Solved

DEP error and Explorer.exe crash on multiple computers?

Posted on 2008-10-01
12
2,621 Views
Last Modified: 2013-12-04
Since Monday (it's now Wednesday) some users on our network have been getting the Data Execution error and when clicking close Explorer.exe error occurs, task bar disappears and comes back and all is fine again.

It seems to happen when programs are closed.

It started on one machine, then a 2nd machine started yesterday and today a 3rd machine. I am worried this issue is spread to the whole network. It is very annoying and obviously a huge interruption to work.

I'm not going to post the whole message as I have trouble replicating the error on demand and don't have a copy of it, however when I did some googling on the error, because the event error says unkown module in explorer.exe caused the error I presume the whole message won't help in this case.

So I guess I am asking, has anyone else had a issue like this recently?

Could it be an antivirus (sophos) update? The 3 machines in question all have sophos and office. 2 have SP3 and 1 has SP2. 2 have office 2007 and 1 has office 2003, so only sophos is the same on all machines, yet all our other 15 machines remain unaffected so far.

If it is a Sophos update causing this then I expect all machines to suffer from it soon and I expect many people around the world to have the same issue.

I don't think it's a domain error as one machine is set to log on locally and not the domain.

The machines in question also lost their desktop wallpaper randomly over the past few weeks so this could be related.

I have used shell viewer to close all non-microsoft modules but I think this led to the corruption of an outlook mail box, either way I tried disabling different modules on each machine and so far the problem hasnt occurred.

The only other thing I can think would cause this would be Spiceworks, perhaps it's scanning and causing this.

If anyone has seen a similar issue or could take a guess at what it is to help save me some time it would be much appreciated.

Otherwise I will have to figure out what module is causing the issue and then try to fix the problem from the source and not the explorer.exe module.

...All machines are windows XP

Thanks
0
Comment
Question by:jdunnill
12 Comments
 

Expert Comment

by:securestep_technology
ID: 22616522
Have you added any hardware or printers to the network lately? Have you done a spyware scan on the PCs?
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22617694
download superantispyware from www.superantispyware.com and do a full scan...its free
0
 

Expert Comment

by:jd0323
ID: 22619254
Getting similar error.  What is the test of the error in the application log?

Ours is...
Faulting application explorer.exe, version 6.0.2900.2894, faulting module unknown, version 0.0.0.0, fault address 0x5a022e08.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

We are running Sophos, Windows XP SP2, and Office 2003 sp2 as primary.  Also, I lost the capability to update about 20 servers.
0
 
LVL 2

Expert Comment

by:slotb007
ID: 22622066
The problem is caused by the last engine update of sophos antivirus.
I temperarly excludes explore.exe from the DEP feature from microsoft.


In windows 2003:

Properties of My Computer - advanced tab - Performance option - Tab Data Execution Prevention - Option Turn on DEP for all programs and ....... - Add explore.exe.

I have opened a Support incident at Sophos, if I have a solution I will add it to this post.

Marcel
0
 

Author Comment

by:jdunnill
ID: 22622668
I thought it would be related to an update. As a temporary fix till sophos and MS address this I have used shell viewer and disabled the sophos modules in explorer.exe

slotb007, I look forward to your post following Sophos' analysis of the error.

jd0323, We use Sophos also and juding by slotb007's post, looks like Sophos are to blame! I was beginning to regret installing SP3 but then realised one of the affected machines has SP2 still.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Expert Comment

by:IT-Jockey
ID: 22626642
All,
Have a look at the KB below
Sophos have acknowledged the issue and it should be fixed in 7.6.1
A workaround is detailed.

I'm suffering from the same issue.

http://www.sophos.com/support/knowledgebase/article/46484.html
0
 
LVL 1

Expert Comment

by:mike2747
ID: 22664990
JOIN THE CLUB.... Only Sophos is not even part of our equation. I've had the DEP and Explorer crash errors on four computers in the last 24 hours. This was with an clean, OEM install of XP Pro (SP3 integrated) just after running windows updates... I believe Java, Flash player, and Adobe Reader were the only pieces of software installed. What's going on??????

Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x016b0644
0
 
LVL 1

Expert Comment

by:mike2747
ID: 22734692
Does anyone have a solution yet? This problem is EVERYWHERE and is caused by an update from Microsoft without question. Sophos may be part of the problem for some, but Sophos has not been on any of the ten computers i've seen in the past two weeks that have this issue. Again, this has happened on a clean XP install, just after windows updates. It's happened on SP2 and SP3 builds, laptops, desktops, different networks, etc...

Some others that are stumped:

http://www.edugeek.net/forums/windows/24681-explorer-crashing-dep-3.html#post238367

http://www.suggestafix.com/index.php?showtopic=31055

http://forums.techguy.org/malware-removal-hijackthis-logs/759194-windows-explorer-has-encountered-problem.html
0
 
LVL 1

Expert Comment

by:mike2747
ID: 22734815
This error is now on my personal laptop. If I go to add/remove programs and show updates, the following updates were installed on 9/25/08. One of these is the culprit!

KB938127-V2
KB951978
KB952287
KB952954
KB953839
KB951072-V2
KB951698
KB938464
KB946648
KB951748
KB950762
KB951376-V2
KB951066
KB950974
0
 

Author Comment

by:jdunnill
ID: 22739191
I have no idea what's causing it. But I managed to stop it on two machines by installing shellview and disabling all processings within explorer.exe that were not Microsoft. It worked on 3 out of 4 machines. Try that. Sounds like it is a Microsoft issue. A worker here said it happened on her home computer and she uses Norton.

Do you have any AV on minimal machines you're getting the issue with?

I'm, just trying to sit tight till the problem goes away. Even the machine that couldn't be fixed using the above method seems to do it a hell of alot less. It used to be all the time.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 22965644
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now