Solved

Get blue screen after logging in - won't recognise explorer.exe

Posted on 2008-10-14
6
788 Views
Last Modified: 2012-05-05
I have run anti-virus and anti-spyware software on a PC after it was infected and upon restarting the PC, it lets me login as the user but then goes to a blue screen and does nothing else. I have determined that the explorer.exe file is not in the task manager list and when I locate it, it is not recognised by the computer, saying "Windows cannot find 'C:\WINDOWS\explorer.exe'. Make sure you typed the name properly and try again."

At this point I am stuck as to what I should do next. any ideas?
0
Comment
Question by:herschellrd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 22717969
Are you logging in as the administrator? Tried safe mode?
Is the system actually missing that file? And so,do you have a BartPE type boot disk to check?
0
 

Expert Comment

by:Adlos
ID: 22717974
Is this anXP pc, i had the same issue It was infected with worms and trojans, which i managed to clean but since then did the same, finally had to rebuilt
0
 
LVL 22

Expert Comment

by:orangutang
ID: 22718023
Press Ctrl+Alt+Delete, click the "File" menu, click "New Task (Run...)", and run "iexplore" or whatever program you need to run. Using that, run Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) and send us your HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) log.
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 14

Expert Comment

by:Dhiraj Mutha
ID: 22718058
The best solution for this will be repair the OS. Go through the following on how to repair Windows XP.
http://pcsupport.about.com/od/operatingsystems/ss/instxprepair1_4.htm
 
0
 
LVL 92

Expert Comment

by:nobus
ID: 22718742
0
 

Accepted Solution

by:
herschellrd earned 0 total points
ID: 22763479
I found the dolution to my problem online as follwos -
PROBLEM:
Explorer.exe not starting
My wifes friend allowed an exchange student use her unprotected computer for a couple of weeks and it got loaded with viruses, trojans, adware, spyware and whatever else is out there. I got help from another site (didn't know about you) and got everything cleaned up too well. When windows boots up in safe or normal mode, I get a blank screen after logging in, blue in normal mode and black in safe mode, and the cursor. There is nothing else, no start button, sys tray, task bar or wall paper. When I try to manually start explorer.exe through task manager I get the message:"Windows cannot find 'C:\Windows\explorer.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search." Explorer.exe is in the C:\Windows directory, and I tried replacing it with the file from my computer. When I browse in task manager I can see all the files and programs are still there, I just can't get windows to link up and get the desktop going. I also get the message about windows not finding iexplore.exe so I can't get on line and do scans online. All scans must be downloaded on my computer and transferred to CD and run from there. Any help will be greatly appreciated. Attached is the HJT log. I have tried to repair XP with the XP CD and I have done an sfc /scannow both with no change.

SEVERAL POSSIBLE SOLUTIONS:
I was trying some stuff and I renamed 'explorer.exe' to 'zexplorer.exe', manually started it and it worked. I went into the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon and changed the string for Shell to 'zexplorer.exe', restarted and the desktop reappeared fine as new. I then changed 'iexplore.exe' to 'ziexplore.exe' and I was able to get on the internet no problem.

AND:
To restore windows ability to gain access to explorer.exe and iexplore .exe please remove the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe
-------------------------------------------------

Tried renaming c:\windows\explorer.exe to "zexplorer.exe", then tried running "zexplorer.exe" from task manager -> now it loads an explorer (filemanager) window!

Went into registry and found key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Changed value to:
Shell = "zexplorer.exe"

restarted pc & now explorer shell does load normally.

went into registry - found & deleted key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

then reversed first two changes:
- renamed "zexplorer.exe" back to "explorer.exe"
- changed Winlogon: Shell value back to "explorer.exe"

restarted again -> explorer shell loading normally again!
looks like the "Image File Execution Options\explorer.exe" key was the one preventing explorer shell running!
--------------------
under safe mode, installed Malwarebytes Anti-Malware software, ran a scan & removed discovered problems.
restarted (normal mode) - red [X] in system tray with spyware warning still appears.
Actual balloon warning:
========
Your computer is infected!
Windows has detected spyware infection!

It is recommended to use special antispyware tools to pervent
data loss. Windows will now download and install the most
up-to-date antispyware for you.

Click here to protect your computer from spyware!
========

used Sysinternals utilities: Autoruns & Process Explorer to check running processes & narrowed possibilities down. After some trial & error, found cause of popup warning:
Process: brastk.exe
starts in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key.
Value...  brastk = brastk.exe

Removed this, then restarted again -> Computer infected warning now gone!!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question