Home    General Stuff    General Chat
#1

Quick computer help

Archive: 9 posts


Long story short my explorer.exe got a trojan virus infection so now whenever I boot windows it crashes through BSOD as soon as explorer.exe loads and it can't boot in safe mode. Luckily I have an ubuntu partition on my external harddrive, so I've been able to scan the system etc. - there are four files infected:

"/media/OS/Windows/System32/drivers/rasacd.sys: Trojan.TDSS-3754 FOUND
/media/OS/Windows/System32/wininit.exe: Trojan.Patched-155 FOUND
/media/OS/Windows/winsxs/x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0 fd9feb665531f63/rasacd.sys: Trojan.TDSS-3754 FOUND
/media/OS/Windows/explorer.exe: Trojan.Patched-155 FOUND"

I can't run normal windows virus removers on ubuntu - however, I could theoretically run them on windows if explorer.exe didn't load on boot.

Does anyone know if it is safe to rename explorer.exe so that it won't be loaded on boot? Will I then be able to rename it back to exlporer.exe from ubuntu so that it works normally again?

Thanks
2010-11-05 23:11:00

Author:
dawesbr
Posts: 3280


I'd nether reccomend changing important file names, but maybe one of the tech savy people here could help2010-11-05 23:38:00

Author:
MrFunctionality
Posts: 637


I wouldn't think renaming explorer.exe would make a difference. I know from practical jokes that going into task manager and disabling explorer.exe basically removes all of the gui, although you might be able to get files and folders working by using run as i know that still works.

I would be careful about doing it but it shouldn't cause too much problem renaming it.
2010-11-05 23:47:00

Author:
robotiod
Posts: 2662


wow... I don't think so. Basically explorer.exe is pretty much the windows gui.. I think not having it will crash windows or cause a dump.

However you might be able to get around it all using the recovery console and load a good copy of explorer.exe from a backup for example.

http://support.microsoft.com/kb/307654
2010-11-05 23:50:00

Author:
jwwphotos
Posts: 11383


The thing is jww, xkappax is right, disabling windows explorer after boot is perfectly fine from a stability point of view. In fact, if I'm running something cpu intensive, I will always end the process to free up that bit more memory. The only thing I am concerned with is windows finding the explorer file missing and crashing/trying to remedy it automatically and doing something horrendous.2010-11-05 23:57:00

Author:
dawesbr
Posts: 3280


Ahh ok. You might be ok with that then. I know I have had some issues where explorer.exe got corrupted and gave me some issues and I thought it had given me the blue screen and a dump. ..that was awhile ago though. I know you can kill it off afterward, but I was thinking you were talking about renaming it and doing a cold boot.

I would still look into booting off the CD though.. you might find the recovery console kinda handy in some of what you are wanting to do.
2010-11-06 00:11:00

Author:
jwwphotos
Posts: 11383


It's windows vista that came on the laptop so I don't have the CD, plus for some reason it comes up as Windows Recovery Console on my bootloader but loads as normal vista so it's all a bit weird. I WOULD be renaming it and doing a cold boot is the thing. I literally have about 1-2 seconds between typing in my password and pressing enter and the computer BSOD'ing, so I don't have time to access taskmgr and stop explorer.exe - essentially, I want to load windows without loading explorer, but I can't access msconfig and edit the startup list - would it be safe just to rename explorer.exe so the startup couldn't find it?2010-11-06 00:28:00

Author:
dawesbr
Posts: 3280


OOOoooo Vista and no CD... ouch. That I am not sure about. I have it on my laptop only. I've never tinkered with it beyond cursing at it for being such a memory hog.

Lessee.. I would think renaming would not hurt you more than you already have. In doing some searches on the internet, I see a few folks asking about it not loading correctly, but nothing more to your question.

I am still looking though..
2010-11-06 00:41:00

Author:
jwwphotos
Posts: 11383


Does anyone know if it is safe to rename explorer.exe so that it won't be loaded on boot?

Well, if it doesn't work as-is, how can that make it any worse?



Will I then be able to rename it back to exlporer.exe from ubuntu so that it works normally again?

Of course.

Also, it might be worth doing a quick "find /media/OS -name explorer.exe" to see if there's another copy of explorer floating around somewhere which isn't infected, then you could try using that instead.

If not, some laptops have a recovery partition and/or retain the original CAB file which contains a vanillia copy of explorer.exe, if you have the ability to extract CAB files on linux.



Basically explorer.exe is pretty much the windows gui..

Not quite. You can kill explorer.exe, and still have other GUI programs running. You just don't get the desktop icons & start bar, and you have to start processes from task manager (CTRL-ALT-DELETE then "Start Task Manager" will let you run that).

Still, it might panic and fail, if it can't find explorer.exe upon boot - I've had to kill it from time-to-time, but I've never tried removing it.
2010-11-06 18:26:00

Author:
Aya042
Posts: 2870


LBPCentral Archive Statistics
Posts: 1077139    Threads: 69970    Members: 9661    Archive-Date: 2019-01-19

Datenschutz
Aus dem Archiv wurden alle persönlichen Daten wie Name, Anschrift, Email etc. - aber auch sämtliche Inhalte wie z.B. persönliche Nachrichten - entfernt.
Die Nutzung dieser Webseite erfolgt ohne Speicherung personenbezogener Daten. Es werden keinerlei Cookies, Logs, 3rd-Party-Plugins etc. verwendet.