Question

internet explorer has encountered a problem and needs to close.

Asked by: juggodish

When I click on the interent explore I get a message that says "Internet explorer has encountered a problem and needs to close".  I have tried numerous approaches such as system restore, reinstalling my windows xp, and running sfc /scannow.  None of these have worked.  Also, when i click on the link to see the details of the problem there is a file name "appcompat.txt" that shows up.  I have run this in the search for file function and it says that it doesnt exist.  please help!!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-01-30 at 08:16:09ID20868154
Tags

explorer

,

has

,

encountered

,

internet

,

problem

Topic

Windows XP Operating System

Participating Experts
4
Points
250
Comments
15

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Windows Explorer encountered a problem
    When I "right click" on a folder in Windows Explorer, I often (but not always) get the following message.... "Windows Explorer encountered a problem and needs to close".... Then windows tries to send an error report...Explorer dies...and takes me back to t...
  2. Windows Explorer has encountered a problem and needs t…
    "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." pops up all the time modname kernal32.dll
  3. windows explorer has encountered a problem
    Hi, I have a inspiron laptop with windows XP everytime I start the laptop it boots up fine but when it gets to the desktop I get a box that reads Windows Explorer Encountered a problem and needs to close. Send error report, don't send. and the desktop is blank with no icons. ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: sirbountyPosted on 2004-01-30 at 08:25:58ID: 10236199

You may want to test your memory: http://www.simmtester.com

And if you've reinstalled XP, this may not apply: http://support.microsoft.com/?kbid=318378

But see here as well: http://support.microsoft.com/?kbid=293623
http://support.microsoft.com/?kbid=810887

 

by: LeeTutorPosted on 2004-01-30 at 09:35:58ID: 10236827

Appcompat.txt is an error file generated by the compatibility mode of Windows XP when a program crashes unexpectedly.

Make note of the location of the file and open it in notepad. The contents may give you a clue as to what caused the crash.

Also, you might want to try this, once you find what application is connected with the Appcompat.txt file:

http://support.microsoft.com/default.aspx?scid=kb;en-us;286568&Product=winxp
Using Application Verifier to Troubleshoot Programs in Windows XP


 

by: juggodishPosted on 2004-01-30 at 10:44:46ID: 10237427

LeeTutor,
I went to start > search> typed in appcompat.txt  and searched under all files and folders incuding hidden ones and there were no results for that file.  I cant find the folder that that file is said to be in either.  the error report includes; the internet explorer.exe, winshow.dll and a few other things that i will have to get back to you on.   does this make any sence to you?  

 

by: juggodishPosted on 2004-01-30 at 10:47:38ID: 10237448

oh also I cannot get on to the internet at all on the computer that is having the problem so I dont see how web site refrences are gonna help me?  

 

by: LeeTutorPosted on 2004-01-30 at 14:52:27ID: 10239350

>oh also I cannot get on to the internet at all on the computer that is having the problem so I dont see how web site refrences are gonna help me?

Here's the contents of the article whose link I gave above:

Using Application Verifier to Troubleshoot Programs in Windows XP
View products that this article applies to.
This article was previously published under Q286568
SUMMARY
Application Verifier (AppVerifier) is included in Windows XP to promote stability and reliability. You can use this tool to troubleshoot application issues. This article describes how to use Application Verifier to isolate and troubleshoot a program in Windows XP.
MORE INFORMATION
AppVerifier Modes of Operation
AppVerifier features two modes of operation: debugging and logging. Developers that are familiar with software development and testing use the debugging mode to troubleshoot applications; Developers and network administrators use the logging mode to generate a log of issues encountered by a program. In this log, each issue is paired with a specific remedy.

Regardless of the mode in which it is run, AppVerifier is not an automated test tool. You must exercise all functions of the program that you are testing. AppVerifier will only aid you in pinpointing a problem after it is encountered during the testing process.

AppVerifier and SafeDisk
Many gaming and software companies use SafeDisk to prevent users from getting around copyright violations by preventing the program from running with a debugger attached. This means that if you are testing one of these programs, you may not be able to test it using AppVerifier.


