Win32/Beavis.4350 destroyed explorer.exe

Discussion in 'malware problems & news' started by porty, Feb 25, 2005.

Thread Status:
Not open for further replies.
  1. porty

    porty Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    48
    Sorry if this is the wrong section - not sure where this bug fits in and there don't appear to be too many other posts about this vermin.

    Ran across a bug yesterday that I'd not seen before - Win32/Beavis.4350. It was proving EXTREMELY difficult to remove from my customer's ME machine but the situation got suddenly worse when I deleted explorer.exe from C:\Windows\System\SFP\Archive.

    On the next boot, a message said - 'Can't find explorer.exe - reinstall Windows'

    This was obviously hokum - explorer.exe was still where it was supposed to be, in C:\Windows (I was able to boot into Safe mode to find this out), so it appears this Beavis bug corrupts explorer.exe in such a way that Windows can't see it. It also follows that the version I deleted from the Archive folder must have been controlling the boot. Hmm..very tricky.

    So, my questions are these:
    1. Does anyone have any information on this bug? I don't think it's really new but there's not much on the net about fixes for this version - not as of yesterday, anyway.
    2. If push comes to shove, how can I replace explorer.exe with clean WinME version\s? I'm a tech but I don't deal much with ME these days - mainly XP with the occasional 98 case.

    However, on reflection, I don't know that simply replacing explorer.exe will be the whole answer, not as long as there's some other hidden file which will probably just infect a clean version.

    Comments would be appreciated.
    TX
     
    Last edited: Feb 25, 2005
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.