Explorer.exe and drts32.exe error messages

Closed
Joe - Dec 13, 2010 at 07:50 AM
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
- Jan 9, 2011 at 08:38 AM
Hi everyone,

I'm having this recurrent issue with a pc running on XP.

Just a few seconds after I boot I get this error message "Explorer.exe has closed..." that asks me to send an error report, I click "no", and then get the same kind of error message with drts32.exe this time. Every time I click "no" all my desktop's icons just flash out for a second and then reappear.

I tried this command I read about on other forums, regsvr32 -u shmedia.dll, supposedly to fix some video file issue, and it said it was successful but didn't actually fix anything.

I also tried using my XP cd to format the whole drive but I can't, even if I set the CD drive to boot first all I get is the desktop again and those same error messages that drive me crazy. Whenever I try "mode without failure" and launch the XP cd, again, "Explorer.exe has to close..." and the setup window doesn't appear.

What can I do ? It's the first time my computer is infected with a virus or some other malware that even stops it from being formated. If someone ever had the same issue and managed to fix it I'd be very grateful to know how. Thanks.

14 replies

because someone has played in your windows option so try to format it
0
Thanks for trying to help Splinx, but did you even read my post ? I tried to format, but I can't !! I know my English is not great but I thought I made myself clear...
0
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,257
Dec 22, 2010 at 06:13 AM
Hello Joe,

If you don't mind, lets see if you have a virus:

Open this link and download ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


Register the file on your Desktop.

Double click on ZHPDiag.exe and follow the instructions.

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).

Double click on the short cut ZHPDiag on your Destktop.

Click on the "Options" (Screwdriver icon). Select the following options

[] Redirection of the file HOSTS
[] Last modified or created user files.
[] Crack & Keygen files.

Now click on OK

Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

Close ZHPDiag.


To transmit the report, click on this link :

https://authentification.site

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).

Select the file ZHPDiag.txt.

Click on "upload »

Copy the url and post it here

Catch you and, if any, the viruses later
0
Thanks for the tip Ambucias but the thing is, I forgot to mention that, once I get those damned error messages the computer freezes and I can only get the Task Manager by pressing Ctrl+Alt+Suppr or the command function by clicking Start and then Run.

Other than that, I'm stuck, I can't even launch my browser to download an antivirus and scan the drive (I'm posting on this forum from a friend's laptop by the way).

I tried booting in "Safe mode with command" (rough translation from French), I got this DOS window with a black background, I typed "format C:", got some warning about deleting everything, typed "Y" for "YES", another warning saying that some "process" was still on and had to be forced down in order to format the drive, typed "Y" again, and a last message saying that this "process" couldn't be forced down and that therefore the drive couldn't be formatted.

What else can I do ? When I reach the Task Manager I can see this mysterious "process", "drts32.exe", but I can't stop it. I'm stuck. I'm starting to think that I'm one of the lucky guys who got first some kind of new vicious virus that even stops you from formatting your drive.
0
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,257
Dec 22, 2010 at 06:41 AM
Can you boot in safe mode with networking (accès reseau) by tapping F8 repeatedly when booting. This should give you access to your IE for download.

Please avoid doing anything with your DOS for the time being.
0

Didn't find the answer you are looking for?

Ask a question
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,257
Dec 22, 2010 at 07:08 AM
If you can command prompt

Try sfc/scannow
0
Can't launch IE, even in safe mode with network access. I get the error messages and then Windows freezes.

Tried your command prompt sfc/scannow, it says "Windows files protection couldn't analyze protected system files. Error code: 0x000006ba (RPC server is unavailable)."
0
nelex
Posts
2
Registration date
Wednesday December 22, 2010
Status
Member
Last seen
December 22, 2010
5
Dec 22, 2010 at 08:57 AM
drts32.exe
Status: Malware Malware
Description: Malware.Generic (Heuristic)

Download Kaspersy Internet Security 2011 trial FROM KASPERSKY WEBSITE
and update.
Boot in safe mode and scan your pc prefrme recomandet action (DELETE)
Reboot Your PC...
ALWAYS USE KASPERSKY INTERNET SECURITY IT'S THE BEST ANTIVIRUS.
0
Thanks Nelex, you helped me to identify the problem, but not to solve it.

Even in safe mode, I can't launch an antivirus, whether it's Kaspersky or another one, or any other kind of software. I get those error messages and then I'm stuck. Windows freezes. All I can do is reach the task manager. I thought I could run commands but it seems even this is out of reach now.
0
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,257
Dec 22, 2010 at 04:20 PM
Joe

Again please go to command prompt and type chkdsk than click okay

Let me know
0
Tried your CHKDSK command Ambucias. Here's what I got :

"NTFS file system.

Warning ! Setting F was not specified.
Executing CHKDSK in safe mode.

