Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Shell prevention message & %1 was restarted?

  • Please log in to reply
No replies to this topic

#1 Pajajn


  • Members
  • 368 posts
  • Gender:Not Telling
  • Location:
  • Local time:01:27 PM

Posted 19 July 2010 - 05:56 PM

Hello everyone :flowers:
Haven't been online here since the post
"Fake svchost.exe trojan created in windows temp folder, xxx.tmp/svchost.exe connects to Russian URL"

And the only solution elise025 came throw in the end was a quick re-format :thumbsup:
But since i used my usb pendrive and took files over from my computer to my dads which had this Rootkit problem
it might have been corrupted or something so im asking you all after read my problem to analyze my Registry

Every time i try shutting down computer with Start -> shut down my explorer.exe crashes
Only first time i press the button, and the "Data execution prevention" shows up
(close message) Windows Explorer - Microsoft corporation

I looked into the Event viewer and it was the Winlogon service or something:

Message: The shell stopped unexpectedly and %1 was restarted
Explanation: the shell was stopped and then restarted.
By default, the shell is explorer.exe; however, you might have a customized shell

ID: 1002
source : winlogon
version 5.2

I have checked with following scanners for viruses and modified mbr

Esage scanner
Malwarebytes antimalware
Hitman Pro

Does anyone haved the same problem, or could help me? thanks on forehand

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users