Solved

Get blue screen after logging in - won't recognise explorer.exe

Posted on 2008-10-14
6
777 Views
Last Modified: 2012-05-05
I have run anti-virus and anti-spyware software on a PC after it was infected and upon restarting the PC, it lets me login as the user but then goes to a blue screen and does nothing else. I have determined that the explorer.exe file is not in the task manager list and when I locate it, it is not recognised by the computer, saying "Windows cannot find 'C:\WINDOWS\explorer.exe'. Make sure you typed the name properly and try again."

At this point I am stuck as to what I should do next. any ideas?
0
Comment
Question by:herschellrd
6 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 22717969
Are you logging in as the administrator? Tried safe mode?
Is the system actually missing that file? And so,do you have a BartPE type boot disk to check?
0
 

Expert Comment

by:Adlos
ID: 22717974
Is this anXP pc, i had the same issue It was infected with worms and trojans, which i managed to clean but since then did the same, finally had to rebuilt
0
 
LVL 22

Expert Comment

by:orangutang
ID: 22718023
Press Ctrl+Alt+Delete, click the "File" menu, click "New Task (Run...)", and run "iexplore" or whatever program you need to run. Using that, run Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) and send us your HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) log.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 22718058
The best solution for this will be repair the OS. Go through the following on how to repair Windows XP.
http://pcsupport.about.com/od/operatingsystems/ss/instxprepair1_4.htm
 
0
 
LVL 92

Expert Comment

by:nobus
ID: 22718742
0
 

Accepted Solution

by:
herschellrd earned 0 total points
ID: 22763479
I found the dolution to my problem online as follwos -
PROBLEM:
Explorer.exe not starting
My wifes friend allowed an exchange student use her unprotected computer for a couple of weeks and it got loaded with viruses, trojans, adware, spyware and whatever else is out there. I got help from another site (didn't know about you) and got everything cleaned up too well. When windows boots up in safe or normal mode, I get a blank screen after logging in, blue in normal mode and black in safe mode, and the cursor. There is nothing else, no start button, sys tray, task bar or wall paper. When I try to manually start explorer.exe through task manager I get the message:"Windows cannot find 'C:\Windows\explorer.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search." Explorer.exe is in the C:\Windows directory, and I tried replacing it with the file from my computer. When I browse in task manager I can see all the files and programs are still there, I just can't get windows to link up and get the desktop going. I also get the message about windows not finding iexplore.exe so I can't get on line and do scans online. All scans must be downloaded on my computer and transferred to CD and run from there. Any help will be greatly appreciated. Attached is the HJT log. I have tried to repair XP with the XP CD and I have done an sfc /scannow both with no change.

SEVERAL POSSIBLE SOLUTIONS:
I was trying some stuff and I renamed 'explorer.exe' to 'zexplorer.exe', manually started it and it worked. I went into the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon and changed the string for Shell to 'zexplorer.exe', restarted and the desktop reappeared fine as new. I then changed 'iexplore.exe' to 'ziexplore.exe' and I was able to get on the internet no problem.

AND:
To restore windows ability to gain access to explorer.exe and iexplore .exe please remove the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe
-------------------------------------------------

Tried renaming c:\windows\explorer.exe to "zexplorer.exe", then tried running "zexplorer.exe" from task manager -> now it loads an explorer (filemanager) window!

Went into registry and found key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Changed value to:
Shell = "zexplorer.exe"

restarted pc & now explorer shell does load normally.

went into registry - found & deleted key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

then reversed first two changes:
- renamed "zexplorer.exe" back to "explorer.exe"
- changed Winlogon: Shell value back to "explorer.exe"

restarted again -> explorer shell loading normally again!
looks like the "Image File Execution Options\explorer.exe" key was the one preventing explorer shell running!
--------------------
under safe mode, installed Malwarebytes Anti-Malware software, ran a scan & removed discovered problems.
restarted (normal mode) - red [X] in system tray with spyware warning still appears.
Actual balloon warning:
========
Your computer is infected!
Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent
data loss. Windows will now download and install the most
up-to-date antispyware for you.

Click here to protect your computer from spyware!
========

used Sysinternals utilities: Autoruns & Process Explorer to check running processes & narrowed possibilities down. After some trial & error, found cause of popup warning:
Process: brastk.exe
starts in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key.
Value...  brastk = brastk.exe

Removed this, then restarted again -> Computer infected warning now gone!!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question