Explorer.exe and drts32.exe error messages
Closed
Joe
-
Dec 13, 2010 at 07:50 AM
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020 - Jan 9, 2011 at 08:38 AM
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020 - Jan 9, 2011 at 08:38 AM
Related:
- Explorer.exe and drts32.exe error messages
- Psiphon3.exe - Download - VPN
- Need for speed most wanted exe - Download - Racing
- Kmspico exe - Download - Other
- Google meet exe - Download - Video calls
- Network error occurred - Guide
14 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Dec 22, 2010 at 06:13 AM
Dec 22, 2010 at 06:13 AM
Hello Joe,
If you don't mind, lets see if you have a virus:
Open this link and download ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Register the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the "Options" (Screwdriver icon). Select the following options
[] Redirection of the file HOSTS
[] Last modified or created user files.
[] Crack & Keygen files.
Now click on OK
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
Catch you and, if any, the viruses later
If you don't mind, lets see if you have a virus:
Open this link and download ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Register the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the "Options" (Screwdriver icon). Select the following options
[] Redirection of the file HOSTS
[] Last modified or created user files.
[] Crack & Keygen files.
Now click on OK
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
Catch you and, if any, the viruses later
Thanks for the tip Ambucias but the thing is, I forgot to mention that, once I get those damned error messages the computer freezes and I can only get the Task Manager by pressing Ctrl+Alt+Suppr or the command function by clicking Start and then Run.
Other than that, I'm stuck, I can't even launch my browser to download an antivirus and scan the drive (I'm posting on this forum from a friend's laptop by the way).
I tried booting in "Safe mode with command" (rough translation from French), I got this DOS window with a black background, I typed "format C:", got some warning about deleting everything, typed "Y" for "YES", another warning saying that some "process" was still on and had to be forced down in order to format the drive, typed "Y" again, and a last message saying that this "process" couldn't be forced down and that therefore the drive couldn't be formatted.
What else can I do ? When I reach the Task Manager I can see this mysterious "process", "drts32.exe", but I can't stop it. I'm stuck. I'm starting to think that I'm one of the lucky guys who got first some kind of new vicious virus that even stops you from formatting your drive.
Other than that, I'm stuck, I can't even launch my browser to download an antivirus and scan the drive (I'm posting on this forum from a friend's laptop by the way).
I tried booting in "Safe mode with command" (rough translation from French), I got this DOS window with a black background, I typed "format C:", got some warning about deleting everything, typed "Y" for "YES", another warning saying that some "process" was still on and had to be forced down in order to format the drive, typed "Y" again, and a last message saying that this "process" couldn't be forced down and that therefore the drive couldn't be formatted.
What else can I do ? When I reach the Task Manager I can see this mysterious "process", "drts32.exe", but I can't stop it. I'm stuck. I'm starting to think that I'm one of the lucky guys who got first some kind of new vicious virus that even stops you from formatting your drive.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Dec 22, 2010 at 06:41 AM
Dec 22, 2010 at 06:41 AM
Can you boot in safe mode with networking (accès reseau) by tapping F8 repeatedly when booting. This should give you access to your IE for download.
Please avoid doing anything with your DOS for the time being.
Please avoid doing anything with your DOS for the time being.
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Dec 22, 2010 at 07:08 AM
Dec 22, 2010 at 07:08 AM
If you can command prompt
Try sfc/scannow
Try sfc/scannow
Can't launch IE, even in safe mode with network access. I get the error messages and then Windows freezes.
Tried your command prompt sfc/scannow, it says "Windows files protection couldn't analyze protected system files. Error code: 0x000006ba (RPC server is unavailable)."
Tried your command prompt sfc/scannow, it says "Windows files protection couldn't analyze protected system files. Error code: 0x000006ba (RPC server is unavailable)."
nelex
Posts
2
Registration date
Wednesday December 22, 2010
Status
Member
Last seen
December 22, 2010
5
Dec 22, 2010 at 08:57 AM
Dec 22, 2010 at 08:57 AM
drts32.exe
Status: Malware Malware
Description: Malware.Generic (Heuristic)
Download Kaspersy Internet Security 2011 trial FROM KASPERSKY WEBSITE
and update.
Boot in safe mode and scan your pc prefrme recomandet action (DELETE)
Reboot Your PC...
ALWAYS USE KASPERSKY INTERNET SECURITY IT'S THE BEST ANTIVIRUS.
Status: Malware Malware
Description: Malware.Generic (Heuristic)
Download Kaspersy Internet Security 2011 trial FROM KASPERSKY WEBSITE
and update.
Boot in safe mode and scan your pc prefrme recomandet action (DELETE)
Reboot Your PC...
ALWAYS USE KASPERSKY INTERNET SECURITY IT'S THE BEST ANTIVIRUS.
Thanks Nelex, you helped me to identify the problem, but not to solve it.
