Explorer, IE and Control Panel Not Functioning

Status
Not open for further replies.
F

five12dude

Posts: 11   +0
Make: Toshiba
Model: Satellite R10
OS: Windows XP SP2
CPU: 1.8GHz Intel Pentium M
RAM: 1.0GB

Attempting to open My Computer, Explorer, I-Explorer or Control Panel causes a surge in CPU usage and then nothing.

Ran CCleaner and HiJack but still nothing is working normally.

Logfile from HiJack is attached.

Thanks guys.
 
When you say that you ran HijackThis did you fix anything already?

I don't see an anitivirus program installed.

Today's internet is simply suicide without an up to date antivirus.
Not much point in you and I cleaning up the system if you refuse to protect yourself.
However -- if you don't understand or cannot install an antivirus -- please let me know.

Please download ONE of the following antivirus programs and install it.
Once installed, Update it, run full system scan with it and allow it to fix up what it wants.
Reboot if it fixed anything.

You should get a firewall as well, either, these firewalls are all free,

I need you to follow all the steps HERE and then post back with the three requested logs as attachments
  • AVG antispyware
  • ComboFix
  • Hijackthis (step 15)

Dont forget to make sure that AVG is set to quarantine the results, that HJT is the last step and to let us know the results of the antirootkit scan.

This thread is for the use of five12dude only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Kritius,

I had Symantec loaded on the system but removed it after running a scan and it reported all clear. I intend to reload it but I was slowly eliminating programs and resource hogs to see if I could isolate the issue.

I'll see how much I can get through on the list and repost.

Thanks
 
I would advise against Norton, its a resource hog and hasnt got a great detection rate.

Read up on the ones that I mentioned earlier and pick one of them instead.

It is your choice though.
 
Kritius,

did not load Norton but AVG instead. Everything ran with little issue except the following:

1) CCleaner runs but hangs up trying to clear the IE Temporary files. If I look in the Temp directory under the user "local settings" folder I find 3 files that I cannot manually delete.

~DF537D.tmp
~DF63B2.tmp
~DFF2F4.tmp

If I run in Safe Mode I can bring up an Explorer Window and an Internet Browser but if I boot in Normal Windows mode I cannot.

2) AdAware did find a Trojan and Quaratined it.

Logs attached.

Thanks
 
My apologies for posting as a different user but I had forgotten that I was already registered on this site. Opps my bad! Please feel free to nix the five12dude account if you wish and I'll keep the former.

Thanks:eek:
 
oh clam down, it hasnt been that long, and how can we know for certain that its not just sometime playing a joke.

I have a backlog of logs, yours is in there please be patient.
 
Just inquiring and thanks for the update, it helps to know if anyone is following the thread or if I am in an endless queue.

The Trojan that was discovered by AdAware is:

Item Id: 300015600 Value: Root HKLM Path: system\currentcontrolset\services\psexesvc

The registry entry doesn't exist anymore when I go to find it via regedit but the problem persists that I cannot start Control Panel or Explorer.

Calmly waiting ;P
 
Fix entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entrieslisted below
    O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

Delete Files and Folders
  • Right Click on the start button and chose explore
  • Show all hidden files and folders, see how HERE
  • Navigate to the following files and folders and delete them(if still present)
C:\WINDOWS\PSEXESVC.EXE<---------This File

  • Empty the recycle bin.

Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update TAb at the top
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

Try that for now.
 
I believe AdAware took care of the PSEXESVC service and related files as I don't find them when running my HiJackThis scan. I have attached my latest log file.

Still no success with launching Control Panel, IE or Explorer window. The CPU goes to 100% and no response until I kill the Explorer process.
 
Update your Java Runtime Environment
  • First try going to Start -> Control Panel -> double click Java
  • Select the Update TAb at the top
  • Click the Check for Updates button at the bottom
  • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
  • After it installs the newest version Go back to Control Panel -> Add/remove programs
  • Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.
  • Click the following link
    Java Runtime Environment 6 Update 5
  • The 4th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder
Click to expand...

Do this for now, i have to sleep, ill see if I can think of anything tomorrow.
 
I tried the recommended Java update both ways (in Safe Mode) and I get a Windows Installer error

"The System Admin has set policies to prevent this installation."
 
Download to your Desktop this self-extracting ZIP archive FixPolicies.exe
  • Double-click FixPolicies.exe
  • Click the Install button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies
  • Double-click to Open the new Folder, and then double-click the file named Fix_Policies.cmd
  • A black box will briefly appear and then close. This will enable your Control Panel, Task Manager and stop any Administrative warning

This probably wont wotk but we should at least exhaust all possibilities
 
As you guessed...did not work.

error.jpg
 
Java may be backlevel quiet a bit, but the infection is no Java itself --
attend to the real issue.

Yes, GPO settings can disable installs at the wish of the administrator.
 
I ran the MicroTrend web based antivirus scan called HouseCall in SafeMode and found 94 trojans/malware issues. (I can't run it when logged in as the user since IE will not come up)

I cleaned the issues using HouseCall and rebooted.

Ran SFC /scannow to check on the integrity of the OS files. It didn't report anything explicitly but I have not used it before so I am unsure if it actually makes a report or not.

Thanks
 
Problem solved...

I created a new user account and deleted the old account and now have IE, Control Panel and My Computer responding and working.

Thanks
 
Status
Not open for further replies.

Similar threads

O
Inactive Unknown Rootkit infection Explorer modified
2
Replies
29
Views
8K
Broni
Broni
P
Inactive Side bar "crazy score" and browser re-directs immediately after mbam-malware scans removing virus
Replies
5
Views
3K
Broni
Broni
A
Solved Infection reinfects after disinfection
Replies
21
Views
6K
Broni
Broni

Latest posts

Back