Windows 7 explorer.exe trouble

[julio99]

My little Acer laptop had it's old antivirus expire last night so I decided to add ESET Nod32 AV5 to the mix because I had it running on my big laptop. I uninstalled Norton IS2011 with the uninstall tool and re-booted. I installed Nod32 and noticed that it was doing some housecleaning right after installation. I rebooted and noticed that I couldn't boot back into Windows. I used ctrl-alt-del and got the Task Manager running and typed in new task/explorer.exe to see if my task bar would come back. It didn't but I did get an explorer.exe window, so I was able to look at the Nod quarantine and it had taken my explorer.exe/shell loader and put it into quarantine and I'm guessing that is why I was not getting my taskbar and main desktop. Can someone tell me what the solution is for cleaning this Trojan that has attacked the explorer.exe/shell loader without putting it in quarantine. I'm running windows 7 HP x32 on this Acer 5100. What I don't understand is why Nod32 would clean this in such a way as to not be able to boot into Windows.

 

[Super Sarge]

[h=6]I wonder if it is false Positive, remove it from quarantine, then run an online AV to see if it is identified as a problem.[/h]

 

[MikeHawthorne]

Hi

I'm a big fan of Malwarebytes, run it and see if you really have malware.
I've yet to find a bug it can't remove and it has very low impact on system performance.

Link Removed - Invalid URL

I personally recommend using Microsoft Security Essentials instead of other antivirus programs.
I don't use anything except MSE and Malwarebytes anymore and I never have problems.

I really can't remember the last time I had any malware problems.

Mike

 

[julio99]

I also trust MBAM and I ran a scan with it when I was at breakfast and it came back clean. That PO'd me big time because I had to lose a month or so in System Restores. I'm going to try something and I'll get back to you.

 

[julio99]

Got a problem guys. I took out all the old antivirus stuff and scanned it with MBAM and nothing came up. I then installed the Security Suite from F-Secure as my ISP gives it to us for free if our Internet pkg. is costly enough. After installation it also found the Trojan and I'm just waiting for this update to finish and then restart and if it won't boot I think I'm in trouble. It's strange that 2 companies found the same Trojan, but MBAM didn't. It's usually the top for finding these things, but then again 2 FP's. I find that hard to believe too. It seems as though F-Secure cleaned the Trojan without killing the boot proccess. I guess I owe those Finns big time for putting out a decent security service. I like Nod32 AV but it sucked as far as this cleaning process went. I know these people that write the code for these AV suites and such have to know that people get Malware in their Shell Loader and MBR and Explorer.exe, so with that being said they'd have to figure a way to clean these things without killing the boot process in the meantime. Am I asking too much or wanting too much for this AV to work properly? F-Secure seemed to do a pretty good job without me having to re-format. Maybe I'm going to have to re-look and re-evaluate the security on my big laptop. Thanks fo ryour help guys and if you feel like commenting on my rant, by all means, go ahead.

 

[Elmer]

I've always (well, for a long time) used Eset 4, Couldn't possibly comment on Eset 5, but I'm sure that Eset would be keen to hear of your problems. I'm trialling Eset 5 at the moment and you're making me think to revert back to 4 a.s.a.p!

Do you possibly have a name of the trojan?

Just for info, I deal a lot with issues in the bsod forums and I can't recall where F-Secure has been blamed or mentioned as a cause, so that's a good start!

 

[julio99]

I'm just happy F-Secure cleaned this w/o taking explorer.exe Shell Loader with it. I went to F-Secure quarantine to look for the name, and F-Secure just classifies it as a variant of (Trojan:W32Generic). ESET Nod32 AV5 called it something with 4 letters starting with an M, but they both came from the same spot, so it had to be the same one. The companies just use different names which bothers me a little, but what can you do. Trojans steal info.If I find the exact name I will clue you in. I do run ESET Nod 32AV5 on my big laptop and I like it. So far that is. If I was you I wouldn't go back to 4. I've used 5 since it's been out and no probs yet.

 

[Saltgrass]

I have downloaded and installed Nod32 v.5.0.94.0. So far I have not see what you describe. I did not, however, have an install of a previous anti-virus except for Windows Defender, which I turned off.

Could it be that Norton had effected your install so as to make it look infected? I am assuming you had no previous encounters with a virus.

If explorer.exe has been changed or compromised in some way, perhaps a system file check, which can be run from the recovery environment, if necessary,might replace it.

 

[julio99]

I have downloaded and installed Nod32 v.5.0.94.0. So far I have not see what you describe. I did not, however, have an install of a previous anti-virus except for Windows Defender, which I turned off.

Could it be that Norton had effected your install so as to make it look infected? I am assuming you had no previous encounters with a virus.

If explorer.exe has been changed or compromised in some way, perhaps a system file check, which can be run from the recovery environment, if necessary,might replace it.

I still have Nod32 AV5 running on my other laptop. I was installing it on my small one and Nod did what it was supposed to do. It found an infected file and removed it to quarantine. The only problem was that the file was explorer.exe/Shell Loader in the System 32 folder and w/o that you really can't boot. Reall nothing to do with Nod32 AV5. I like that AV. It's relatively fast and it finds malware pretty good. I had to find some different workarounds to get my little Acer running back to snuff. All is good now. By the way. I had no AV left anywhere as when I un installed Norton IS 2011 I did it with their special tool, so it was gone. Thanks for the help and I guess this thread can be closed by the Moderator if he chooses to do so.