Even in safe mode, I can't launch an antivirus, whether it's Kaspersky or another one, or any other kind of software. I get those error messages and then I'm stuck. Windows freezes. All I can do is reach the task manager. I thought I could run commands but it seems even this is out of reach now.
Even in safe mode, I can't launch an antivirus, whether it's Kaspersky or another one, or any other kind of software. I get those error messages and then I'm stuck. Windows freezes. All I can do is reach the task manager. I thought I could run commands but it seems even this is out of reach now.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Dec 22, 2010 at 04:20 PM
Dec 22, 2010 at 04:20 PM
Joe
Again please go to command prompt and type chkdsk than click okay
Let me know
Again please go to command prompt and type chkdsk than click okay
Let me know
Tried your CHKDSK command Ambucias. Here's what I got :
"NTFS file system.
Warning ! Setting F was not specified.
Executing CHKDSK in safe mode.
CHKDSK is checking files. <step 1 of 3>...
File check is over.
CHKDSK is checking indexes <step 2 of 3>...
Index check is over.
CHKDSK is checking security descriptors <step 3 of 3>...
Security descriptor check is over.
CHKDSK is checking USN journal...
USN journal check is over.
97675168 KB total disk space.
17805404 KB in 68271 files.
24124 KB in 8290 indexes.
0 KB in bad sectors.
251160 KB used by system.
65536 KB occupied by journal file.
79594480 KB available on disk.
4096 bytes in each allocation unit.
24418792 total allocation units on disk.
19898620 allocation units available on disk."
And that's it. Does this give you any hint ? Because it sure doesn't to me.
"NTFS file system.
Warning ! Setting F was not specified.
Executing CHKDSK in safe mode.
CHKDSK is checking files. <step 1 of 3>...
File check is over.
CHKDSK is checking indexes <step 2 of 3>...
Index check is over.
CHKDSK is checking security descriptors <step 3 of 3>...
Security descriptor check is over.
CHKDSK is checking USN journal...
USN journal check is over.
97675168 KB total disk space.
17805404 KB in 68271 files.
24124 KB in 8290 indexes.
0 KB in bad sectors.
251160 KB used by system.
65536 KB occupied by journal file.
79594480 KB available on disk.
4096 bytes in each allocation unit.
24418792 total allocation units on disk.
19898620 allocation units available on disk."
And that's it. Does this give you any hint ? Because it sure doesn't to me.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,163
Dec 23, 2010 at 05:02 AM
Dec 23, 2010 at 05:02 AM
Hello Joe,
I will seek a second opinion on this, two heads are better than one.
Please standby for jack4all, he is a very good friend, partner and cyber wizzard, at his age 93 going on 94 next month, he is very wise.
I will seek a second opinion on this, two heads are better than one.
Please standby for jack4all, he is a very good friend, partner and cyber wizzard, at his age 93 going on 94 next month, he is very wise.
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Dec 23, 2010 at 06:34 AM
Dec 23, 2010 at 06:34 AM
Hello,
First thanks to "Ambucias"
Try this 1
1) Boot with "Safe Mode with Command Prompt"
2) Enter the command regedt32 and press Enter.
"Registry Editor" will be opened. Backup your registry by going to
File --> Export --> Save the file with any name.
At the left side, navigate to the following locations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
In "CurrentVersion" check Run & RunOnce look for suspicious entries at the right
side and delete it.
Navigate to the following location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
In "CurrentVersion" check Run, RunOnce & RunOnceEx look for suspicious entries
in the right side and delete it.
If you are not sure which entry is seems to be suspicious then look at the
application that is using that entry in the Run. Under "Data" column you can get
an idea about that entry which is being used. Example
===== Name ======================= Data
SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java
update\jusched.exe"
If you look at the above example "SunJavaUpdateSched" is being used by Java
by looking at the entry name and by its location given in Data column.
After deleting the suspicious files, close the registry editor.
3) When you come back to the "Command Prompt" then enter the below
commands
3.1) cd\ and press Enter. Now your prompt changes to C:\>
3.2) cd windows and press Enter. Now your prompt changes to C:\Windows>
3.3) ren explorer.exe explorer1.exe and press Enter
3.4) cd system32\dllcache and press Enter. Now the prompt changes to
C:\WINDOWS\system32\dllcache>
3.5) copy explorer.exe c:\windows and press Enter
3.6) Now restart your PC by entering the command shutdown -r and press
Enter OR hold the Ctrl & Alt key and press "Del" key --> Logon window will
appears and you can find the option "Shutdown", click on it and select the
option "Restart" from the drop-down menu and Click on OK
Good Luck
First thanks to "Ambucias"
Try this 1
1) Boot with "Safe Mode with Command Prompt"
2) Enter the command regedt32 and press Enter.