CHKDSK is checking files. <step 1 of 3>...
File check is over.
CHKDSK is checking indexes <step 2 of 3>...
Index check is over.
CHKDSK is checking security descriptors <step 3 of 3>...
Security descriptor check is over.
CHKDSK is checking USN journal...
USN journal check is over.

97675168 KB total disk space.
17805404 KB in 68271 files.
24124 KB in 8290 indexes.
0 KB in bad sectors.
251160 KB used by system.
65536 KB occupied by journal file.
79594480 KB available on disk.

4096 bytes in each allocation unit.
24418792 total allocation units on disk.
19898620 allocation units available on disk."

And that's it. Does this give you any hint ? Because it sure doesn't to me.
0
Ambucias
Posts
47360
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
September 1, 2021
11,257
Dec 23, 2010 at 05:02 AM
Hello Joe,

I will seek a second opinion on this, two heads are better than one.

Please standby for jack4all, he is a very good friend, partner and cyber wizzard, at his age 93 going on 94 next month, he is very wise.
0
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Dec 23, 2010 at 06:34 AM
Hello,

First thanks to "Ambucias"

Try this 1

1) Boot with "Safe Mode with Command Prompt"

2) Enter the command regedt32 and press Enter.

"Registry Editor" will be opened. Backup your registry by going to

File --> Export --> Save the file with any name.

At the left side, navigate to the following locations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

In "CurrentVersion" check Run & RunOnce look for suspicious entries at the right

side and delete it.

Navigate to the following location

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\

In "CurrentVersion" check Run, RunOnce & RunOnceEx look for suspicious entries

in the right side and delete it.

If you are not sure which entry is seems to be suspicious then look at the

application that is using that entry in the Run. Under "Data" column you can get

an idea about that entry which is being used. Example

===== Name ======================= Data

SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java
update\jusched.exe"

If you look at the above example "SunJavaUpdateSched" is being used by Java

by looking at the entry name and by its location given in Data column.

After deleting the suspicious files, close the registry editor.

3) When you come back to the "Command Prompt" then enter the below

commands

3.1) cd\ and press Enter. Now your prompt changes to C:\>

3.2) cd windows and press Enter. Now your prompt changes to C:\Windows>

3.3) ren explorer.exe explorer1.exe and press Enter

3.4) cd system32\dllcache and press Enter. Now the prompt changes to

C:\WINDOWS\system32\dllcache>

3.5) copy explorer.exe c:\windows and press Enter

3.6) Now restart your PC by entering the command shutdown -r and press

Enter OR hold the Ctrl & Alt key and press "Del" key --> Logon window will

appears and you can find the option "Shutdown", click on it and select the

option "Restart" from the drop-down menu and Click on OK

Good Luck
0
As soon as I tried to backup the registry the registry editor crashed as following : "Regedit.exe has generated an error and will be shut down..." And then I'm stuck again.

By the way, I made a mistake, the two first error messages I had were about explorer.exe and drwtsn32.exe, not drts32.exe as I had previously written.

Jack4all, should I try your way without backing up the registry before ?
0
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Dec 23, 2010 at 07:45 AM
Hello,
Yes, look for the suspicious entries in the registry and follow the step 3
Good Luck.
0
To Jack, who kindly spends some of his time on my problem :

I got as far as step 3.3, but when I typed "ren explorer.exe explorer1.exe" and then pressed Enter, as you told me, it read "Specified file can't be found."

Besides, I deleted two suspicious files in the registry but I'm not sure I deleted the right ones. Should I google each and everyone of them until I know which ones are ok and which aren't? (hear the the despair in my voice ?? :-))
0
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Dec 23, 2010 at 08:39 AM
Hello,
Try this 1
If the step (3.3) says file not found, go to the next steps.
Good Luck
0
Already did that, and then got stuck at step 3.5 with another "Specified file can't be found." This is pointless, thanks for trying to help but I'm no computer geek (as you probably already understood...), I don't think I'll be able to fix this myself even with very good advice. I need to physically bring this computer to someone who's good at this. Thank you anyways, I'll let you know if anything new comes up.
0
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020

Dec 23, 2010 at 08:58 AM
Hello,
If have a another PC then copy the explorer.exe file from the location C:\WINDOWS\system32\dllcache in your pen drive --> then plug it in your computer --> since you are able to open task manager then click on File --> New task --> Click on "Browse" button --> then go to your pen drive
location --> Copy that file and paste that file in the location C:\WINDOWS\system32\dllcache and
also in C:\windows>
After pasting the file in above two locations, select the file explorer.exe from the location C:\Windows> --> Click on "Open" --> Click on "OK" button
Good Luck
0
Actually I don't have another pc, right now I'm using a friend's MacBook, but thanks for the tip anyway.
0
When I browse the pendrive Task Manager crashes: "Tskmgr.exe has generated an error and will be shut down...". I'm done with this for today, really. Thanks.
0