(Windows XP) Replacing explorer.exe and getting it to work >.>

[SineCosine]

My PC recently got hit by a virus -____-
I don't know who the culprit (Who downloaded a virus) is, but it happened.

Anyways, one day, I turned my PC on and a few pop-up windows appeared telling me that winlogincrucial.exe was trying to access a protected file.

I thought, "Weird, definitely a virus -____-"
So, I tried to delete winlogincrucial.exe
Negative, the PC can't find it at all.

I, then, opened the task manager.
I couldn't find explorer.exe
Instead, explorer1.exe took its place

So, I closed explorer1.exe and ran it again via the task manager.
Oh, hohoho, winlogincrucial.exe sprang up again.

So, I figured the virus must have deleted my explorer.exe file and replaced it with explorer1.exe

I did the first thing that came to mind..
I deleted explorer1.exe and it's .pf file (recycle bin, it's still there, haven't cleared it)
And tried to re-install SP3 to get back explorer.exe

Well, it sort of worked.
01) winlogincrucial.exe no longer runs
02) My explorer.exe file is back

But these are the drawbacks and what I need to fix =/
01) explorer.exe does not run on start
02) When I run it manually via the task manager..
No Start Menu appears, no task bar shows up, no desktop, nothing.
03) Instead, a browser opens with the beginning directory: C:/Documents and Settings/User

So.. Yea.
How would I get explorer.exe to start working.. Before the virus hit.
I don't get how a re-install of SP3 didn't fix it, since this explorer.exe is clean

By the way, the version of explorer.exe I have with me now is 6.0.2900.5512 >.>

Any help will be appreciated

 

[seph ir oth]

Do you have a restore point you could back up to?

 

[Slapshot136]

have you tried booting off of a win xp disk and doing a system repair?

 

[SineCosine]

@Seph
Nope =x
I never enabled it, didn't think I would actually use it =/

@Slapshot
I lost my win xp disk a long, long, long time ago... =x

 

[GetTriggerUnit-]

Viruses must be launched by windows when you open your computer.

Check under regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\<herebe paths so program to launch> (check if there's something suspicious)

You can also check under msconfig.exe
Look on the tab Services and Starting(start?) you can check/uncheck applications that will start with windows.

 

[SineCosine]

Check under regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\<here be paths so program to launch> (check if there's something suspicious)

Checked long ago.
Nothing suspicious..
Except for the key that says to run winlogincrucial.exe >.>

However, deleting the key did not resolve the issue because explorer1.exe would write it again after every reboot =x
But I got rid of it already, nothing else suspicious in my registries that I know of xD

You can also check under msconfig.exe
Look on the tab Services and Starting(start?) you can check/uncheck applications that will start with windows.

That got explorer.exe to run, all right.
But I still get a browser and not my desktop with start menu.

I even created a .bat file to shut my PC down because there's no other safe way to do it (No access to start menu), haha.

 

[GetTriggerUnit-]

Well you probably need to pass some args to explorer.exe,
http://support.microsoft.com/kb/314853

It would probably be:

start explorer.exe /root,C:\Users\<name>\Desktop\

or

start explorer.exe /select,C:\Users\<name>\Desktop\

 

[SineCosine]

Both open up a file-browser.
It's just that 'root' will start out with the directory inside the folder defined.
While 'select' will start out with the parent directory of the folder defined (And it will select the folder >.>).

No Desktop still =x
I just tried /e and /n, nothing, too.

Also, I didn't notice a shutdown function on the task manager till today ._.

 

[13lade619]

get Autoruns (it's a program)

it's better than checking your RegEdit because it shows programs and dlls automatically so you dont have to search.).


run it, check everything for anything suspicious.
especially the startups.

 

[GetTriggerUnit-]

Reinstall xp

 

[SineCosine]

@13lade
Sweet..
Worked.
I can't believe I forgot about shell >.>
The shell key was set to explorer1.exe still -____-
So, because the file could not be found (Deleted), it didn't open anything =x

Well, everything works now, thanks!

@GTU
No waii
Me lost me CD T.T