Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help will be greatly appreciated


  • Please log in to reply
25 replies to this topic

#1 xhongxkongx

xhongxkongx

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 10 December 2010 - 08:52 PM

The error I'm encountering right now is extremely strange. I turn on my computer, now I'm at the log in to user screen where I type in my password and wait for my desktop to load. As soon as it finishes loading(I see all my icons) the "windows explorer has stopped working..." immediately jumps out of no where and seconds later without clicking cancel or x-ing it out "windows explorer is now restarting..." appears.

During this process of those two boxes popping up I am not able to open the start menu or click on anything on my desktop. In addition to that it keeps on cycling, so once it "restarts" (refreshes/restarts my desktop) it comes back up again, "windows explorer has stopped working and seconds later "windows explorer is now restarting" pops up again...and it continues on and on and on. I would like to have this problem solved, feedback would be greatly appreciated. Thank you

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:59 PM

Posted 10 December 2010 - 09:40 PM

The first thing to suspect is the problem is caused by a malware infection. What antispyware and antivirus
do you have installed?

Suggest you install, update and do a full scan of your computer with the free Super Antispyware.
http://www.superantispyware.com/

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 xhongxkongx

xhongxkongx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 10 December 2010 - 09:45 PM

Thanks for reply buddy215, which one should I install? Free edition one? Professional one with the free trial? Or one of the remaining two?

#4 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:59 PM

Posted 10 December 2010 - 09:50 PM

The free edition.
Allow SAS to remove whatever it finds.
If it finds anything other than cookies, post the SAS log back here.

The main difference in the free and paid for is it will not automatically update.
Be sure to update once installed and before each scanning.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:59 PM

Posted 10 December 2010 - 10:19 PM

You did not answer my question about what security programs you have installed. If you
do not have an antivirus installed, run a scan using the instructions for using the online
Eset scanner.
Use the instructions in this link for using Eset.
http://www.bleepingcomputer.com/forums/topic366057.html/page__view__findpost__p__2050346

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 xhongxkongx

xhongxkongx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 10 December 2010 - 11:38 PM

Sorry about that, I just finished running the scan and removed/quarantined the viruses then proceeded to reboot my computer, but now after restarting the cycle is still repeating.

The security programs that I've installed are: Symantec Endpoint Protection (school antivirus) and Avast (free edition one).

Should I post the SAS log here?

I will now run the Eset Scanner you recommended above.

#7 xhongxkongx

xhongxkongx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 10 December 2010 - 11:42 PM

I would like you to note that I am not able to "right click" due to the fact that the "windows Explorer has stopped working..." keeps on cycling so it refreshes faster than I can even right click. What should I do if I cannot "run as administrator"? I am on my one and only account on my computer for your information, wouldn't this already make me administrator?

Edit: I take that back, I am able to run as administrator through using task manager. I will now retry the Eset Scanner

Edit again: Also for the SAS log, everything is under "Adware.Tracking Cookie" would you still like me to post the log?

Edited by xhongxkongx, 10 December 2010 - 11:59 PM.


#8 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:59 PM

Posted 11 December 2010 - 08:15 AM

QUOTE: Symantec Endpoint Protection (school antivirus) and Avast (free edition one)

Having more than one antivirus installed and running can cause problems. Suggest strongly
that you uninstall one of them. Uninstalling after booting into safe mode will work best.

Check the quarantine logs in both of those programs to see if they have recently quarantined
malware.

If Eset does not find any malware and after uninstalling one antivirus, clean up your computer
using the Windows cleanup utility. Defrag if you haven't done that recently.

Did this problem show up after installing a new program?

No need to post the SAS log if you are sure it only found cookies.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 xhongxkongx

xhongxkongx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 11 December 2010 - 12:06 PM

This is the log of the threats ESET Scanner detected
C:\Program Files\Win7codecs\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\ProgramData\Win7codecs\{7236D212-D4FD-4965-A232-AA442FF867B3}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application deleted - quarantined
C:\Users\Chung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6a85e443-74231b9d multiple threats deleted - quarantined
C:\Windows\Installer\b97c3c.msi Win32/Packed.Autoit.C.Gen application deleted - quarantined
Please note that I scanned it last night and then went to bed, so I still had both anti virus (Symantec and Avast) on my computer). Should I uninstall one and redo the scan?

I will now reboot into safe mode, check quarantine logs for both programs to see if there is malware and then uninstall Avast.

Edit: Is the "windows cleanup utility" the same as "Disk Cleanup for OS (C:)"? If not where can I locate this program?



Edit: For the logs in Symantec Endpoint Protection, there is one tracking cookie(deleted) , and 6 trojan horses (all quarantined).

I just did the disk clean up for OS (C:) but the problem still persists. Currently in the process of defragmentation. Please note that during the process of completing all these tasks that you suggested the cycle keeps repeating itself until a pop up says "Send information to Microsoft"(I just x-ed it out so it should be something similar to that). I clicked send more information (something to that sort) and my problem stopped cycling but all my desktop icons have disappeared, as well as the task bar and start menu...

Edited by xhongxkongx, 11 December 2010 - 01:01 PM.


#10 xhongxkongx

xhongxkongx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 11 December 2010 - 02:31 PM

Did this problem show up after installing a new program?


That I am not sure, but I used to have this problem too, expect the only difference is that before it would appear when I would have too many applications opened at once (I think) and then everything would close down and restart itself (itunes, multiple tabs of firefox...) and this would happen like just once or twice a week. But now I get it whenever I start up my computer "Windows Explorer has stopped working...Windows is now restarting...".

Also I just defrag-ed, and disk cleanup-ed my computer, but the problem still persists. I will try to run system restore right now, please let me know if you have any other suggestions to resolve this problem.

#11 buddy215

buddy215

  • BC Advisor
  • 12,893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:59 PM

Posted 11 December 2010 - 02:41 PM

Suggest you ask a moderator to move this topic to Am I Infected......forum.

One other suggestion is to run an online scan for missing security updates for the
most vulnerable programs such as Adobe products, flash and Windows.
Use the Secunia online scanner in the link below.
http://secunia.com/vulnerability_scanning/online/
After updating Java remove all older Java programs using add/ remove. Just keep the latest one.

I would not of suggested using System Restore due to the fact that your computer is
infected with malware and seems to have been for some time. Using a system restore point
that is also infected can reinfect.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 xhongxkongx

xhongxkongx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 11 December 2010 - 03:53 PM

Yeah you're right, I just used system restore twice to two points and I still have the same problem. I will now use the Secunia online scanner and see what happens.

I just pm-ed two moderators, hopefully my topic will be moved soon. This problem has to go away

Edited by xhongxkongx, 11 December 2010 - 04:02 PM.


#13 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:59 PM

Posted 11 December 2010 - 04:37 PM

Moved per request.

#14 xhongxkongx

xhongxkongx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 11 December 2010 - 06:54 PM

Thanks Andrew

I just used the Secunia online scanner and updated as it told me to do so but the problem still did not go away, what other options do I have?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:59 PM

Posted 11 December 2010 - 09:05 PM

Hello, I did not see where this was mved from, Is this XP or another OS?

This worm,.Autoit.C.Gen (found above). They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Do you share a flash drive??

You have 2 AV's installed (Symantec and Avast),are they PAID or free. If both are free remove this one. Download and run the Norton Removal Tool

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware


If you still Have this problem "windows Explorer has stopped working..." Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users