Using AppVerifier
To use AppVerifier:
Click Add to add a program to the list.

When a program is added to the list, AppVerifier is globally enabled for it. This means that whether the program is run from AppVerifier, a short cut, or the command line, the selected AppVerifier tests will be applied.
Select the appropriate tests from the Test settings list.
Start your application and exercise it. AppVerifier does not perform the tests of your binary; it only monitors and reports suspicious activity that it detects while you perform tests.

Note: You do not need to click the Run button to exercise your application. It is only provided as a short cut; You can always run the program as you normally would run it.
After you complete the testing, click View Logs to see the log entries that were generated.
Remove the program from AppVerifier when testing is complete.
AppVerifier Features
AppVerifier offers the following features:
Integration of PageHeap and GFlags: AppVerifier wraps the functionality of PageHeap and GFlags in a simplified user interface (UI). You can enable page-heap checking with a single mouse click.
Error Logging: AppVerifier places debug information into a log file that you can view and manipulate through the AppVerifier UI. This is helpful for non-technical users who do not know how to use a debugger.
Application Compatibility Testing: The tests written by the AppCompat team monitor for the most common application problems, including incorrect version checking, bad registry usage, and hard-coded file paths.
Extensible Test Architecture: Internal development teams can create their own tests by leveraging AppCompat's shim architecture. AppCompat will package approved submissions for distribution.
Expected Application Behavior While Using AppVerifier
The program may run slower than usual, which happens because of test overhead.
The program may not start for any of the following reasons:
The program may fail a test during launch. To work around this issue, try unchecking a few of the tests, and then try to restart the program.
The program may not work with a debugger attached.
The program may crash and you may be prompted to have a debugger attached. Some tests will crash the program if a fault is detected.
Sharing AppVerifier Logs
If you want to share an AppVerifier log with another person, click Export Log in the Verifier Log window. This will create a text file that you can send to other individuals. You can view the exported log file in any program in which you can view a text file, or you can use View External Log to examine the exported log from AppVerifier.
Main AppVerifier UI
The AppVerifier window is made up of the following three parts:
Applications to be verified: This section remains empty until you click Add to add the name of an executable program to be verified.
Test settings: This section also remains empty until you add at least one executable program to the Applications to be verified list. After you add an executable program, the available test settings appear in the Test settings list.
Test setting descriptions: If you would like to see descriptions of the displayed test settings, select one from the Test settings list to view the description in this section. You do not need to check the test setting for the description to be displayed.
AppVerifier Options
In AppVerifier, you can use the four following options:
Clear session log when test settings change: Use this option to tell AppVerifier to automatically clear a session log for the specified executable when a program is added or removed or has one of its test settings changed.
Break in the debugger for each log event: Use this option if you are attaching to a debugger and you want any event that would show up in the log to cause the program to break in a debugger. This option is provided primarily for advanced users who are familiar with the use of a debugger and who want to see exactly where problems are occurring in their code.
Use full page heap (heavy memory usage): Use this option to help find heap-related bugs and corruption anywhere in your executable. For more information about the use of full-page heap, see the explanation of Full-Page Heap in the "Choosing a Method to Investigate Heap Block Corruptions" section of PageHeap notes.
Use the AppVerifier debugger to get crash logs: Use this option to allow AppVerifier to attempt to analyze crashes on its own and dump output into the log rather than requiring a user to launch a debugger. This option is provided for less experienced users who are not familiar with the use of a debugger.
AppVerifier Log
When you run a program using AppVerifier, you can view the output in the AppVerifier Log window. You can also use this window to view logs that have been exported by using Export Log.

The logs are shown in tree form. Each log is made up of expandable items displaying information about the executable's run. This information can be as simple as a notification that the listed executable started and stopped, but it can also include more detailed information about specific Microsoft Windows requirements that are violated by the executable. Expanding an item shows a list of violations that fall under that item's category. Click an item to see more information on resolving the problem in the Possible solutions box.

