PC been under attack, now lost explorer.exe, expensive repair?

Dear All,


Hoping that someone may be able to advise as we seem to have a problem with our home PC and don't want to replace it or repair at great expense if not necessary!


Background : over the last week or so, we appear to have been under attack and our AVG anti-virus software has been picking up about 20 threats a day which we have been clearing down but keep coming back. Yesterday it got the better of it and upon switching on we had no programme icons or toolbar. Just the wallpaper.


Having checked on internet for solutions, found that explorer.exe was missing and made several attempts to reinsert this process. It would stay for about 5 secs and then disappear again. Have also tried in safe mode and this does not work.


The PC came with Windows 7 loaded and we do not have a repair / reinstallation disk.


A local independant PC repair man has quoted 250€ to fix it without guarantee of success whilst a new up to date machine with all accessories will set us back about 500€ at Darty or similar.


So, any idea as to whether it is worth repairing? Also, any opinion as to what the cause may have been and good advice so that we could avoid future similar problems?


Thanks in advance to all,


Danielle



Thanks Peter for all the advice. In the end, the OH decided to go ahead and get it fixed. To be fair, the service was quick and seems good, albeit expensive.

Hope it doesn't happen again, but will persuade further efforts to fix it ourselves if the worst happens!

Have a good day,

DR

In case you have an HP (or Compaq) machine, the magic recovery button is the F11 key, which has to be pressed repeatedly immediately after powering on the PC. This link from HP support gives details.

Danielle,

If you would let us know the make & model of the PC, it may help to find out what to press to get access to any 'recovery partition' that's on the hard disk (but separate from other stuff). This is sometimes, but not always, shown in the 'rubbish' that appears when you first switch on the PC. Unfortunately, there aren't really any standards for this, so different manufacturers do it their own ways.

Danielle, do take the trouble to check your backed-up drives for infections from time to time. Sometimes a file can be holding malware which won't start to do damage to your files immediately. Glad you are doing backups, however, most people don't bother. I am probably extreme, we have two backup drives and backup all filing and photos once a fortnight alternating between the two drives. We also have a standby laptop ready to take over if either of our main ones fail, and all files, photos, music, videos and emails are stored on an external drive as routine so it's easy to switch computers if we need to. Paranoid? me? You bet, I earned a very good living from computers which went wrong!

Hi Carl, can you elaborate how this is done, please? (the version for non-experts!)

My husband tried everything yesterday but couldn't get into the computer at all, even in safe mode.

Peter - he confirms that he followed the Restore process described in your link but didn't get the command prompt at the end of the list of drivers so couldn't go any further.

Danielle

GOOD GOD!!! 250€!!! (i'll have to start charging money for repairs, I normally do them for free)

In the interests of a refreshed/better/faster PC why not just reinstall windows? (missing disks are not really a problem)

Thanks both for that, I have a work laptop and USB sticks that I can bring home next week and try those.

Thankfully, we back up photos, music and important docs on external hard drive regularly so won't have lost much if can't recover data....

Danielle,

It may be that a very useful Windows Utility called 'System Restore' can fix this for you, and it needn't cost you a penny. I suggest you read the following discussion from a little while ago: Computer Scam Help (both pages). With a bit of luck, you could restore your system from before these attacks started happening. You might find that explorer.exe being missing poses something of a problem in accessing System Restore, so this link shows you how to run System Restore when you have very little access to anything.

If you get really stuck, add me as a friend and let me have your phone no. & I can maybe talk you through it on the 'phone.

BTW, you probably do have a re-install system on a 'hidden partition' on your hard disk, but I'd only go there if the System Restore doesn't do the trick.

PS: I feel a serious discussion about taking regular, cycled, backups is called for in the very near future!

Do you have a second machine which can connect to the internet, or can you use a neighbour's one? Do you have any USB sticks to hand? If so, try the following:

Navigate to www.malwarebytes.org and opt to download the free version. Save the download to the USB stick.

Also navigate to http://downloads.malwarebytes.org/file/chameleon and save this download to the USB stick.

(I can vouch for Malwarebytes, I used it when I led a support team and have used it on my own machines - once your machine is working you need to run a scan once or twice a month or when you suspect something may have invaded the computer.)

Put the USB stick in your problem computer and perform the installation. You are looking for a file called "mbam.exe".

If this won't work because of the infections, don't give up - find the chameleon help file on the stick and follow the instructions.

Here are further instructions from Malwarebytes' web page:

"There are several different methods to deploy, depending on what situation you are faced with.

The first method(s) are when you have access to your desktop and some functionality, the next method(s) are when you are unable to access the desktop and have no functionality.

Method A: If you have access to your desktop and some functionality:

  1. Download the Chameleon zip file from http://downloads.malwarebytes.org/file/chameleon and extract it to a folder on your desktop.
  2. Make certain that your PC is connected to the internet and then open the Chameleon folder.
  3. Double-click on the Chameleon help file and then follow the onscreen instructions to use it. Note: if the help file doesn’t open follow the steps here {insert link}
  4. If the Chameleon help file itself will not open, then double-click each file one by one until you find one that works, which will be indicated by a black DOS/command prompt window.
  5. Follow the onscreen instructions to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware (MBAM) for you.
  6. Once it has done this, it will attempt to update MBAM, click “OK” when it says that the database was updated successfully.
  7. MBAM will automatically open and perform a Quick scan.
  8. Upon completion of the scan, if anything has been detected, click on “Show Results”.
  9. Have MBAM remove any threats that are detected and click “Yes” if prompted to reboot your computer to allow the removal process to complete.
  10. After your computer restarts, open MBAM and perform one last Quick scan to verify that there are no remaining threats.

Method B: If the infection you are trying to remove will not allow you to download files on the infected computer, try the following method:

  1. Use another computer to download the Chameleon zip file from http://downloads.malwarebytes.org/file/chameleonand extract it to a USB stick.
  2. Transfer the USB stick to the infected computer.
  3. You may need to boot into SAFE MODE with networking in order to navigate to the USB stick and then try using Task Manager or your Internet browser to navigate to the USB stick.

How to boot to safe mode.

  1. Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu appears > arrow up to Safe Mode with networking from the list > press enter. (On some systems, this may be the F5 key, so try that if F8 doesn't work.)
  2. Login with your usual account."

If Windows has been damaged by the infection you may need to repair it but let's cross that bridge only when necessary.