When i open a spacific folder, windows explorer crashes. more info inside

Started by Geowil, December 28, 2006, 06:00:24 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Geowil

December 28, 2006, 06:00:24 PM
every time i click on a folder to open it windows explorer crashes.  now the first thingi thught was a virus.  so i ran norton av/avg/avast (had avast, then uninstalled it and installed avg, which i uninstalled then installed norton in case you were wondering) which all promptly crashed upon scanning the said folder with out any error messages.  Norton did have an error log, said that norton failed to initialize the virus database, but if i take that folder out of the scan list, they all work fine.

I have tried many different things to get rid of that folder:

1. tried deleting it from the command prompt.  didnt work
2. virus and spyware scanners crashed when scanning the folder
3. tried deleting the root folder of the problem folder.  no go either
4. tried deleting the file (got into it ONCE). and it of course crashed win explorer
5. turned on safe mode and tried the previous things.  all still happened the same
6. stop windows explorer and tried to delete the folder from the command prompt. didnt work either
7. tried some file deleter programs.  they crashed also.
8. turned off the media / image preview from the cli.  didnt stop the crashing

pretty much out of ideas here.  if anyone can offer me a solution i would be greatful.

ALSO, norton windoctor is crashing on me after it starts scanning for solutions (system works 2003 version).

GR@PH;<'S

#1
December 28, 2006, 09:46:27 PM
Geowil,
Is it any folder or one you have recently installed on your PC (IE:New to you)
if it is you do not need this folder or the contents of it and you have the administrations rights to delete such folders then may I suggest you try running your PC in safe mode see How to start the computer in Safe mode
Safe mode is the Windows diagnostics mode. When you start the computer in Safe mode, only the specific components that are needed to run the operating system are loaded. Safe mode does not allow some functions, such as connection to the Internet. It also loads a standard video driver at a low resolution; therefore, your programs and the Windows desktop may look different than usual, In addition, the desktop icons may have moved to different locations on the desktop.
But you will or should be allowed to remove the folder and its contents while in Safe mode.

GR@PH;<'S   :Hammys pint:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

Geowil

#2
December 28, 2006, 10:53:22 PM
Quote5. turned on safe mode and tried the previous things.  all still happened the same

already tried that.  It caused safe mode to flash back to the "This computer is in safe mode blah blah blah" crap when you first access it when i tried to delete it.  and the folder in question is new. and i am the admin on my comp.

Assarbad

#3
December 28, 2006, 10:59:45 PM
Hi Geowil,

do you have Bart PE or any other bootable CD available? If so, please use it to boot and copy the whole directory %SystemRoot%\System32\config from the system you suspect is infected into a safe location. I'll follow up with detailed instructions if you have done that.
Oliver (working at FRISK but posting here as a private person!)

Clogged disks on Windows? Check out: WinDirStat

Eric the Red

#4
December 28, 2006, 11:04:47 PM
Geowil.

I note that you have not specified which operating system that you are running. Please would you supply that detail.

Thanks.
"The time to start running is around about the "e" in "Hey, you!" "

Geowil

#5
December 28, 2006, 11:38:50 PM
ah, windows xp home edition sp2.

and i just did that Assarbad

Assarbad

#6
December 29, 2006, 12:06:29 AM
Great, now please do me the favor of doing this on a clean system!

  • Start REGEDIT
  • Go to HKEY_LOCAL_MACHINE and mark that key in the left pane
  • Choose File -> Load Hive -> choose the SYSTEM file you saved (from .\config). Choose ANY name that does not yet exist under HKLM
  • For the sake of brevity I assume the key under which you mounted the hive has the name FOO
  • Go to HKEY_LOCAL_MACHINE\FOO\ControlSet001 (and remember this step for any existing key until 999)
  • There in the left pane click the subkey Services and choose "Export" to save it into a file.
  • Repeat the previous step for subkey Control
  • Repeat the previous three steps for any (existing!) key from ControlSet001 to ControlSet999 ...

Finally send me the exported files in a ZIP, please. I'll have a look. The booting from CD is required to rule out any rootkit being resident while you do all these steps.

My email address is assarbad att GMX doot net ...
Oliver (working at FRISK but posting here as a private person!)

Clogged disks on Windows? Check out: WinDirStat

Corrine

#7
December 29, 2006, 04:03:18 PM
Thanks, Oliver!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Assarbad

#8
December 29, 2006, 04:23:05 PM
Don't thank me too early, I haven't received the mail yet ;)
Oliver (working at FRISK but posting here as a private person!)

Clogged disks on Windows? Check out: WinDirStat
Print
Go Up Pages1
User actions