HELP! explorer.exe/windows refuses to load!

[imported_jon1003]

Hi all! I have a very disconcerting problem! (running win xp) I deleted some viruses with NOD32, nothing that looked too threatening or important, I had some browser hijack/toolbar installer attempts, pretty run of the mill stuff. Then I tried to start IE, windows popped up a box saying it couldn't be found (iexplorer.exe) I manually searched for it, found it right where it should be and clicked on it. Same popup box. Makes NO SENSE I thought. It's right where the windows warning box says it should be. There's even another copy of it in my i386 directory, clicked on it, same box, wouldn'y launch. So I decide to restart my comp. It restarts, I enter login info, i see my wallpaper. Nothing else loads. Namely explorer.exe. I know this because I was able to ctrl-alt-del and see that indeed some tasks were running. So I'm pretty stuck. Can't access anything using the gui of, well, WINDOWS! So I try to launch explorer.exe manually in the run>task of taskmanager. (ok, so that's sort of gui, but anyway..) I get the popup box now saying explorer.exe can't be found! Right now I'm running firefox off of a bootable linux distro i had lying around. I reeeeally hope somebody out there knows what's going on, because I have finals coming up and term papers to write, and files I need to access!!!!!!!!!!

THANK YOU!!!!!!!!!!!!!!!!!!!:heart:

 

[mechBgon]

Did you manually specify the explorer.exe that's located within the C:\WINNT or C:\WINDOWS directory? If not, try that.

Big picture: sounds like you need to reinstall Windows and take security precautions and more security precautions.

If you can remember the names of the malware, that would help figure out where your defenses need shoring up.

 

[mechBgon]

BTW could you fill me in on this info:

1) what version of WinXP (home or pro)

2) what service pack it has (0, 1, or 2)

3) do you have a router, or no router. If you do have one, what brand & model.

4) do you use a software firewall, or no software firewall

5) does anyone else ever use the computer besides you

 

[imported_jon1003]

1) winxp pro sp1
3) no router, school dhcp network
4) windows firewall, spybot, ad-aware, nod32
5)never

I didn't manually specify it, because I've been able to quit explorer.exe, then restart it from taskmanager before just by typing it in. What's strange is iexplore.exe and now explorer.exe seem to have something preventing them from running/starting. I'm pretty sure they're still there, as was iexplorer.exe when I clicked on it right from the directory before I restarted. Other tasks still load, explorer doesn't. Can there be some reg entry or something preventing them from running???

this is bad, I have tons of stuff to do with finals coming up, and lots of data on the drive.

 

[imported_jon1003]

I know this might be a weird question, but if someone happened to hack my MFT and made a little change to it for an unrelated purpose (and accidently screwed up), might this cause this localized disruption to explorer.exe and iexplorer.exe? I know, super weird question out of the blue.

 

[mechBgon]

Do you have a second hard drive, or enough money to go buy one? Because where this is going, is you want to get your data backed up so you don't lose your work if things don't go well when you try a recovery.

If you have enough money for a router, go get a Netgear RP614 too. Running around with nothing but a Windows Firewall for protection is dangerous, because today's malware will frequently try to take down the Windows Firewall, and then you're wide open. If you run an Administrator account for daily-driver stuff, you're handing the malware the power to do that.

Anyway, I'm thinking of a plan, depending what resources you can muster.

 

[imported_jon1003]

OK, I found an external drive (I'm on a laptop *sigh*) has both usb and firewire and enough space to hold the contents of my drive. Have the original WinXP disk(nonSp1) and I also found a windows Xp 2 update disk that MS mailed me(but I never installed due to the headaches people were experiencing with their bluetooth devices and other apps I use:-|)

also laptop drive has ~20gigs free

 

[mechBgon]

Awesome! I have a couple of ideas for you, what do you think:

Plan A: parallel install for a short-term fixYou could unplug from the network, install another copy of Windows to C:\WINDOWS2, patch it to SP2 level, install some really good antivirus 30-day trialware, and use this second Windows installation to scan your first one for malware. Then you could either reinstall your apps on the second installation, or do a Repair-Install of the first installation now that the badware is evicted, and see if it is usable for long enough to get you through finals.

To do a Repair-Install, you would pass up the first Repair option during Windows setup, let it get to where it's asking where to install to, and specify the C: partition. It should see the C:\WINDOWS directory and offer to repair it, and now you say yes.

The parallel install could also be the easier way to get your data backed up. See this thread regarding what to do when it denies you access to your old C:\Documents and Settings\username directory.



Plan B: back up your stuff, nuke the drive and reinstall both Windows and appsCopy your data to the USB drive, then unplug the network cable and start Windows Setup from CD-ROM.

When it gets to showing the partitions, delete all the partitions on the hard drive and then press F3 twice to EXIT Windows Setup. Now start Windows Setup a second time and do the full setup, patch to SP2, install the Kaspersky trialware and configure & update it like my page talks about, with the updates_X folder.

