Explorer.EXE Crash, Related to SHELL32.dll





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.



Context: Occurs commonly after opening Control Panel and clicking on an item



Event:



Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e


I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.



I am running Windows 7 Home Premium.



I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.



If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.



Thanks.










share|improve this question























  • Does it happen within Safe Mode?

    – Ramhound
    Jan 17 '16 at 2:35













  • You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.

    – Ramhound
    Jan 17 '16 at 2:43











  • If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to srv*c:symbols*http://msdl.microsoft.com/download/symbols, open the dump file and write analyze -v in the command line.

    – spherical_dog
    Jan 17 '16 at 2:48













  • Do a computer-wide search on *.dmp files and see if anything shows up.

    – spherical_dog
    Jan 17 '16 at 4:07











  • create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it

    – magicandre1981
    Jan 17 '16 at 6:31


















0















I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.



Context: Occurs commonly after opening Control Panel and clicking on an item



Event:



Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e


I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.



I am running Windows 7 Home Premium.



I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.



If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.



Thanks.










share|improve this question























  • Does it happen within Safe Mode?

    – Ramhound
    Jan 17 '16 at 2:35













  • You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.

    – Ramhound
    Jan 17 '16 at 2:43











  • If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to srv*c:symbols*http://msdl.microsoft.com/download/symbols, open the dump file and write analyze -v in the command line.

    – spherical_dog
    Jan 17 '16 at 2:48













  • Do a computer-wide search on *.dmp files and see if anything shows up.

    – spherical_dog
    Jan 17 '16 at 4:07











  • create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it

    – magicandre1981
    Jan 17 '16 at 6:31














0












0








0








I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.



Context: Occurs commonly after opening Control Panel and clicking on an item



Event:



Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e


I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.



I am running Windows 7 Home Premium.



I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.



If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.



Thanks.










share|improve this question














I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.



Context: Occurs commonly after opening Control Panel and clicking on an item



Event:



Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e


I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.



I am running Windows 7 Home Premium.



I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.



If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.



Thanks.







windows-7 shell windows-explorer crash shell32.dll






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 17 '16 at 2:28







user546172




















  • Does it happen within Safe Mode?

    – Ramhound
    Jan 17 '16 at 2:35













  • You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.

    – Ramhound
    Jan 17 '16 at 2:43











  • If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to srv*c:symbols*http://msdl.microsoft.com/download/symbols, open the dump file and write analyze -v in the command line.

    – spherical_dog
    Jan 17 '16 at 2:48













  • Do a computer-wide search on *.dmp files and see if anything shows up.

    – spherical_dog
    Jan 17 '16 at 4:07











  • create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it

    – magicandre1981
    Jan 17 '16 at 6:31



















  • Does it happen within Safe Mode?

    – Ramhound
    Jan 17 '16 at 2:35













  • You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.

    – Ramhound
    Jan 17 '16 at 2:43











  • If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to srv*c:symbols*http://msdl.microsoft.com/download/symbols, open the dump file and write analyze -v in the command line.

    – spherical_dog
    Jan 17 '16 at 2:48













  • Do a computer-wide search on *.dmp files and see if anything shows up.

    – spherical_dog
    Jan 17 '16 at 4:07











  • create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it

    – magicandre1981
    Jan 17 '16 at 6:31

















Does it happen within Safe Mode?

– Ramhound
Jan 17 '16 at 2:35







Does it happen within Safe Mode?

– Ramhound
Jan 17 '16 at 2:35















You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.

– Ramhound
Jan 17 '16 at 2:43





You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.

– Ramhound
Jan 17 '16 at 2:43













If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to srv*c:symbols*http://msdl.microsoft.com/download/symbols, open the dump file and write analyze -v in the command line.

– spherical_dog
Jan 17 '16 at 2:48







If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to srv*c:symbols*http://msdl.microsoft.com/download/symbols, open the dump file and write analyze -v in the command line.

– spherical_dog
Jan 17 '16 at 2:48















Do a computer-wide search on *.dmp files and see if anything shows up.

– spherical_dog
Jan 17 '16 at 4:07





Do a computer-wide search on *.dmp files and see if anything shows up.

– spherical_dog
Jan 17 '16 at 4:07













create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it

– magicandre1981
Jan 17 '16 at 6:31





create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it

– magicandre1981
Jan 17 '16 at 6:31










2 Answers
2






active

oldest

votes


















0














It may well be worth considering running the following in an administrator Command Prompt:



DISM /Online /Cleanup-image /Restorehealth
sfc /scannow


The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.



Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.



EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:



Official Download Page - Microsoft.com






share|improve this answer


























  • I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.

    – Sam3000
    Jan 17 '16 at 2:45













  • There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.

    – Sam3000
    Jan 17 '16 at 2:51











  • How strange, I have verified that command myself via copy and paste...

    – Sam3000
    Jan 17 '16 at 2:55











  • Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth

    – Sam3000
    Jan 17 '16 at 2:56











  • Okay, lets try the "/scanhealth" switch for now, let me know it's output

    – Sam3000
    Jan 17 '16 at 2:58



















0














It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.



Apply updates for your OS.



MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)



Toolbar Use After Free Vulnerability - CVE-2015-2515



A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.






share|improve this answer
























  • Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest

    – Setekh
    Jan 17 '16 at 3:58












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1027411%2fexplorer-exe-crash-related-to-shell32-dll%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown
























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














It may well be worth considering running the following in an administrator Command Prompt:



DISM /Online /Cleanup-image /Restorehealth
sfc /scannow


The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.



Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.



EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:



Official Download Page - Microsoft.com






share|improve this answer


























  • I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.

    – Sam3000
    Jan 17 '16 at 2:45













  • There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.

    – Sam3000
    Jan 17 '16 at 2:51











  • How strange, I have verified that command myself via copy and paste...

    – Sam3000
    Jan 17 '16 at 2:55











  • Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth

    – Sam3000
    Jan 17 '16 at 2:56











  • Okay, lets try the "/scanhealth" switch for now, let me know it's output

    – Sam3000
    Jan 17 '16 at 2:58
















0














It may well be worth considering running the following in an administrator Command Prompt:



DISM /Online /Cleanup-image /Restorehealth
sfc /scannow


The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.



Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.



EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:



Official Download Page - Microsoft.com






share|improve this answer


























  • I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.

    – Sam3000
    Jan 17 '16 at 2:45













  • There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.

    – Sam3000
    Jan 17 '16 at 2:51











  • How strange, I have verified that command myself via copy and paste...

    – Sam3000
    Jan 17 '16 at 2:55











  • Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth

    – Sam3000
    Jan 17 '16 at 2:56











  • Okay, lets try the "/scanhealth" switch for now, let me know it's output

    – Sam3000
    Jan 17 '16 at 2:58














0












0








0







It may well be worth considering running the following in an administrator Command Prompt:



DISM /Online /Cleanup-image /Restorehealth
sfc /scannow


The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.



Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.



EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:



Official Download Page - Microsoft.com






share|improve this answer















It may well be worth considering running the following in an administrator Command Prompt:



DISM /Online /Cleanup-image /Restorehealth
sfc /scannow


The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.



Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.



EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:



Official Download Page - Microsoft.com







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 17 '16 at 3:16

























answered Jan 17 '16 at 2:36









Sam3000Sam3000

2,40521023




2,40521023













  • I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.

    – Sam3000
    Jan 17 '16 at 2:45













  • There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.

    – Sam3000
    Jan 17 '16 at 2:51











  • How strange, I have verified that command myself via copy and paste...

    – Sam3000
    Jan 17 '16 at 2:55











  • Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth

    – Sam3000
    Jan 17 '16 at 2:56











  • Okay, lets try the "/scanhealth" switch for now, let me know it's output

    – Sam3000
    Jan 17 '16 at 2:58



















  • I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.

    – Sam3000
    Jan 17 '16 at 2:45













  • There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.

    – Sam3000
    Jan 17 '16 at 2:51











  • How strange, I have verified that command myself via copy and paste...

    – Sam3000
    Jan 17 '16 at 2:55











  • Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth

    – Sam3000
    Jan 17 '16 at 2:56











  • Okay, lets try the "/scanhealth" switch for now, let me know it's output

    – Sam3000
    Jan 17 '16 at 2:58

















I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.

– Sam3000
Jan 17 '16 at 2:45







I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.

– Sam3000
Jan 17 '16 at 2:45















There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.

– Sam3000
Jan 17 '16 at 2:51





There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.

– Sam3000
Jan 17 '16 at 2:51













How strange, I have verified that command myself via copy and paste...

– Sam3000
Jan 17 '16 at 2:55





How strange, I have verified that command myself via copy and paste...

– Sam3000
Jan 17 '16 at 2:55













Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth

– Sam3000
Jan 17 '16 at 2:56





Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth

– Sam3000
Jan 17 '16 at 2:56













Okay, lets try the "/scanhealth" switch for now, let me know it's output

– Sam3000
Jan 17 '16 at 2:58





Okay, lets try the "/scanhealth" switch for now, let me know it's output

– Sam3000
Jan 17 '16 at 2:58













0














It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.



Apply updates for your OS.



MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)



Toolbar Use After Free Vulnerability - CVE-2015-2515



A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.






share|improve this answer
























  • Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest

    – Setekh
    Jan 17 '16 at 3:58
















0














It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.



Apply updates for your OS.



MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)



Toolbar Use After Free Vulnerability - CVE-2015-2515



A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.






share|improve this answer
























  • Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest

    – Setekh
    Jan 17 '16 at 3:58














0












0








0







It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.



Apply updates for your OS.



MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)



Toolbar Use After Free Vulnerability - CVE-2015-2515



A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.






share|improve this answer













It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.



Apply updates for your OS.



MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)



Toolbar Use After Free Vulnerability - CVE-2015-2515



A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 17 '16 at 3:49









SetekhSetekh

52426




52426













  • Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest

    – Setekh
    Jan 17 '16 at 3:58



















  • Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest

    – Setekh
    Jan 17 '16 at 3:58

















Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest

– Setekh
Jan 17 '16 at 3:58





Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest

– Setekh
Jan 17 '16 at 3:58


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1027411%2fexplorer-exe-crash-related-to-shell32-dll%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Probability when a professor distributes a quiz and homework assignment to a class of n students.

Aardman Animations

Are they similar matrix