Explorer.EXE Crash, Related to SHELL32.dll
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.
Context: Occurs commonly after opening Control Panel and clicking on an item
Event:
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e
I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.
I am running Windows 7 Home Premium.
I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.
If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.
Thanks.
windows-7 shell windows-explorer crash shell32.dll
|
show 2 more comments
I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.
Context: Occurs commonly after opening Control Panel and clicking on an item
Event:
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e
I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.
I am running Windows 7 Home Premium.
I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.
If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.
Thanks.
windows-7 shell windows-explorer crash shell32.dll
Does it happen withinSafe Mode
?
– Ramhound
Jan 17 '16 at 2:35
You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.
– Ramhound
Jan 17 '16 at 2:43
If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server tosrv*c:symbols*http://msdl.microsoft.com/download/symbols
, open the dump file and writeanalyze -v
in the command line.
– spherical_dog
Jan 17 '16 at 2:48
Do a computer-wide search on *.dmp files and see if anything shows up.
– spherical_dog
Jan 17 '16 at 4:07
create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it
– magicandre1981
Jan 17 '16 at 6:31
|
show 2 more comments
I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.
Context: Occurs commonly after opening Control Panel and clicking on an item
Event:
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e
I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.
I am running Windows 7 Home Premium.
I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.
If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.
Thanks.
windows-7 shell windows-explorer crash shell32.dll
I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.
Context: Occurs commonly after opening Control Panel and clicking on an item
Event:
Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:WindowsExplorer.EXE
Faulting module path: C:Windowssystem32SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e
I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.
I am running Windows 7 Home Premium.
I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.
If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.
Thanks.
windows-7 shell windows-explorer crash shell32.dll
windows-7 shell windows-explorer crash shell32.dll
asked Jan 17 '16 at 2:28
user546172
Does it happen withinSafe Mode
?
– Ramhound
Jan 17 '16 at 2:35
You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.
– Ramhound
Jan 17 '16 at 2:43
If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server tosrv*c:symbols*http://msdl.microsoft.com/download/symbols
, open the dump file and writeanalyze -v
in the command line.
– spherical_dog
Jan 17 '16 at 2:48
Do a computer-wide search on *.dmp files and see if anything shows up.
– spherical_dog
Jan 17 '16 at 4:07
create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it
– magicandre1981
Jan 17 '16 at 6:31
|
show 2 more comments
Does it happen withinSafe Mode
?
– Ramhound
Jan 17 '16 at 2:35
You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.
– Ramhound
Jan 17 '16 at 2:43
If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server tosrv*c:symbols*http://msdl.microsoft.com/download/symbols
, open the dump file and writeanalyze -v
in the command line.
– spherical_dog
Jan 17 '16 at 2:48
Do a computer-wide search on *.dmp files and see if anything shows up.
– spherical_dog
Jan 17 '16 at 4:07
create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it
– magicandre1981
Jan 17 '16 at 6:31
Does it happen within
Safe Mode
?– Ramhound
Jan 17 '16 at 2:35
Does it happen within
Safe Mode
?– Ramhound
Jan 17 '16 at 2:35
You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.
– Ramhound
Jan 17 '16 at 2:43
You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.
– Ramhound
Jan 17 '16 at 2:43
If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to
srv*c:symbols*http://msdl.microsoft.com/download/symbols
, open the dump file and write analyze -v
in the command line.– spherical_dog
Jan 17 '16 at 2:48
If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to
srv*c:symbols*http://msdl.microsoft.com/download/symbols
, open the dump file and write analyze -v
in the command line.– spherical_dog
Jan 17 '16 at 2:48
Do a computer-wide search on *.dmp files and see if anything shows up.
– spherical_dog
Jan 17 '16 at 4:07
Do a computer-wide search on *.dmp files and see if anything shows up.
– spherical_dog
Jan 17 '16 at 4:07
create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it
– magicandre1981
Jan 17 '16 at 6:31
create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it
– magicandre1981
Jan 17 '16 at 6:31
|
show 2 more comments
2 Answers
2
active
oldest
votes
It may well be worth considering running the following in an administrator Command Prompt:
DISM /Online /Cleanup-image /Restorehealth
sfc /scannow
The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.
Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.
EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:
Official Download Page - Microsoft.com
I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.
– Sam3000
Jan 17 '16 at 2:45
There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.
– Sam3000
Jan 17 '16 at 2:51
How strange, I have verified that command myself via copy and paste...