Now that you've got defenses, you can plug in the network cable and go online, finish patching, set Kaspersky to update from Internet Extended Databases from now on, and start scrounging between the couch cushions for enough money to buy a router Install your apps, recover your data, there ya go


Hope that helps

 

[imported_jon1003]

ok, any idea on how I would go about backing up my data to the external disk right now? I guess I would need to do the parallel install, also I think that's accidently the wrong link about accessing the my documents folder. I've read about people not being able to access their files after they backed them up, and I definitely don't want that to happen, yikes. I think I might try the parallel install to back up my data, then try to scan/repair the first installation. (I'm guessing I don't want to try the repair before backing up my data?)

ok, found the thread. On the new install or parallel install I would just need to take ownership of that directory then as it describes here here and I would be able to access and transfer the files?

 

[mechBgon]

D'oh, a cut-&-paste error has occured, all right :Q I meant... this thread.

I am a mad l33t idi0t when it comes to Linux, I don't know how to move anything anywhere. If you're just needing to get the files moved, then a raw WinXP SP1 installation ought to do the job as long as it's not exposed to a network connection. So that won't take too long, maybe 30-60 minutes?

 

[imported_jon1003]

yeah,I am also a linux idiot. All i know how to do is run firefox to browse the internet. It probably only takes a few concepts and commands on how to "work it" though. But none that I have time to figure out now. Sometime in the future maybe.

It takes ~5 min to boot linux off the usb drive and some more time to load the apps also :-| soooooo i guess I know what I'm doing this fine saturday night:-(

Argh! Everything is so customized too. I even went through all the windows services disabling what i don't need. Made LOTS of GUI modifications in some programs Hopefully they come back and I save the right stuff. Also transferring/reinstalling HL2 is going to be a pita.

 

[imported_jon1003]

reporting from the parallel install: updated it to sp2, patched, kaspersky'ed. No badware. Backed up all (i hope :heart: ) document folder to external. Going to try to boot into the first install again for sh^ts and giggles, then going to try the repair on the first. It's pretty confusing when my startup options are "Windows XP Professional" or "Windows XP Professional" :-| anywho... made a list of all the programs i had installed, and now I hope I can find the installer files and my registration info again. Bye for now, hopefully I'll be back...alive.

oh, and Kaspersky wouldn't let me select "update from extended databases" I saw where it was supposed to be, but that is greyed out and all it says is "anti-virus databases update" ??

 

[dclive]

Originally posted by: jon1003
reporting from the parallel install: updated it to sp2, patched, kaspersky'ed. No badware. Backed up all (i hope :heart: ) document folder to external. Going to try to boot into the first install again for sh^ts and giggles, then going to try the repair on the first. It's pretty confusing when my startup options are "Windows XP Professional" or "Windows XP Professional" :-| anywho... made a list of all the programs i had installed, and now I hope I can find the installer files and my registration info again. Bye for now, hopefully I'll be back...alive.

oh, and Kaspersky wouldn't let me select "update from extended databases" I saw where it was supposed to be, but that is greyed out and all it says is "anti-virus databases update" ??

Modify your boot.ini file on C: to detail which install is which. You may need to turn on 'show hidden files & folders". It should be pretty obvious which install is which - just change the text between the "quotes".

To fix the original problem, I suggest (on the parallel install) opening up Regedt32, then clicking on HKEY LOCAL MACHINE then going to FILE/ LoadHive. Then go to c:\windows\system32\config\software and open it. Give it a name like OLD_SW. Then, under OLD_SW in RegEdit, go to Microsoft\WindowsNT\CurrentVersion\Winlogon, and tell me what the information is for "UserInit". I need to know if it says "C:\windows\system32\userinit.exe," or if there's more in there. (There shouldn't be.)

Another quick thing to try is simply to overwrite Explorer.exe with the known-good version in the parallel install. At the very least you should look at the modification dates and sizes on the parallel install.

Also, run Microsoft's AntiSpyware tool - URL in my .sig - on your entire hard drive, and remove any malware it finds.

 

[mechBgon]

oh, and Kaspersky wouldn't let me select "update from extended databases" I saw where it was supposed to be, but that is greyed out and all it says is "anti-virus databases update" ??

Screenshot? You're on Settings > Configure Updater and it ought to look like this: http://pics.bbzzdd.com/users/mechBgon/Updater_Settings.gif

I'm holding the dropdown box open on that pic so you can see the options that ought to be present. That's Kaspersky Antivirus Personal 5, is that what you installed? Mine's full-version but the dropdown options ought to be the same on the trialware.

 

[imported_jon1003]

Well, I tried the repair, no luck. In short, it rebooted after copying the files over before continuing, and I got a BSOD with "internal power error" tried doing it over, same thing. I wiped the drive and am now in the process of resetting everything and installing my 49+ programs >.< I'm wondering how I got everything how I like it the first time. How did I kill all those unnecessary things MS runs, windows messenger, miscellaneous 3rd party security patches, fixes, where was that services website (viper's I think), modded display drivers (ugh, typing in 800x600) oh yeah, that reminds me, turn on cleartype, what else? oh man, so much to do....

 

[mechBgon]

I am prescribing pizza for this one

 

[imported_jon1003]

Originally posted by: mechBgon
I am prescribing pizza for this one

That's a good idea, as the last time i ate was 2pm, it's after 8 now and I'm starving. It only took 1 hour to get to new desktop, but the real work begins I think I'm going to go to mcdonalds across the street, pizza's too expensive :-/ Got omega drivers installed and everything looks so small at 1280x800 instead of vga. 0_o Soooo many drivers....

oh man, the batteries in my mouse are dying, and I really dont want to do this with a touchpad>.<