Solved

Get blue screen after logging in - won't recognise explorer.exe

Posted on 2008-10-14
6
781 Views
Last Modified: 2012-05-05
I have run anti-virus and anti-spyware software on a PC after it was infected and upon restarting the PC, it lets me login as the user but then goes to a blue screen and does nothing else. I have determined that the explorer.exe file is not in the task manager list and when I locate it, it is not recognised by the computer, saying "Windows cannot find 'C:\WINDOWS\explorer.exe'. Make sure you typed the name properly and try again."

At this point I am stuck as to what I should do next. any ideas?
0
Comment
Question by:herschellrd
6 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 22717969
Are you logging in as the administrator? Tried safe mode?
Is the system actually missing that file? And so,do you have a BartPE type boot disk to check?
0
 

Expert Comment

by:Adlos
ID: 22717974
Is this anXP pc, i had the same issue It was infected with worms and trojans, which i managed to clean but since then did the same, finally had to rebuilt
0
 
LVL 22

Expert Comment

by:orangutang
ID: 22718023
Press Ctrl+Alt+Delete, click the "File" menu, click "New Task (Run...)", and run "iexplore" or whatever program you need to run. Using that, run Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) and send us your HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) log.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 22718058
The best solution for this will be repair the OS. Go through the following on how to repair Windows XP.
http://pcsupport.about.com/od/operatingsystems/ss/instxprepair1_4.htm
 
0
 
LVL 92

Expert Comment

by:nobus
ID: 22718742
0
 

Accepted Solution

by:
herschellrd earned 0 total points
ID: 22763479
I found the dolution to my problem online as follwos -
PROBLEM:
Explorer.exe not starting
My wifes friend allowed an exchange student use her unprotected computer for a couple of weeks and it got loaded with viruses, trojans, adware, spyware and whatever else is out there. I got help from another site (didn't know about you) and got everything cleaned up too well. When windows boots up in safe or normal mode, I get a blank screen after logging in, blue in normal mode and black in safe mode, and the cursor. There is nothing else, no start button, sys tray, task bar or wall paper. When I try to manually start explorer.exe through task manager I get the message:"Windows cannot find 'C:\Windows\explorer.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search." Explorer.exe is in the C:\Windows directory, and I tried replacing it with the file from my computer. When I browse in task manager I can see all the files and programs are still there, I just can't get windows to link up and get the desktop going. I also get the message about windows not finding iexplore.exe so I can't get on line and do scans online. All scans must be downloaded on my computer and transferred to CD and run from there. Any help will be greatly appreciated. Attached is the HJT log. I have tried to repair XP with the XP CD and I have done an sfc /scannow both with no change.

SEVERAL POSSIBLE SOLUTIONS:
I was trying some stuff and I renamed 'explorer.exe' to 'zexplorer.exe', manually started it and it worked. I went into the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon and changed the string for Shell to 'zexplorer.exe', restarted and the desktop reappeared fine as new. I then changed 'iexplore.exe' to 'ziexplore.exe' and I was able to get on the internet no problem.

AND:
To restore windows ability to gain access to explorer.exe and iexplore .exe please remove the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe
-------------------------------------------------

Tried renaming c:\windows\explorer.exe to "zexplorer.exe", then tried running "zexplorer.exe" from task manager -> now it loads an explorer (filemanager) window!

Went into registry and found key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Changed value to:
Shell = "zexplorer.exe"

restarted pc & now explorer shell does load normally.

went into registry - found & deleted key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

then reversed first two changes:
- renamed "zexplorer.exe" back to "explorer.exe"
- changed Winlogon: Shell value back to "explorer.exe"

restarted again -> explorer shell loading normally again!
looks like the "Image File Execution Options\explorer.exe" key was the one preventing explorer shell running!
--------------------
under safe mode, installed Malwarebytes Anti-Malware software, ran a scan & removed discovered problems.
restarted (normal mode) - red [X] in system tray with spyware warning still appears.
Actual balloon warning:
========
Your computer is infected!
Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent
data loss. Windows will now download and install the most
up-to-date antispyware for you.

Click here to protect your computer from spyware!
========

used Sysinternals utilities: Autoruns & Process Explorer to check running processes & narrowed possibilities down. After some trial & error, found cause of popup warning:
Process: brastk.exe
starts in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key.
Value...  brastk = brastk.exe

Removed this, then restarted again -> Computer infected warning now gone!!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
networked printer 4 81
Repair old Windows 2000 boot 15 233
change prefix in multiple files in one folder 11 74
Can’t delete a file 14 179
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question