Crashing process Explorer.exe

[sud270602]

My desktop computer was recently infected by Shortcut Virus(JavaScript 203b) via a pendrive which created shortcuts and also hijacked the Resource monitor,Folder options and Windows installer. I removed the infection using MBAM but explorer.exe is totally messed up (happened after the infection). The following few causes it to crash instantly- launching Control Panel, Action center, Screen Resolution,or trying to check system properties from My Computer. This occurs even in Safe Mode.
Is there any workaround for this problem other than System Restore as I don't have one.

Regards.

 

[the great randini]

click start, type cmd, right click on the command prompt icon and select "run as administrator"
type sfc /scannow
this will run an system file check and attempt to repair any corrupt windows files.

there are also a few fixes for explorer (hotfixes) but they are related to problems after a you perform specific tasks, if you know what task caused it then I can suggest a hotfix

 

[sud270602]

Tried it and surprisingingly it did not work with the scan stalling at 29% every-time. I had done it before(around 2 years) but this is new.

Will a os repair from installation disk help?

 

[the great randini]

is it asking for a disc when it stalls, depending on what files are damaged/missing it may be a problem if the disc is windows 7 without a service pack and the pc has a service pack installed. I wonder if you have a rootkit, as they infect system files. this is a nice light scanner that is great at detecting rootkits http://www.majorgeeks.com/RogueKiller_d6983.html it might be a good idea to run rkill first to see if malware processes are running that might be stopping the sfc http://www.bleepingcomputer.com/download/rkill/ but hopefully it is not a polymorphic phage virus, that would be bad

 

[sud270602]

Before I could rerun the test, the virus hit again. Now even MBAM cannot delete the threat. Folder Options, Resource Monitor, Action Center, Regedit, CMD and all Control Panel items are hijacked. Avast reports a wscript.exe related malware but is not able to delete it.


Regards

 

[the great randini]

what name did avast give the virus, perhaps I could find removal instructions

 

[sud270602]

I used the tools you suggested and they did pick up issues with the registry and I deleted/fixed them. But the problem is the issues reappear once I restart the system though (found the file sitting in 'Roaming' folder and deleted it but it reappears).

Action Center (balloon) notifies me that Avast and Windows Firewalls are not working but Avast UI says the opposite. And BTW what is VisthAux.exe in Avast(6)? Action Center tries to execute the file bit it fails.

And yes. I had the same issue you mentioned with Win7 disc.

 

[the great randini]

visthQux.exe there was a virus going around (fake av) http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Rogue%3aWin32%2fFakePAV

so it sounds like your system restore points are infected, and you will need to disable it during the the repair process.


click start, right on computer and select properties, click advanced system settings, click system protection, click on configure, click the radial for turn off system protection and click apply.

run this automated fix to check the firewall and security settings http://support.microsoft.com/mats/windows_security_diagnostic/

for the virus removal run these in order

rkill to stop the malware from running
SuperantiSpyware or mbam for removal
rougekiller to check registry and hosts file

uninstall your antivirus, and java reinstall the avast and java to the latest versions

 

[sud270602]

Trying to delete restore point resulted in a popup error 0x80000FFF catastrophic faliure.




Regards.

 

[the great randini]

skip that step until last, move on to the virus removal

 

[sud270602]

Did what you instructed. I feel I need to repair my system with Win7 Installation Disc itself cause all the control panel items are crashing the explorer. Even my Admin rights are modified now even though I am using the Admin account.
As of now it seems the threat has been neutralized but I'll wait for today to see if the problem shows up again. Even upgraded to Avast 2013 to enable Boot-Time Scan which Avast 6 didn't (using X64 OS).

 

[advanced_user]

Hello! I have the same ifection. When i try to access controll panell or some of his settings, windows explorer crashes. Did you finally succeedet? There is no option for me to reinstall the OS.

 

[StygianAgenda]

The first thing I would suggest is to go to a clean PC and download a copy of Kaspersky Rescue Disk 10 (ISO), and either burn that ISO image to disc or else use something like Linux Live USB Creator to make a bootable USB drive from the ISO image file.

Once you have KAV prepped and bootable, boot your PC from the KAV disc. If it boots successfully, then you should be able to configure your network adapter, and start the KAV suite. Have it fetch it's updated definitions, then perform a full scan and clean of the entire system. This may be a lengthy process, and may take even longer if you haven't cleaned your system drive of temp files and other trash in a while. On a fairly clean system, I've seen KAV finish up in about 4 to 6 hours, but on a system that hasn't been cleaned since it was built... the process tended to take about 3 days (of course, this particular system had a very large hard drive and more than half of the drive's contents were trash).

I've successfully removed several root kits, and polymorphic malware variants using KAV, often with little or no damage to the system files. However, if KAV does clean it up, yet the system is still not booting correctly, then you might be best off using a Knoppix disc to load the system up so that you can evacuate any personal data you want to backup so that you can wipe the system drive and reload the OS. If you have to go this route, which should be a last resort, be sure to use 'gparted' from the knoppix disc to (a) reset the hard drive's meta-table, then (b) re-create your disc partitions, and (c) set the drive's flag to 'boot' so that it'll accept a bootloader. I personally never leave partitioning to the Windows installation disc, regardless of version, because I prefer to customize my partitioning schema. Also, I recommend creating a minimum of 2 Primary partitions, provided that the system only has a single hard drive. The 1st partition should be C: (system), and the 2nd partition should be D: (storage). After the partitions are created and the OS is installed, I tend to remap my personal folders to the D: drive.

Example: right click "My Documents", select properties, click the Location tab, and replace C:\Users\yourusername\... with D:\Users\yourusername\... (adjust this according to your personal naming conventions, username, etc).

The reason for moving your personal files into D:\Users\ is to segregate your personal data from system data. This is a good practice to make a habit of, because it makes it so much easier to blow away your system drive and rebuild without having to worry about loosing your personal files, such as documents, pictures, videos, etc. Another option is to remap the personal folders to an external storage system, such as a file-server, NAS, or SAN, but that option can be kinda dicey if you don't always have that external storage system up and online before all of your other systems are booted. Depending on the complexity of your environment, this may or may not be an option.

Anyways, best of luck... and if this helps someone else with a similar problem, all the better.

 

[sud270602]

Sorry guys for this late reply. I had totally forgotten about this thread. Anyways, the bios chip of my mobo failed this Jan and thus my old system is gone after serving me for 5 years. Also thanks to all who came to my support.
Will be getting a new system now, socket 2011 with a xeon if possible.