Hey there! Sign in to join this conversationNew here? Join for free

Virus may have corrupted explorer.exe - please help Watch

    • Thread Starter
    Offline

    2
    ReputationRep:
    Hi,
    Last night I got the new 'Fake MIcrosoft Security Essentials' trojan that's been doing the rounds. It installs itself via a Java backdoor and then tries to sell you fake anti virus software. The chain of events afterwards was as follows:

    • I ran RKILL.exe to kill active virus processes
    • This killed the virus processes that were active, and I was able to start new processes again. I downloaded and started MalwareBytes
    • Malwarebytes did a scan which fuond around 20 dodgy items (some of these predating this latest virus, almost certainly). I instructured MB to quarantine them.
    • MB informs me it has to restart. OK. I do this
    • Computer reloads. When windows loads, I get a black screen with a cursor for about 2 seconds, then the computer reboots and prompts me to start the Recovery Console
    • I do so, and do a System Restore. I'm now able to keep it stable, but with a black screen and just simple cursor. I try another system restore, and try running in safe mode. Still getting the same. explorer.exe doesn't run and if I try to start it, I just get a black command prompt box for a fraction of a second.


    I'd be very grateful if someone could give me any ideas as to what I could do. My current plan of action is to obtain an xHDD from somewhere, use a Linux live cd to access my files and move them over to the xhdd, then reinstall windows. I've got a shitload on at the moment (coursework due Weds, UCAS still not submitted, etc) though and if possible it would be very helpful if I could just get my computer running. If anyone has any experience of this or similar viruses, I would be very grateful for your assistance.

    Thanks in advance,

    Matt
    Offline

    0
    ReputationRep:
    (Original post by TheFatController)
    Hi,
    Last night I got the new 'Fake MIcrosoft Security Essentials' trojan that's been doing the rounds. It installs itself via a Java backdoor and then tries to sell you fake anti virus software. The chain of events afterwards was as follows:

    • I ran RKILL.exe to kill active virus processes
    • This killed the virus processes that were active, and I was able to start new processes again. I downloaded and started MalwareBytes
    • Malwarebytes did a scan which fuond around 20 dodgy items (some of these predating this latest virus, almost certainly). I instructured MB to quarantine them.
    • MB informs me it has to restart. OK. I do this
    • Computer reloads. When windows loads, I get a black screen with a cursor for about 2 seconds, then the computer reboots and prompts me to start the Recovery Console
    • I do so, and do a System Restore. I'm now able to keep it stable, but with a black screen and just simple cursor. I try another system restore, and try running in safe mode. Still getting the same. explorer.exe doesn't run and if I try to start it, I just get a black command prompt box for a fraction of a second.


    I'd be very grateful if someone could give me any ideas as to what I could do. My current plan of action is to obtain an xHDD from somewhere, use a Linux live cd to access my files and move them over to the xhdd, then reinstall windows. I've got a shitload on at the moment (coursework due Weds, UCAS still not submitted, etc) though and if possible it would be very helpful if I could just get my computer running. If anyone has any experience of this or similar viruses, I would be very grateful for your assistance.

    Thanks in advance,

    Matt
    I'd follow that method, using a Live CD to back it up then reinstalling would be the most efficient method to ensure the virus is gone and to get explorer.exe working.
    I had similar experiances a few years back on Windows XP and I pretty much did what your planning.
    try it =]
    Offline

    15
    ReputationRep:
    Easiest way is going to be to backup from a Live CD or similar (making sure not to copy any viral data..), then either clean install WIndows, clean install another OS, or you could try and run a virus scan in Safe Mode (virus' can do a lot less in Safe Mode, so they're easier to get rid of..)
    • Thread Starter
    Offline

    2
    ReputationRep:
    Thanks for the help guys! I have created an Ubuntu Live CD and am using my infected PC with Ubuntu to post this.

    Thing is, I have a lot of 6th form deadlines this week (UCAS form, coursework, etc). I would rather get them done before I get deep into fixing my computer. The question is - can I safely use this PC on Ubuntu whilst it is still infected, or could the virus access and damage my data whilst I'm using Linux?

    Thanks in advance,

    Matt
    Offline

    0
    ReputationRep:
    (Original post by TheFatController)
    Thanks for the help guys! I have created an Ubuntu Live CD and am using my infected PC with Ubuntu to post this.

    Thing is, I have a lot of 6th form deadlines this week (UCAS form, coursework, etc). I would rather get them done before I get deep into fixing my computer. The question is - can I safely use this PC on Ubuntu whilst it is still infected, or could the virus access and damage my data whilst I'm using Linux?

    Thanks in advance,

    Matt
    Perfectly safe, running from a Live CD should be fine =] most windows viruses wont work in ubuntu, just remember to save your work elsewhere
 
 
 
Reply
Submit reply
TSR Support Team

We have a brilliant team of more than 60 Support Team members looking after discussions on The Student Room, helping to make it a fun, safe and useful place to hang out.

Updated: December 15, 2010
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • Poll
    Did TEF Bronze Award affect your UCAS choices?
    Useful resources

    Articles:

    The Student Room tech wikiTech forum guidelines

    Quick link:

    Unanswered technology and computers threads

    Sponsored features:

    Web Legend

    Win a Macbook Air!

    Blog about setting up a website for a chance to win in our Web Legend competition.

    Groups associated with this forum:

    View associated groups
  • See more of what you like on The Student Room

    You can personalise what you see on TSR. Tell us a little about yourself to get started.

  • The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

    Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

    Quick reply
    Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.