Tech Support Guy banner
Cancel

Win Explorer problems

1927 Views 23 Replies 3 Participants Last post by  dvk01
P
i really dunno what the problem is. Well lemme start at the beginning

see if i open a window and click any video file (mkv, avi, you name it) the win explorer closes.

error report
AppName: explorer.exe AppVer: 6.0.2900.2180 ModName: unknown
ModVer: 0.0.0.0 Offset: 00000000

if i try to open them using win media player, the win explorer closes and the media player can't play the file and also closes

error report
AppName: wmplayer.exe AppVer: 10.0.0.3646 ModName: unknown
ModVer: 0.0.0.0 Offset: 00000000

now to complicate things, i got a file from my cousin which contained a worm, called I-Worm/VB.KU. i noticed the explorer problems after i got this file.

spyware guard detected it but i am not sure if it stopped it as i tried to heal it but it was in a cdrom so it could not be deleted, so did i get infected or what?

are my explorer problems because of the worm? everything else in my system is functioning ok BUT viewing media files.

i also tried vlc to play the media files, and all is ok. i also tried opening a file, and used the vlc as a window explorer and all went well. i used it to move files and stuff. so am i infected or is my explorer screwed or what?

BTW i ran avg free and avg anti spyware, Advanced Spyware Remover and ad aware and found no worms or trojans. please help, i don't want to format my HD.
See less See more
Save
Like
Status
Not open for further replies.
1 - 8 of 24 Posts
dvk01
definitely spyware troubles

1st
download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop
right click the file and select install, that will reset the zone settings that have been altered

and also

Download: ResetProtocolDefaults.reg
http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg

Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)

then

Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/We...bridge-c18.cab

then

Download Combofix to your desktop:

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
See less See more
Save
Like
dvk01
nothing showing in combofix but when those we fixed show it normally means quite a deep infection

hopefully AVG antispyware got it but to be safe

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory Objects
    • Sweep Windows Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
See less See more
Save
Like
dvk01
if it's still scanning it must be finding something

post back when it's finished and we can see what it found & fixed
Save
Like
dvk01
post new HJT log please
Save
Like
dvk01
If spysweeper isn't working well on your computer & that could be due to a non english windows version then it would be better to uninstall it

if everything seems fine then

Turn off system restore by following instructions here
http://www.thespykiller.co.uk/forum/index.php?page=8
That will purge the restore folder and clear any malware that has been put in there. Then reboot & then re-enable sytem restore & create a new restore point.

go here http://forums.techguy.org/t208517/s.html for info on how to tighten your security settings and how to help prevent future attacks.
and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Then pay an urgent visit to windows update & make sure you are fully updated & get the bunch of new updates that are alleged to plug the security holes that let these pests on in the first place

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
See less See more
Save
Like
dvk01
I don't know what that is but it looks like something to do with avg

I would ask about that on the AVG support forum as I don't use AVG so I don't know if it's genuinely part of AVG or not

Perhaps other AVG users here will pop up & say if they have it
Save
Like
dvk01
I don't think it is anything bad, just the writing has corrupted

what happens when you select it
Save
Like
dvk01
It's not surprising it is finding the same things

You have downloaded Illegal cracks from P2P sites instead of buying the programs & wonder why they are infected

There is no way you will ever fix this without dumping every P2P program you have

delete EVERYTHING you have ever downloaded using P2P and uninstall all the programs you illegally stole using the cracks

When you have done all that then run an antivirus scan & see what it still finds

It also looks like you have attempted to bypass windows activation & WGA validation with another illlegal patch & that is also what is being found

before we will even consider helping you any further

  • Please go here using Internet Explorer.
  • Click on "Windows Validation Assistant"
  • Click on the "Validate Now" button.
  • Be patient while the ActiveX loads, do not click on any links.
  • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  • Enter your product key then click "continue"
  • When it says "Validation Complete" please click "Continue to return to your previous activity"
  • Copy what it says and paste it here.
See less See more
Save
Like
1 - 8 of 24 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top