1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Explorer Crashes

Discussion in 'Windows XP' started by dz03, Aug 3, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. dz03

    dz03 Thread Starter

    Joined:
    Jul 4, 2003
    Messages:
    60
    My Windows Explorer has once again started crashing while browsing directories. It happens while browsing one of my two hdds (the larger of the two, the OS is installed on the other one). Once I am deep enough in directories, Windows Explorer starts using the CPU more and more as if its executing some command or whatever, and then everything just disappears leaving only the wallpaper visible and then once Explorer automatically restarts, things return (besides the directories I had open). And I have tried browsing my smaller drive which has the OS installed on it to see if Explorer crashes, but it doesn't, however deep I go into the directories.
    It started happening after I had to reinstall IE because I need it to open some pages for me that no other browser could. It had happened once before and I had to completely reinstall/reformat to completely get rid of it. Last time I didn't have much trouble because my data was already backed up. This time I have a massive amount of data that needs ot be backed up and I am too busy right now to do it properly. I tried to get to the root of this problem and read around a little bit but only found out the following probable causes of the problem: either winlogon.exe or userinit.exe has been corrupted or there is some problem with them. Event Viewer lists this (there is no red cross by the event, just a blue "i"):

    I ran Spybot Search & Destroy and scanned the whole computer with Kaspersky antivirus with updated definitions for each. Had a few problems which were removed or deleted. Disabled all suspicous startup items through msconfig (Which reminds me, what is C:\WINDOWS\system32\reset.bat for?It was listed there but disabling it didn't make any difference).

    PS. I don't have my Windows XP installation/restore CDs at hand atm.

    I tried to be as clear as I could about the problem but if there are any ambiguities or questions, please let me know.


    Thanks.
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You can open the reset.bat using notepad, file open, switch to "all files".

    If you don't understand what it is you can post the contents here and we will help you with the file contents.

    Have you done disk cleanup, defrag etc?
     
  3. dz03

    dz03 Thread Starter

    Joined:
    Jul 4, 2003
    Messages:
    60
    No I haven't defragmented the drive yet. Good idea. Disk cleanup isn't going to do much good but I'll do it anyhow.

    Thats what reset.bat contains. Even though the company indicated by inuse.exe is Microsoft, it appears illegitimate. (It was located in C:\WINDOWS\repair\reset.bat, not the system32 folder.

    @echo off
    Rem: Brought to you by: By the best, The only
    Rem: people that did it.
    Rem: AngelDeath, Epyx, Slanchoca, DopeWeasel, Meph.
    Rem: The now Famous 5.

    batch.cmd
    inuse.exe security %systemroot%\system32\config\security /y >nul
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, I've asked someone else to look at it...
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    That is a bat file used by a back door hacker

    delete the bat file &

    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
    Click on the entry in start menu or on the desktop to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    also

    • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Doubleclick WinPFind.exe
    • Now Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
      • Reboot back to Normal Mode!
      • Go to the WinPFind folder
      • Locate WinPFind.txt
      • Place those results in the next post!.

    and

    download gmer from http://www.gmer.net

    save it somewhere safe & unzip it to desktop

    double click the gmer.exe to run it and select the rootkit tab, Do NOT select the show all button, press scan & when it has finished press save & copy the log back here
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Thank you Derek! (y)
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    depending on what the logs show as this bat file is designed to replace/alter the security hive in teh registry it frequently turns out safer to format & reinstall, but lets see what damage has been done first
     
  8. dz03

    dz03 Thread Starter

    Joined:
    Jul 4, 2003
    Messages:
    60
    I renamed the file and the executable instead of deleting them.

    Here's the HijackThis log:
    I'll do the WPFind steps later on today. In a hurry atm.
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    OK I'll wait for the wpfind log as that bat file if run would have lowered your security settings so much that anything will install

    lets see though
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Explorer Crashes
  1. sp113
    Replies:
    3
    Views:
    230
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489045

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice