When I logged in a few days ago, there was no desktop and the screen was entirely black, with just the cursor visible. I opened task manager and no applications were running, so I tried to run explorer.exe and got the error message:
C:\Windows\explorer.exe
Operation did not complete successfully because the file contains a virus.
After this I did a boot scan and it informed me that explorer.exe was infected with Win32:dropper-gen [Drp]
I’ve tried several different antivirus software to try to fix this problem. I’ve also done a system restore to a point earlier in the week (before I had this problem), but ultimately I’ve had to come here as my efforts have had no effect.
The odd thing about this message is that it doesn’t always appear. When the message appears (and the desktop does not show up), restarting the computer seems to magically fix the symptoms.
It is possible could you let me know what file Avast has put in the virus chest. Also right click that file and select scan, does it still report it as infected
Since I did a system restore to a point before I got the message (and therefore before I did the boot scan), I’m not certain that the virus chest would still contain the item. I’ll do another boot scan right now to make sure, so my next reply may take a while.
The items currently in the chest are:
cleanup.bat (BV:KillAV-EC [Trj])
FileSYstem_Steam.dll (no virus)
Unconfirmed 962796.crdownload (Win32:InstalleRex-BH [PUP])
vtex.exe (no virus)
Ok, I have finally completed the boot scan. No items were moved to the chest, however the detailed report of the boot scan reports the following items with Win32:Dropper-gen [Drp]:
I don’t think any of these are to do with the explorer.exe trojan report. The only one that could be linked to it by date would be cleanup.bat:
cleanup.bat was transferred on 08/03/2014
FileSystem_Steam.dll was transferred on 05/08/2012
Unconfirmed 962796.crdownload was transferred on 14/02/2014
vtex.exe was transferred on 10/01/2014
I do.
The files which were to do with steam are apparently clean now.
I have no idea what the chrome download was, but it claims to be infected.
I don’t know where cleanup.bat came from.