1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Explorer.exe restarting every 5-10 seconds

By thodoris85
Nov 27, 2008
  1. Hello, had these problems and found this site to upload my hijackthis log.

    explorer.exe restarting and the first two google/yahoo searches redirect to something like h33p://go.google.com/?u=etc etc or h33p://go.yahoo.com/?u=etc etc

    thanks for any help

    EDIT: "regedit" doesnt work. there is a popup window saying:
    "Registry editing has been disabled by your administrator"
    which I (as admin) havent done such thing, and on the other hand my account is an admin account.

    I have tryed "UnHookExec.ini" under safe mode and then I could use the regedit as usual, but when I go to normal mode again I cant exec regedit.

    EDIT2: I managed to run SuperAntiSpyware (had to change the name of the .exe file) and removed some vundo and other types of trojan.
    The explorer.exe does not restart now, but the regedit and the google/yahoo search problem persist. Also there are popup from IE with adverts.
    Then executed hijackthis again (crusty.exe) and I have attached/replaced the log file on this post.

    EDIT3: I just managed ton install and run MBAM. Here is a full list of my log files from these three programs.
    Also I am not able to run any updates on antivirus antispyware or zonealarm.

    Found by Zonealarm (all deleted):
    Kazaa Lite goop 28 on HKCU\Software\Kazaa (Directory: C:\Windows\Downloaded Installations)
    P2P-Worm.Win32.Logpole.c on HKCU\Software\Kazaa\LocalContent
    Atdmt on C:\Document and Settings\Thodoris\Cookies\thodoris@atdmt[1].txt
    Doubleclick on C:\Document and Settings\Thodoris\Cookies\thodoris@doubleclick[1].txt

    Found from Avast:
    C:\Documents and Settings\Thodoris\My Documents\My Music\Ksena\zzz resto\Coldplay - Viva La Vida [2008] 320Kbps\10 Coldplay - Death And All His Friends.mp3 (WMA:Wimad [Drp])
    C:\System Volume Information\_restore{874739E1-1326-4F8C-AF06-1BB687DC90B1}\RP224\A0050737.dl (Win32:Lighty-G [Cryp])
    C:\WINDOWS\system32\jhsrf832jbnefe.dll (Win32:Lighty-G [Cryp])
    C:\Documents and Settings\Nikoula\Local Settings\Application Data\Opera\Opera\profile\cache4\opr000XR (JS:Agent-CK [Trj])
    C:\Avenger\TDSSnjaa.sys (Win32:Tidserv [Trj])

    C:\System Volume Information\_restore{874739E1-1326-4F8C-AF06-1BB687DC90B1}\RP224\A0050852.sys (used to have that Win32:Tidserv [Trj] but I rescanned and its clean now..I didnt clean it)

    All the above files from Avast are in the chest now
  2. rf6647

    rf6647 TS Maniac Posts: 829

    Welcome to TS. Your problem statement is very helpful. I am trying to anticipate your needs. You are now facing dificulties.

    Observation: You will recognize that other parts of this message duplicates a message for another user. This is pure conjecture on my part, but the help offered by message # 3, may be more appropriate since you cite 'regedit' symptom. It will add to understanding here, when you give feedback if 'tdssserv.sys' is not present when following message # 1.

    In case of difficulty, attempt this method
    Note, one user reported the need to restart in safe mode with networking, as the relief was temporary. This refers to message #1.
    Additional note: Message #3 link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'

    Other: As part of your response, please feedback which method was effective. Message #1 is for the specific named trojan, and message # 3 has broader coverage.

    Genreal Remark: - React to unanswered items appearing in scan logs
    • NO Action’ - Remove Selected when offered by MBAM
    • 'Delete on Reboot’ - Restart the computer after concluding the scan
    Proceeding along a typical path.
    • Update both MBAM & SAS. Rerun them both.
    • This effort is complete when logs report NO infections/threats, or reporting something it can not clean.
    • Restart the computer. Scan with HJT.
    • Posts logs. Report progress & what changes are observed.
  3. thodoris85

    thodoris85 TS Rookie Topic Starter

    sory for the late reply.
    thank you for your post-help. I had done a stupid think and I put into chest (quarantine) some dll files from the windows/system32 folder because they were infected.
    The outcome of this was that I could not start my computer at all.

    So I had to connect my hard drive to another computer to save my files, and then I decided to format.

    once again, thank you for your time!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...