Win32/Beavis.4350 destroyed explorer.exe

Discussion in 'malware problems & news' started by porty, Feb 25, 2005.

Thread Status:
Not open for further replies.
  1. porty

    porty Registered Member

    Sep 17, 2004
    Sorry if this is the wrong section - not sure where this bug fits in and there don't appear to be too many other posts about this vermin.

    Ran across a bug yesterday that I'd not seen before - Win32/Beavis.4350. It was proving EXTREMELY difficult to remove from my customer's ME machine but the situation got suddenly worse when I deleted explorer.exe from C:\Windows\System\SFP\Archive.

    On the next boot, a message said - 'Can't find explorer.exe - reinstall Windows'

    This was obviously hokum - explorer.exe was still where it was supposed to be, in C:\Windows (I was able to boot into Safe mode to find this out), so it appears this Beavis bug corrupts explorer.exe in such a way that Windows can't see it. It also follows that the version I deleted from the Archive folder must have been controlling the boot. Hmm..very tricky.

    So, my questions are these:
    1. Does anyone have any information on this bug? I don't think it's really new but there's not much on the net about fixes for this version - not as of yesterday, anyway.
    2. If push comes to shove, how can I replace explorer.exe with clean WinME version\s? I'm a tech but I don't deal much with ME these days - mainly XP with the occasional 98 case.

    However, on reflection, I don't know that simply replacing explorer.exe will be the whole answer, not as long as there's some other hidden file which will probably just infect a clean version.

    Comments would be appreciated.
    Last edited: Feb 25, 2005
  2. Don Pelotas

    Don Pelotas Registered Member

    Jun 29, 2004
Thread Status:
Not open for further replies.