Important: The log is not a complete list of issues found. Some tests log data, some throw exceptions (which means that they crash the program intentionally), and some change the programs environment and rely on the tester to verify that the program continues to function correctly.
REFERENCES
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
294895 How to Obtain the Windows Application Compatibility Toolkit

The information in this article applies to:
Microsoft Windows XP Professional
Last Reviewed: 5/6/2003 (1.2)  
Keywords: kbenv kbinfo KB286568

 

by: LeeTutorPosted on 2004-01-30 at 15:05:40ID: 10239472

Did you try the repair of Internet Explorer that was detailed by sirbounty's first link to the MSKB?  Here is the data from the article:

How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP
The information in this article applies to:
Microsoft Internet Explorer version 6 for Windows XP
Microsoft Outlook Express 6.0 for Windows XP

This article was previously published under Q318378
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


SUMMARY
This article describes how to reinstall or repair Internet Explorer 6 and Outlook Express 6 in Windows XP. You must do this if you are having problems with Internet Explorer or Outlook Express because of damaged files or missing registration information.

IMPORTANT: After you use the procedures in this article, you must reinstall any updates to Windows XP again. To reinstall Windows XP updates, visit the following Microsoft Windows Update Web site:

http://windowsupdate.microsoft.com/


MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, use either of the following methods while you are logged on as an administrator.
Method 1: Reinstall or Repair Windows XP
To repair or reinstall Internet Explorer and Outlook Express in Windows XP, complete the following procedure while you are logged on as an administrator:
Use the System File Checker tool to scan all of the protected files on your computer:
Click Start, and then click Run.
In the Open box, type sfc /scannow, and then click OK. Note that you may be prompted to insert the Windows XP installation CD-ROM.
Test to determine if the issue is resolved. If the issue is resolved, skip the remaining steps. If the issue is not resolved, continue to the next step.
Complete an in-place upgrade of Windows XP, a repair of Windows XP, or reinstall Windows XP.For additional information about how to complete an in-place upgrade or repair of Windows XP, click the article number below to view the article in the Microsoft Knowledge Base:

315341 How to Perform an In-Place Upgrade (Reinstallation) of Windows XP


Method 2: Edit the Registry and Install Internet Explorer 6
While you are logged on as an administrator, click Start, and then click Run.
In the Open box, type regedit, and then click OK.
Locate the appropriate registry subkey, right-click the IsInstalled (REG_DWORD) value, and then click Modify. To reinstall only the Internet Explorer 6 browser component on Windows XP, use the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

To reinstall only Outlook Express 6 on Windows XP, use the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}


Change the value data from 1 to 0, and then click OK.
Quit Registry Editor, and then download and install Internet Explorer 6. For information about how o download and install Internet Explorer 6, visit the following Microsoft Web site:

http://www.microsoft.com/windows/ie/default.asp


By default, Internet Explorer 6 is preinstalled in all versions of Windows XP and cannot be uninstalled. To provide computer manufacturers more flexibility in configuring desktop versions of Windows XP, Microsoft has made it possible for OEMs, administrators, and users to remove user access to Internet Explorer while leaving the Internet Explorer code intact and fully functional to make sure the functionality of programs and operating system functions that rely on it. For example, Windows XP supports an "IEAccess=off" switch in the Unattend.txt file, and Internet Explorer has been added to the Add/Remove Windows Components section of the Add/Remove Programs tool in Control Panel. This does not reinstall Internet Explorer.
Last Reviewed: 10/3/2002
Keywords: kbenv kbhowto kbsetup KB318378

 

by: juggodishPosted on 2004-01-31 at 09:56:38ID: 10242967

ok thanks for this stuff...it may take me a while to get through all of it. I will let you know what happenes.  also, is there a way to retrieve files that make have been deleted?

 

by: LeeTutorPosted on 2004-01-31 at 10:13:26ID: 10243029

>also, is there a way to retrieve files that make have been deleted?

I'll give you the whole "Crazy list", a list of file recovery programs researched out by our top Expert, CrazyOne:

File Recovery tools

FREE TOOLS

PC INSPECTOR
http://www.pcinspector.de/file_recovery/UK/welcome.htm
File Recovery is a data recovery program that supports the FAT 12/16/32 and NTFS file systems. The current version 3.x replaces the previous version 2.x, which is now over 6 years old.

Restoration
http://bluegyn.free.fr/r/rest2514/
For 9x/NT/2K/XP. Restore deleted files that are no longer in the Recycle Bin!

Tool to check and undelete partition
Works with the following partitions:
- FAT12 FAT16 FAT32
- Linux
- Linux SWAP (version 1 and 2)
- NTFS (Windows NT)
- BeFS (BeOS)
- UFS (BSD)
- Netware
- RaiserFS
http://www.cgsecurity.org//testdisk.html
-------------------------------

NOT FREE

EasyRecovery DataRecovery is a simple, yet powerful tool that recovers data that is lost, inaccessible or deleted. It's the ultimate do-it-yourself solution for nearly all causes of data loss (except physical hardware or system problems) where your hard drive and system are fully functional.
http://www.ontrack.com/easyrecoverydatarecovery/

File Rescue 2.5
http://www.file-rescue.com/

GetDataBack for FAT
GetDataBack will help you retrieve your files if the hard drive's partition table, boot record, FAT, or root directory have been damaged by a virus, formatting, fdisk or power failure. GetDataBack can even recover your data when the drive is no longer recognized by Windows.

GetDataBack for NTFS
Recover your files when the data is no longer accessible due to formatting, fdisk, virus attack, power or software failure. Get everything back even when the drive's partition table, boot record, Master File Table or root directory is lost or corrupt.
Hard Drives
Partitions
Floppy Drives
Drive Images
Zip/Jaz Drives
http://www.runtime.org/

Norton Utilities/SystemWorks
The Norton Protected Recycle Bin helps you recover deleted and overwritten files.
The UnErase wizard helps you retrieve files you've accidentally deleted.
http://www.symantec.com/nu/nu_9x/features.html

For NTFS
http://www.restorer2000.com/r2k.htm

Data Recovery
http://www.dtidata.com/
Fast File Undelete
http://www.dtidata.com/products_ff_undelete.asp

Undelete
http://www.quantumsoft.co.uk/undelete.stm

File Recover 2000
http://www.filerecover.com/

R-Tools
http://www.r-tt.com/

File Restore
If you've deleted your data and you want to get it back, you need FileRestore.
FileRestore is a simple, easy-to-use tool for recovering files that have been lost or deleted from your Windows system. Designed for Windows XP, 2000, NT, Me, and 9x
http://www.winternals.com/products/repairandrecovery/filerestore.asp


DFSee
http://www.dfsee.com/
As a tool to 'UNDELETE' files that have been accidentaly deleted.
This feature is implemented for HPFS and NTFS only.

MRECOVER
http://kristenonline.com/lain/cih/mrecintro.htm

Emergency Undelete
I believe this is free
For Win2000 and NT may work on XP
http://www.c2000.com/software/#win2000

Back2Life
http://www.simtel.net/pub/pd/57588.html

Hard Drive Mechanic
http://www.highergroundsoftware.com/6.html
It's true. Even if you just re-formatted your entire hard drive, you can still get all of your data back because, unlike what most people believe, formatting does NOT erase your files! With Hard Drive Mechanic's Unformat Feature, you can restore all of your valuable data in about 10 minutes!
demo version:
http://www.highergroundsoftware.com/downloads2.htm

Filerecovery for Windows
http://www.lc-tech.com/filerecovery.asp
Filerecovery for Windows® is a safe and affordable do-it-yourself data recovery solution that is designed to recover deleted files from all types of media such as Hard Drives, Floppy Drives, SmartMedia, CompactFlash, Memory Sticks, and other types of removable media.

