Solved

DEP error and Explorer.exe crash on multiple computers?

Posted on 2008-10-01
12
2,623 Views
Last Modified: 2013-12-04
Since Monday (it's now Wednesday) some users on our network have been getting the Data Execution error and when clicking close Explorer.exe error occurs, task bar disappears and comes back and all is fine again.

It seems to happen when programs are closed.

It started on one machine, then a 2nd machine started yesterday and today a 3rd machine. I am worried this issue is spread to the whole network. It is very annoying and obviously a huge interruption to work.

I'm not going to post the whole message as I have trouble replicating the error on demand and don't have a copy of it, however when I did some googling on the error, because the event error says unkown module in explorer.exe caused the error I presume the whole message won't help in this case.

So I guess I am asking, has anyone else had a issue like this recently?

Could it be an antivirus (sophos) update? The 3 machines in question all have sophos and office. 2 have SP3 and 1 has SP2. 2 have office 2007 and 1 has office 2003, so only sophos is the same on all machines, yet all our other 15 machines remain unaffected so far.

If it is a Sophos update causing this then I expect all machines to suffer from it soon and I expect many people around the world to have the same issue.

I don't think it's a domain error as one machine is set to log on locally and not the domain.

The machines in question also lost their desktop wallpaper randomly over the past few weeks so this could be related.

I have used shell viewer to close all non-microsoft modules but I think this led to the corruption of an outlook mail box, either way I tried disabling different modules on each machine and so far the problem hasnt occurred.

The only other thing I can think would cause this would be Spiceworks, perhaps it's scanning and causing this.

If anyone has seen a similar issue or could take a guess at what it is to help save me some time it would be much appreciated.

Otherwise I will have to figure out what module is causing the issue and then try to fix the problem from the source and not the explorer.exe module.

...All machines are windows XP

Thanks
0
Comment
Question by:jdunnill
12 Comments
 

Expert Comment

by:securestep_technology
ID: 22616522
Have you added any hardware or printers to the network lately? Have you done a spyware scan on the PCs?
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22617694
download superantispyware from www.superantispyware.com and do a full scan...its free
0
 

Expert Comment

by:jd0323
ID: 22619254
Getting similar error.  What is the test of the error in the application log?

Ours is...
Faulting application explorer.exe, version 6.0.2900.2894, faulting module unknown, version 0.0.0.0, fault address 0x5a022e08.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

We are running Sophos, Windows XP SP2, and Office 2003 sp2 as primary.  Also, I lost the capability to update about 20 servers.
0
 
LVL 2

Expert Comment

by:slotb007
ID: 22622066
The problem is caused by the last engine update of sophos antivirus.
I temperarly excludes explore.exe from the DEP feature from microsoft.


In windows 2003:

Properties of My Computer - advanced tab - Performance option - Tab Data Execution Prevention - Option Turn on DEP for all programs and ....... - Add explore.exe.

I have opened a Support incident at Sophos, if I have a solution I will add it to this post.

Marcel
0
 

Author Comment

by:jdunnill
ID: 22622668
I thought it would be related to an update. As a temporary fix till sophos and MS address this I have used shell viewer and disabled the sophos modules in explorer.exe

slotb007, I look forward to your post following Sophos' analysis of the error.

jd0323, We use Sophos also and juding by slotb007's post, looks like Sophos are to blame! I was beginning to regret installing SP3 but then realised one of the affected machines has SP2 still.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 

Expert Comment

by:IT-Jockey
ID: 22626642
All,
Have a look at the KB below
Sophos have acknowledged the issue and it should be fixed in 7.6.1
A workaround is detailed.

I'm suffering from the same issue.

http://www.sophos.com/support/knowledgebase/article/46484.html
0
 
LVL 1

Expert Comment

by:mike2747
ID: 22664990
JOIN THE CLUB.... Only Sophos is not even part of our equation. I've had the DEP and Explorer crash errors on four computers in the last 24 hours. This was with an clean, OEM install of XP Pro (SP3 integrated) just after running windows updates... I believe Java, Flash player, and Adobe Reader were the only pieces of software installed. What's going on??????

Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x016b0644
0
 
LVL 1

Expert Comment

by:mike2747
ID: 22734692
Does anyone have a solution yet? This problem is EVERYWHERE and is caused by an update from Microsoft without question. Sophos may be part of the problem for some, but Sophos has not been on any of the ten computers i've seen in the past two weeks that have this issue. Again, this has happened on a clean XP install, just after windows updates. It's happened on SP2 and SP3 builds, laptops, desktops, different networks, etc...

Some others that are stumped:

http://www.edugeek.net/forums/windows/24681-explorer-crashing-dep-3.html#post238367

http://www.suggestafix.com/index.php?showtopic=31055

http://forums.techguy.org/malware-removal-hijackthis-logs/759194-windows-explorer-has-encountered-problem.html
0
 
LVL 1

Expert Comment

by:mike2747
ID: 22734815
This error is now on my personal laptop. If I go to add/remove programs and show updates, the following updates were installed on 9/25/08. One of these is the culprit!

KB938127-V2
KB951978
KB952287
KB952954
KB953839
KB951072-V2
KB951698
KB938464
KB946648
KB951748
KB950762
KB951376-V2
KB951066
KB950974
0
 

Author Comment

by:jdunnill
ID: 22739191
I have no idea what's causing it. But I managed to stop it on two machines by installing shellview and disabling all processings within explorer.exe that were not Microsoft. It worked on 3 out of 4 machines. Try that. Sounds like it is a Microsoft issue. A worker here said it happened on her home computer and she uses Norton.

Do you have any AV on minimal machines you're getting the issue with?

I'm, just trying to sit tight till the problem goes away. Even the machine that couldn't be fixed using the above method seems to do it a hell of alot less. It used to be all the time.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22965644
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now