Posted 25 June 2012 - 07:15 PM
1) After an Avira detection of TR/Patched.Gen and reporting that Explorer.exe and winlogon.exe were infected and quarantined (by me),
2) Windows Explorer no longer functions.
Sequence of events
Within a minute of opening a website, Avira (free edition) did a popup alert to say "TR/Patched.Gen" detected. I took the "Deny" option and within seconds, another popup occurred, this time saying 2 detects of the same item. Did a Deny again and again another popup saying the same thing except 4 detects. Repeated several more times with varying counts of the same item. I did the deny option every time. In meantime, Avira's system scan had started and eventually stopped with a summary showing Explorer.exe and winlogon.exe as being "infected" (my terminology). I took the option to quarantine them.
Before the Avira system scan had ended, I had started a Malwarebytes QuickScan. But since it was going so slowly and because it dawned on me that I shouldn't be running both Avira's and MB's scans at the same time, I cancelled MB. And I then did as described above with the Avira scan.
Avira recommended a restart so I took that option. When Windows restarted, it wouldn't display the Task Bar or Start button. No keyboard or mouse function seemed available so couldn't start Windows Explorer. When I restarted in Safe Mode, I got past the login screen but still could not start Explorer. I couldn't find explorer.exe in the Windows folder (had restarted in Safe Mode with DOS prompt) so pasted a copy from another computer's XP Pro installation. On restart, the TaskBar and a session of Explorer showed up and both were usable. I ran a MB scan and found no detections.
On next OS restart, after Desktop showed, I only got a "Windows Explorer has encountered a problem and needs to close..." popup. Same results after several retries. I finally tried TaskManager and found that I can start and run a wide variety of programs with no problems, so far. Also have full network and internet function. Can do any file management functions but only in DOS (cmd/CLI). But, at least, no further Avira detections.
Any help would be appreciated.
Edit: Moved topic from XP to the more appropriate forum. ~ Animal