Through out my job of being a computer technician I always seem to come across the famous Windows XP explorer.exe killer. You know the one. As soon as you log into your account, explorer.exe starts (you see the task bar, and all the icons) and just as suddenly you saw them, they disappear just like that. Then, out of no where they appear again, but to, disappointingly disappear again.
Most of the time it can be a nasty little bugger to get removed, and most anti-virus and anti-spyware software doesn’t remove or fix the problem. That is because the bug likes to hide using different techniques.
So today I wanted to share all the types of explorer.exe killers I have found, and how I fix the problem.
Before we begin:
I just want to say before I get started on letting you know how to fix this problem, is the trick to fixing this issue, has more to do with identifying which technique the bug is using, or if it even a bug at all. Explorer.exe can also start to do the same thing if an update didn’t take correctly. So, make sure that it wasn’t an update that killed off Explorer.exe first before assuming it’s a bug. If you think it was an update problem, I suggest reading this article.
The Killer Driver:
The first type of explorer.exe killer I find is simply a bug that installs a startup driver that kills that restarts the explorer.exe process any time it starts up. It is one of the easiest to spot, and is easy to fix. The first process is to find what drivers are being loaded, and which one it is that it is. What I recommend to do is to start up into safe mode (Reboot, hold F8, select Safe Mode). The reason we want to startup into safe mode is safe mode only starts the operating system with the minimum startup items, services, and drivers. So if we indeed do have a startup driver that is causing the issue, we should be able to login into Safe Mode and not have any explorer.exe problems.
First thing is to optimize the machine, so lets have you startup Msconfig. Go to Start > Run > Type in “msconfig” and hit enter.
In the window that appears choose the startup tab, and choose to disable all. Now go over the the “services” tab, and check the box to hide all non-microsoft services. Click “Apply” and hit “Ok”.
What we have done is cleaned out your startup and services, so if by chance the bug is one of those, we have stopped it from starting up, typically it isn’t going to do the trick, but will cover all our bases.
Now lets download a quick tool. Download link. This tool will allow us to see what drivers are currently loaded in Windows.
Reboot your system into Normal mode and run the program. Scroll through the list of drivers that are loaded, and see if you find any with any description or file type that is blank. If a driver has blank information, it may be the file we are looking for. Once you have found one, do a search for it, and delete the .sys file.
The .DLL File:
The majority of the time, this problem comes from a .DLL file. I would say about 90% of the machines I have worked on with this problem comes from a bad .dll file in hidden in the Windows or System32 directory. The technique I use to find the file we want to look for is a simple process as long as you have the right tools. First, we need a tool to help us watch system processes.
Go ahead and download Process Explorer. Process Explorer will allow you to watch system processes, and see what files, directories, etc they are calling for.
Once you have that up and running, make sure that you have the program running when explorer.exe is currently crashing and restarting. What you want to do is watch Process Explorer for the explorer.exe startup, and see if any other processes start up along side of it.
Typically what I see is explorer.exe starts up, then you have x process open up, and explorer.exe quits, and then x process quits. When x process starts up we want to hurry and take a look at what .dll files it is calling for. Once you have that info, go to the location of the file while being booted into a Live CD. and change the x.dll file to x.dll.bak. This way, if by changing the file messes up your system, you can go back and change it back to x.dll.
On the other hand, if it fixes the problem, you can go in and completely remove the file all together.
I know I didn’t get really to technical here and I apologize. If you have any questions or other techniques please leave a comment.
