses or malicious programs. It will take some time, but it's worth knowing what's really going on, if anything. Once you get Avast re-installed go ahead and update it, but don't run a scan yet. Then try the following:
  • Download McAfee Stinger from here. This is a stand-alone ".exe" file that does not need to be updated the way other virus scanners do, so just save it to your desktop for easy access. Don't run a scan just yet. The program is specially designed to catch viruses and malicious programs that prevent your normal virus scanner from working correctly.

  • Download SuperAntiSpyware from here. The free edition will work fine. This program is similar to MBAM, but sometimes catches things that MBAM misses. Like MBAM, it must be updated to the latest definitions after installed, so go ahead and do that.

  • Download CWShredder from here. This tool is specifically designed to get rid of several extremely annoying (and difficult to remove) adware programs. What you've been describing doesn't really fit the profile of the viruses this tool is meant to remove, but it only takes about a minute or two to run on most systems, so running now with everything else won't hurt. Like Stinger, this program is stand-alone, go ahead and save it to the desktop for easy access later.

  • Update MBAM to the latest definitions, just to be sure.

  • IMPORTANT! Reboot and restart in Safe Mode. If you're not familiar with Safe Mode post a reply and I can explain what it is and how to use it.
Once in Safe Mode run the programs above in the following order (you won't have internet access in safe mode, which is why we downloaded and updated things first):
  • Run CWShredder. Just double-click the icon on your desktop. A warning might pop up, if it does just click Run. Once the program opens go ahead and click Fix. It will run the scan and tell you if there are any infections. If there are none go ahead and close the program when it's done.

  • Run Stinger. Again, a warning might pop up, go ahead and click Run. When the program opens click on Preferences. In the "Scan these targets" box make sure "Boot sectors" is checked. Leave everything else as is, and click OK, and then Scan Now. This program will take a while, 30 min. to an hour depending on how many files are on your hard drive. When it's done it will list how many files have been scanned. If it finds any infections it will list those as well. It will also create a log file on your desktop named "stinger[version number].opt" You can delete this file if Stinger doesn't find anything.

  • Run Avast

  • Run SuperAntiSpyware

  • Run MBAM
If an infection is detected at any point in the process quarantine the infected items and move on to the next scanning tool, then come back and let us know what it found.

If everything is clean the first time through then it's highly unlikely (though not impossible) that you're infected with anything. Just keep an eye out for any other odd behavior, and keep running periodic scans, say once a month, with Avast, MBAM and SuperAntiSpyware. In my experience these three programs in combination will at least detect 99.9999% of what's out there. Successfully removing the infection may be another story, but that's why the forums are here. :thumbsup:

Edited by keller, 20 June 2010 - 11:57 PM.


#11 DottieR

DottieR
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 21 June 2010 - 12:15 PM

Hi Keller,

I did all that. SAS found Trojan.agent/Gen-Crypton[Egun], and a pile of tracking cookies. All are in quarantine.

Hope that does it.

Thanks,
Dorothy

#12 keller

keller

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Madison, WI
  • Local time:04:19 AM

Posted 21 June 2010 - 12:36 PM

Since there was malware on your computer your best bet is to update everything and run it again, in Safe Mode of course, in the same order outlined above. No need to re-download Stinger and CWShredder, but be sure to update the other programs. Sometimes one trojan or virus can hide many others. We also want to be sure that SAS was able to remove the trojan at its source. Sometimes the trojan will be quarantined, only to re-appear on the next scan due to some other malicious code that the scanners aren't catching. If everything comes back clean the second time through then you should be ok. (SAS or MBAM may come back with more tracking cookies, but virtually all sites use them these days, so you can quarantine and ignore them for the purposes of considering your machine "clean").

EDIT:

You're welcome. :thumbsup:

Edited by keller, 21 June 2010 - 12:40 PM.


#13 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:19 AM

Posted 21 June 2010 - 01:22 PM

DottieR, that detection could well be a false positive
http://forums.superantispyware.com/index.p...en-cryptoregun/
If you would, please look at the SAS log and tell me what file is being detected and what folder it's in. I would strongly suggest that you run an ESET online scan--there is a link below.

Following is what I have been writing out before the last two posts were posted, so apologies that it's a little dated now, but most of it is still relevant.
-------------------------------------
I wouldn't worry about running CWShredder--it's an obsolete tool designed to fix obsolete malware so is really a waste of time. It essentially was obsolete shortly after Trend Micro bought it in 2005. CWS had gone to its About: blank family of malware at that time, which the Shredder really couldn't fix, and then About: blank was abandoned a year or two later. So it hasn't been a useful tool for four or five years now.

Similarly, I haven't seen Stinger be very effective either. We used to have people run it here at BC before they posted logs in the malware removal forums but removed it since it didn't seem to help with anything.

I agree tho that if your anitvirus, along with MBAM and SuperAntiSpyware don't find anything serious then you probably are OK. Altho this doesn't really take into account the possible presence of a rootkit, which is what you have to worry more about in today's internet world. In general, tho rootkits give themselves away by the behavior of the malware they hide, so if you have any other odd behavior happening, please let us know. Currently its common that Google gets redirected to a fake or rogue search site.

What I would suggest as a supplementary scan is an online virus scan, in case Avast has been compromised and as a second opinion. A good one is ESET: http://www.eset.com/online-scanner

I suspect the problem with the Winlogon key may be the result of Avast getting corrupted on its own. You might look around the Avast forums to see if anyone has reported such a thing. We can look into this further when you have posted back you scan results.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#14 keller

keller

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Madison, WI
  • Local time:04:19 AM

Posted 21 June 2010 - 03:10 PM

I have occasionally seen both Stinger and CWShredder pick up infections on my own systems, which is why I recommend them. Though I agree that, by itself, CWShredder is obsolete and redundant.

#15 DottieR

DottieR
  • Topic Starter

  • Members
  • 275 posts
  • OFFLINE
  •  
  • Local time:02:19 AM

Posted 21 June 2010 - 05:02 PM

Papakid:
>>DottieR, that detection could well be a false positive.

I ran ESET and got nothing.
SAS quarantine file says: Trojan.agent\Gen-Cryptor[Egun]
C:\DOCUMENTS AND SETTINGS\DOROTHY\LOCAL SETTINGS/TEMP/VSUPD/SCSIXP.EXE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users