Undelete
http://www.executive.com/consumer/undelete/undelete.asp
You know how upsetting it is to accidentally delete a file that you need—it takes just a moment to lose hours of work. Undelete file-recovery utility captures ALL deleted files including those that typically bypass the Recycle Bin. You can even recover files you purged from our Recovery Bin. With our Emergency Undelete feature, you can recover files deleted prior to Undelete being installed on your system (provided they have not been written over). Buy Undelete and you'll never again be at the mercy of lost data.

Fast File Recovery
http://savemyfiles.com/fastfile.htm
A definite must for the PC guru! It will allow the user to perform all data recovery tasks associated with disks which are not physically damaged.


File Scavenge
http://www.quetek.com/prod01.htm
File Scavenge is the most comprehensive, award-winning file undelete and data recovery for NTFS volumes on Windows NT, Windows 2000 and Windows XP.

Active UNERASER
http://www.uneraser.com/undelete.htm
Active UNERASER is a compact and powerful undelete utility that can recover deleted files and folders on FAT12, FAT16, FAT32 and NTFS systems. It can even restore files from deleted and re-formatted partitions.


------------------------------------
Or Data Recovery Services

http://www.ontrack.com/datarecovery/
Ontrack offers a full range of data recovery solutions to address your data loss needs. Unlike other data recovery companies, Ontrack provides exclusive and patented solutions that do not require you to send in your media for recovery. In situations where the hardware is functioning normally, our patented Remote Data Recovery service and EasyRecovery software solutions can solve your data loss needs safely and effectively in a matter of hours. If another company claims that there is no alternative to shipping your drive, it's because they don't offer an alternative. For situations in which the hardware is physically failing, our In-Lab services will utilize our Class 100 clean-rooms to retrieve your mission critical data.

or

FLAT RATE DATA RECOVERY PRICING INCLUDES!
http://www.i-t-s.com/datarec/datarec_pricing.htm

or

Total Recall
http://www.recallusa.com/
Our recovery and forensic technology is used by support and call centers as well as data recovery providers world-wide.

ESS Data Recovery
http://www.savemyfiles.com/
ESS Data Recovery, Inc. has been removing barriers in the data recovery and computer forensics market ever since its inception http://www.ontrack.com/easyrecoverydatarecovery/

 

by: juggodishPosted on 2004-02-04 at 05:25:07ID: 10270534

ok thanks for your help but i downloaded netscape 7.1 and dont have a problem with it so far...so for now i am not worried about fixing internet explorer(dont have time).  How do i go about giving you these points that my question was worth.  I want to give LeeTutor most of the points for sheer volume of options to try.  But SirBounty did contibute his 2 cents also, and being that I have given up i feel you both should get some of the points.  

 

by: sirbountyPosted on 2004-02-04 at 05:50:18ID: 10270750

Just above your comment box is a "Split" link...
Thanx.

 

by: madmanaliPosted on 2004-02-09 at 07:43:08ID: 10310810

Hi Juggodish, I have just come accross the same problem at a customers pc. The Winshow.dll is a trojan that installs a search engine on your pc... now from what I can see, it adds registry entries into the pc and when you run internet explorer it crashes as it is unable to find the file or the installation as gone corrupt.
The trojan is TROJ_WINSHOW.A
Related to: VBS_WINSHOW.A
Size of virus: 5,632 Bytes (downloader)
36,562 Bytes (dll component)
Discovered: Oct. 16, 2003
Detection available: Oct. 16, 2003

Installation
This Trojan is dropped by either the Visual Basic Script malware VBS_WINSHOW.A or VBS_INOR.F.
Upon execution, it downloads the following file, which is an updated copy of itself, from the IP address 209.66.114.129:

WINSHOW.DLL
The following files may also be downloaded by malware variants from the Web sites www.<blocked>/update/winshow.dll and www.winklink.<blocked>/winlink.dll:
WINSHOW.DLL
WINLINK.DLL
The malware then saves the downloaded file in the following directories, depending on the system's platform:
"Documents and Settings\<user name>\Application Data\winshow\" or
"WINNT\user name\Application Data\winshow\" for Windows XP, 2000, and NT
"Windows\Profiles\user name\Application Data\winshow\" for Windows 98,95, and ME
This updated copy creates two folders named, Winshow and Winlink. Then, it drops the files WINSHOW.DLL and WINLINK.DLL to these folders as follows:

