Solved

Get blue screen after logging in - won't recognise explorer.exe

Posted on 2008-10-14
6
775 Views
Last Modified: 2012-05-05
I have run anti-virus and anti-spyware software on a PC after it was infected and upon restarting the PC, it lets me login as the user but then goes to a blue screen and does nothing else. I have determined that the explorer.exe file is not in the task manager list and when I locate it, it is not recognised by the computer, saying "Windows cannot find 'C:\WINDOWS\explorer.exe'. Make sure you typed the name properly and try again."

At this point I am stuck as to what I should do next. any ideas?
0
Comment
Question by:herschellrd
6 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 22717969
Are you logging in as the administrator? Tried safe mode?
Is the system actually missing that file? And so,do you have a BartPE type boot disk to check?
0
 

Expert Comment

by:Adlos
ID: 22717974
Is this anXP pc, i had the same issue It was infected with worms and trojans, which i managed to clean but since then did the same, finally had to rebuilt
0
 
LVL 22

Expert Comment

by:orangutang
ID: 22718023
Press Ctrl+Alt+Delete, click the "File" menu, click "New Task (Run...)", and run "iexplore" or whatever program you need to run. Using that, run Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) and send us your HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) log.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 22718058
The best solution for this will be repair the OS. Go through the following on how to repair Windows XP.
http://pcsupport.about.com/od/operatingsystems/ss/instxprepair1_4.htm
 
0
 
LVL 91

Expert Comment

by:nobus
ID: 22718742
0
 

Accepted Solution

by:
herschellrd earned 0 total points
ID: 22763479
I found the dolution to my problem online as follwos -
PROBLEM:
Explorer.exe not starting
My wifes friend allowed an exchange student use her unprotected computer for a couple of weeks and it got loaded with viruses, trojans, adware, spyware and whatever else is out there. I got help from another site (didn't know about you) and got everything cleaned up too well. When windows boots up in safe or normal mode, I get a blank screen after logging in, blue in normal mode and black in safe mode, and the cursor. There is nothing else, no start button, sys tray, task bar or wall paper. When I try to manually start explorer.exe through task manager I get the message:"Windows cannot find 'C:\Windows\explorer.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search." Explorer.exe is in the C:\Windows directory, and I tried replacing it with the file from my computer. When I browse in task manager I can see all the files and programs are still there, I just can't get windows to link up and get the desktop going. I also get the message about windows not finding iexplore.exe so I can't get on line and do scans online. All scans must be downloaded on my computer and transferred to CD and run from there. Any help will be greatly appreciated. Attached is the HJT log. I have tried to repair XP with the XP CD and I have done an sfc /scannow both with no change.

SEVERAL POSSIBLE SOLUTIONS:
I was trying some stuff and I renamed 'explorer.exe' to 'zexplorer.exe', manually started it and it worked. I went into the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon and changed the string for Shell to 'zexplorer.exe', restarted and the desktop reappeared fine as new. I then changed 'iexplore.exe' to 'ziexplore.exe' and I was able to get on the internet no problem.

AND:
To restore windows ability to gain access to explorer.exe and iexplore .exe please remove the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe
-------------------------------------------------

Tried renaming c:\windows\explorer.exe to "zexplorer.exe", then tried running "zexplorer.exe" from task manager -> now it loads an explorer (filemanager) window!

Went into registry and found key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Changed value to:
Shell = "zexplorer.exe"

restarted pc & now explorer shell does load normally.

went into registry - found & deleted key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

then reversed first two changes:
- renamed "zexplorer.exe" back to "explorer.exe"
- changed Winlogon: Shell value back to "explorer.exe"

restarted again -> explorer shell loading normally again!
looks like the "Image File Execution Options\explorer.exe" key was the one preventing explorer shell running!
--------------------
under safe mode, installed Malwarebytes Anti-Malware software, ran a scan & removed discovered problems.
restarted (normal mode) - red [X] in system tray with spyware warning still appears.
Actual balloon warning:
========
Your computer is infected!
Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent
data loss. Windows will now download and install the most
up-to-date antispyware for you.

Click here to protect your computer from spyware!
========

used Sysinternals utilities: Autoruns & Process Explorer to check running processes & narrowed possibilities down. After some trial & error, found cause of popup warning:
Process: brastk.exe
starts in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key.
Value...  brastk = brastk.exe

Removed this, then restarted again -> Computer infected warning now gone!!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now