Jump to content

Windows Explorer doesn't load on startup


Deders

Recommended Posts

I recently installed and ran the trial version of Malwarebytes.  It found this in the registry, but now when I restart, Windows Explorer doesn't load (Win10).

I get a blank screen with a command box, I have to manually type Explorer to get into windows.

Is this a false positive?
Does windows 10 normally load the explorer via the command prompt?
If so, how do I add the explorer command back to get it to load automatically?

I've looked in MSConfig, it tells me to go to the task manager to manage startup programs, but I can't see where to add a new one.  Should i do it via the registry?

Malwarbytes.png

Link to post
Share on other sites

The issue seems to have been resolved, I have done system file checks a couple of ways.  The windows one via the command prompt didn't seem to fix it, even after downloading the latest info from micorsoft.  I the ran one using Glary Utils.  not sure if that's what fixed it, but it is back to normal.

Link to post
Share on other sites

Ok fixed it.  The part I needed to do is underlined, but I left the rest in in case it is useful.  My Shell entry said "%comspec%"

From this site:

Here is a new trick of malware, booting only to the command prompt. Since malicious software changes daily to stay ahead of antivirus programs it has a one-day window to cause havoc. Further, the black hats are always two-steps ahead. They probably know Windows better than the programmers at Microsoft do. This new trick is to boot into a command prompt and not load the explorer.exe file. Most programs that start when you boot are loaded only when the explorer.exe file does. Many antivirus real-time scanners and update procedures are only loaded when explorer.exe is. By preventing that file to open, the antivirus does not update. If the antivirus does not update, it does not know about the new malware on the computer.

The fix is simple enough. You will first need to remove the file that starts the malware. Try safe mode first. Although a new trick of some malware is to cause the computer to immediately reboot when starting in safe mode so you may need to use the Windows Vista/7/8 DVD to manually remove the file in the places malware like to hide.

Once the malware is removed, open the registry editor: regedit.exe. Navigate to the registry hive HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon. Look for the keys shell and ParseAutoexec. The ParseAutoexec key is probably set to 1, that is the default value. You might want to change it to 0 so that the autoexec.bat is not run by default. If you see the shell key, you should either delete it or change the value to explorer.exe. If the shell key is absent, Windows defaults to global entry. Next, check the global entry by navigating to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon hive and make sure the shell key’s value is explorer.exe.

After that, in the command prompt run the explorer.exe file and then do a malware scan to clean out any remnant files.

Edited by Deders
Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.