Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe infected with TR/Trash.Gen

Started by LePork , Mar 15 2011 12:27 PM

  • Please log in to reply

#1
LePork
Posted 15 March 2011 - 12:27 PM

LePork

    New Member

  • Member
  • Pip
  • 1 posts
After letting my younger siblings use my laptop for a few hours, I came back to see that right after I log in on my user account, I immediately get the error message that Windows Explorer has stopped working. The error message only gave me two options, one was to let Windows find a solution online and close Windows Explorer, and the second one was to just close it. No restart option. I tried using Task Manager to restart it but I keep getting the same error message.

Some programs work fine (like Firefox) even if I have opened them using Task Manager. Fearing that a virus/malware may have caused this, I tried running Malwarebytes, but nothing came up. My system apparently doesn't have a restore point, so System Restore would be useless. Weird thing is, CMD is telling me that I should be an admin to run /sfc scannow, even though the account I am using is an admin account.

I've tried almost every solution I came across online, but nothing worked.

My laptop is running on dual boot (Vista and XP) the Windows Explorer in Vista is the one that's been acting up. I tried rebooting to XP, and it worked. I scanned the Vista partition with Avira AntiVir while on XP. My Vista's explorer.exe in the winsxs folder is infected with a TR/Trash.Gen trojan. Earlier scans while on Vista did not show this, so I'm really stumped.

I'd quarantine my explorer.exe as per Avira's instructions, but I don't know what'll happen afterwards. So before I do anything stupid, I need advice.

Thanks.


Posted Image
Screenshot of Avira scan.
  • 0

Advertisements

#2
RKinner
Posted 18 March 2011 - 12:14 AM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
In Vista you have to do: Start, Programs, Accessories, then right click on Command Prompt then Run As Administrator before you can run SFC. Not exactly sure how you can do that from Task Manager. Perhaps you can run it from Safe Mode with Command Prompt?

If you can run OTL and post the log that would be a big help. Step 2 on http://www.geekstogo...alware-removal/

If not perhaps the OTLPE would work for you: http://oldtimer.geek...o.com/OTLPE.iso This is an ISO file that you Image Copy to a CD so that it is bootable.

Since you can get into Task Manager you may be able to run regedit. IF so look at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

There are several values in the right pane but two are most often targeted:

Shell which should have explorer.exe

UserInit should have C:\Windows\system32\userinit.exe, Tho with a dual boot I expect you will not use c:\windows



Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP