Explorer.exe Missing

Status
Not open for further replies.
C

ChrisLam

Posts: 78   +0
Hello All.

My mom was using the computer (Windows XP Professional), then she called me down. On the screen was a Threatfire program (some real-time malware program or something), and it had said that a file was trying to copy an executable file somewhere. She had accidentily clicked "Allow this process to continue" before she had called me down. The file name was "3.exe", located somewhere in the temp folders. I clicked kill this process and quarantine it, then a few seconds later, a similar pop-up came up, this time "1.exe". Again, I chose to kill and quarantine it. The progam said that it needed the computer to restart to completely get rid of the harmful files, so I clicked yes to restart the computer now. The computer restarted, and nothing loaded up, no taskbar, no icons, etc, but the desktop wallpaper loaded up. I knew that this had to do with explorer.exe, so I opened up Task Manager and went to File>Run, and typed in explorer.exe. It said that Windows could not find it, so I clicked browse to see if explorer was in the WINDOWS folder, and I could not find it. Now when I log on to the computer, explorer.exe does not load and the file can not be found. Any ideas on how I can fix this problem?

Thanks,
Chris Lam
 
You should have posted this in the other thread, I still think this has to do with a rootkit that approved itself to replace shell=

Is this the same computer?
 
It seems that now the problem is fixed. Somehow I was able to copy and paste explorer.exe from another computer to my flash drive, and run that file on the computer with the problem. Then, I made a copy of it to my desktop, and used that explorer.exe, in hopes that I could copy and paste the unused explorer to the C:\WINDOWS directory. However, this did not work, so I tried moving it (cut and paste), and miracuosly, it worked! I rebooted the computer, and Windows and the registry seemed to read the file fine and everything loaded up normally.

EDIT: Oh yea, I checked the program's log, and it said that it had moved 3.exe and explorer.exe to the quarantine thingy. As of now, the computer is running fine.

EDIT2: I've noticed that when I am browsing sites on Firefox, it says that the certificate is expired, for most of the pages... Could it be that data being received and sent is being intercepted by a third party?
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
losdavos
Malware removal help, please and thank you!
Replies
1
Views
827
losdavos
losdavos
J
Macrum Reflect free Update confusion
Replies
0
Views
438
joe935
J

Latest posts

Back