"Registry Editor" will be opened. Backup your registry by going to
File --> Export --> Save the file with any name.
At the left side, navigate to the following locations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
In "CurrentVersion" check Run & RunOnce look for suspicious entries at the right
side and delete it.
Navigate to the following location
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
In "CurrentVersion" check Run, RunOnce & RunOnceEx look for suspicious entries
in the right side and delete it.
If you are not sure which entry is seems to be suspicious then look at the
application that is using that entry in the Run. Under "Data" column you can get
an idea about that entry which is being used. Example
===== Name ======================= Data
SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java
update\jusched.exe"
If you look at the above example "SunJavaUpdateSched" is being used by Java
by looking at the entry name and by its location given in Data column.
After deleting the suspicious files, close the registry editor.
3) When you come back to the "Command Prompt" then enter the below
commands
3.1) cd\ and press Enter. Now your prompt changes to C:\>
3.2) cd windows and press Enter. Now your prompt changes to C:\Windows>
3.3) ren explorer.exe explorer1.exe and press Enter
3.4) cd system32\dllcache and press Enter. Now the prompt changes to
C:\WINDOWS\system32\dllcache>
3.5) copy explorer.exe c:\windows and press Enter
3.6) Now restart your PC by entering the command shutdown -r and press
Enter OR hold the Ctrl & Alt key and press "Del" key --> Logon window will
appears and you can find the option "Shutdown", click on it and select the
option "Restart" from the drop-down menu and Click on OK
Good Luck
As soon as I tried to backup the registry the registry editor crashed as following : "Regedit.exe has generated an error and will be shut down..." And then I'm stuck again.
By the way, I made a mistake, the two first error messages I had were about explorer.exe and drwtsn32.exe, not drts32.exe as I had previously written.
Jack4all, should I try your way without backing up the registry before ?
By the way, I made a mistake, the two first error messages I had were about explorer.exe and drwtsn32.exe, not drts32.exe as I had previously written.
Jack4all, should I try your way without backing up the registry before ?
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Dec 23, 2010 at 07:45 AM
Dec 23, 2010 at 07:45 AM
Hello,
Yes, look for the suspicious entries in the registry and follow the step 3
Good Luck.
Yes, look for the suspicious entries in the registry and follow the step 3
Good Luck.
To Jack, who kindly spends some of his time on my problem :
I got as far as step 3.3, but when I typed "ren explorer.exe explorer1.exe" and then pressed Enter, as you told me, it read "Specified file can't be found."
Besides, I deleted two suspicious files in the registry but I'm not sure I deleted the right ones. Should I google each and everyone of them until I know which ones are ok and which aren't? (hear the the despair in my voice ?? :-))
I got as far as step 3.3, but when I typed "ren explorer.exe explorer1.exe" and then pressed Enter, as you told me, it read "Specified file can't be found."
Besides, I deleted two suspicious files in the registry but I'm not sure I deleted the right ones. Should I google each and everyone of them until I know which ones are ok and which aren't? (hear the the despair in my voice ?? :-))
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Dec 23, 2010 at 08:39 AM
Dec 23, 2010 at 08:39 AM
Hello,
Try this 1
If the step (3.3) says file not found, go to the next steps.
Good Luck
Try this 1
If the step (3.3) says file not found, go to the next steps.
Good Luck
Already did that, and then got stuck at step 3.5 with another "Specified file can't be found." This is pointless, thanks for trying to help but I'm no computer geek (as you probably already understood...), I don't think I'll be able to fix this myself even with very good advice. I need to physically bring this computer to someone who's good at this. Thank you anyways, I'll let you know if anything new comes up.
jack4rall
Posts
6428
Registration date
Sunday June 6, 2010
Status
Moderator
Last seen
July 16, 2020
Dec 23, 2010 at 08:58 AM
Dec 23, 2010 at 08:58 AM
Hello,
If have a another PC then copy the explorer.exe file from the location C:\WINDOWS\system32\dllcache in your pen drive --> then plug it in your computer --> since you are able to open task manager then click on File --> New task --> Click on "Browse" button --> then go to your pen drive
location --> Copy that file and paste that file in the location C:\WINDOWS\system32\dllcache and
also in C:\windows>
After pasting the file in above two locations, select the file explorer.exe from the location C:\Windows> --> Click on "Open" --> Click on "OK" button
Good Luck
If have a another PC then copy the explorer.exe file from the location C:\WINDOWS\system32\dllcache in your pen drive --> then plug it in your computer --> since you are able to open task manager then click on File --> New task --> Click on "Browse" button --> then go to your pen drive
location --> Copy that file and paste that file in the location C:\WINDOWS\system32\dllcache and
also in C:\windows>
After pasting the file in above two locations, select the file explorer.exe from the location C:\Windows> --> Click on "Open" --> Click on "OK" button
Good Luck
Dec 22, 2010 at 06:09 AM