On Windows 2000
%Windows%\Documents and Settings\%username%\Application Data\winshow\winshow.dll
%Windows%\Documents and Settings\%username%\Application Data\winshow\winlink.dll
On Windows NT and XP
\WINNT\%username%\Application Data\winshow\winshow.dll
\WINNT\%username%\Application Data\winshow\winlink.dll
On Windows 95, 98, and ME
%Windows%\Profiles\%username%\Application Data\winshow\winshow.dll
%Windows%\Profiles\%username%\Application Data\winshow\winlink.dll
(Note: %Windows% refers to the Windows folder usually C:\Windows or C:\WINNT while %username% is the current user’s login name.)

Based on its code, the dropped DLL file creates the following autorun registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Explorer.exe

Payloads
The malware adds the following registry entries so that the Internet Explorer’s start page and search page points to the URL www.searchv.com:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Search Bar = "http:/www.searchv.com/w/search.html"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl
@ "http://www.searchv.com/w/"

Exploit
This malware acts as a Browser Helper Object (BHO), an Internet Explorer helper that searches all pages viewed by the user through the browser. It is capable of the following actions:
Replacing banner advertisements with other ads
Monitoring Internet activity
Changing Internet browser homepage
Downloading other files on the compromised system
Other Registry Modifications
The malware also creates the following registry entries for self-monitoring purposes:
HKEY_CURRENT_USER\Software\WinShow\WinShow\Counter
HKEY_CURRENT_USER\Software\WinShow\WinShow\LastDay
HKEY_CURRENT_USER\Software\WinShow\WinShow\LastUpdate
HKEY_CURRENT_USER\Software\WinShow\WinShow\ModuleVersion
HKEY_CURRENT_USER\Software\WinShow\WinShow\ConfigVersion
HKEY_CURRENT_USER\Software\WinShow\WinShow\DictVersion

It further creates these registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{6CC1C918-AE8B-4373-A5B4-28BA1851E39A} @ "WinShow module"
HKEY_CLASSES_ROOT\CLSID\{6CC1C918-AE8B-4373-A5B4-28BA1851E39A}\ VersionIndependentProgID @ "WinShow.ViewSource"

The original registry settings are then saved under the following registry key:
HKEY_USERS\S-1-5-21-1417001333-1715567821-725345543-1125\Software\WinShow\WinShow\Save

Other Details
This malware arrives as an Aspack-compressed file and runs on Windows 95, 98, ME, NT, 2000 and XP.

 

by: juggodishPosted on 2004-02-09 at 09:08:18ID: 10311806

madmanali,
I dont understand how this winshow trojan is any good to whoever made it if it causes my internet explorer to crash.  How are they going to monitor my internet use if i cant get to the internet?  whats the best way to get rid of it?

 

by: jjjustinnnPosted on 2004-03-03 at 13:12:59ID: 10508465

I had the same problem and couldn't find it for the life of me. To fix it, I used Adaware with the latest reference file and loaded all the latest patches for IE, rebooted and it started working again.
I strongly agree with Madmanali as to the root cause.

 

by: juggodishPosted on 2004-03-04 at 18:34:22ID: 10519497

i actually ended up fixing it  by simply deleting a file that I think was the source of the trojan.  maybe not the best idea just deleting a file, but it worked.  

 

by: madmanaliPosted on 2004-03-05 at 08:33:25ID: 10524171

Juggodish.. the trojan on your pc wasnt working thats why your internet explorer crashed... If it had of worked everything would have looked fine but the trojan would be working too....

For any one else.. follow my details and simple delete the registry keys and that will elimante any trace of it and stop it tryin to run when you open IE and other related things.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...