– Sam3000
Jan 17 '16 at 2:55
Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth
– Sam3000
Jan 17 '16 at 2:56
Okay, lets try the "/scanhealth" switch for now, let me know it's output
– Sam3000
Jan 17 '16 at 2:58
|
show 5 more comments
It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.
Apply updates for your OS.
MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)
Toolbar Use After Free Vulnerability - CVE-2015-2515
A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest
– Setekh
Jan 17 '16 at 3:58
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1027411%2fexplorer-exe-crash-related-to-shell32-dll%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It may well be worth considering running the following in an administrator Command Prompt:
DISM /Online /Cleanup-image /Restorehealth
sfc /scannow
The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.
Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.
EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:
Official Download Page - Microsoft.com
I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.
– Sam3000
Jan 17 '16 at 2:45
There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.
– Sam3000
Jan 17 '16 at 2:51
How strange, I have verified that command myself via copy and paste...
– Sam3000
Jan 17 '16 at 2:55
Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth
– Sam3000
Jan 17 '16 at 2:56
Okay, lets try the "/scanhealth" switch for now, let me know it's output
– Sam3000
Jan 17 '16 at 2:58
|
show 5 more comments
It may well be worth considering running the following in an administrator Command Prompt:
DISM /Online /Cleanup-image /Restorehealth
sfc /scannow
The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.
Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.
EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:
Official Download Page - Microsoft.com
I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.
– Sam3000
Jan 17 '16 at 2:45
There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.
– Sam3000
Jan 17 '16 at 2:51
How strange, I have verified that command myself via copy and paste...
– Sam3000
Jan 17 '16 at 2:55
Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth
– Sam3000
Jan 17 '16 at 2:56
Okay, lets try the "/scanhealth" switch for now, let me know it's output
– Sam3000
Jan 17 '16 at 2:58
|
show 5 more comments
It may well be worth considering running the following in an administrator Command Prompt:
DISM /Online /Cleanup-image /Restorehealth
sfc /scannow
The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.
Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.
EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:
Official Download Page - Microsoft.com
It may well be worth considering running the following in an administrator Command Prompt:
DISM /Online /Cleanup-image /Restorehealth
sfc /scannow
The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.
Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.
EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:
Official Download Page - Microsoft.com
edited Jan 17 '16 at 3:16
answered Jan 17 '16 at 2:36
Sam3000Sam3000
2,40521023
2,40521023
I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.
– Sam3000
Jan 17 '16 at 2:45
There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.
– Sam3000
Jan 17 '16 at 2:51
How strange, I have verified that command myself via copy and paste...
– Sam3000
Jan 17 '16 at 2:55
Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth
– Sam3000
Jan 17 '16 at 2:56
Okay, lets try the "/scanhealth" switch for now, let me know it's output
– Sam3000
Jan 17 '16 at 2:58
|
show 5 more comments
I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.
– Sam3000
Jan 17 '16 at 2:45
There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.
– Sam3000
Jan 17 '16 at 2:51
How strange, I have verified that command myself via copy and paste...
– Sam3000
Jan 17 '16 at 2:55
Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth
– Sam3000
Jan 17 '16 at 2:56
Okay, lets try the "/scanhealth" switch for now, let me know it's output
– Sam3000
Jan 17 '16 at 2:58
I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.
– Sam3000
Jan 17 '16 at 2:45
I have never heard of any instance where it has, in this case it is simply acting as a verification tool - no file changes unless the files are already damaged. I have used it myself many times with out any issues.
– Sam3000
Jan 17 '16 at 2:45
There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.
– Sam3000
Jan 17 '16 at 2:51
There should be no need to do so, I should also mention its perfectly normal for it to show "20%" progress for a fair few minutes (I'd say up to 15 depending on your CPU and drive speed), so don't worry about that.
– Sam3000
Jan 17 '16 at 2:51
How strange, I have verified that command myself via copy and paste...
– Sam3000
Jan 17 '16 at 2:55
How strange, I have verified that command myself via copy and paste...
– Sam3000
Jan 17 '16 at 2:55
Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth
– Sam3000
Jan 17 '16 at 2:56
Are you copying it exaclty, so that it reads: DISM /Online /Cleanup-image /Restorehealth ? If so, try DISM /Online /Cleanup-image /Scanhealth
– Sam3000
Jan 17 '16 at 2:56
Okay, lets try the "/scanhealth" switch for now, let me know it's output
– Sam3000
Jan 17 '16 at 2:58
Okay, lets try the "/scanhealth" switch for now, let me know it's output
– Sam3000
Jan 17 '16 at 2:58
|
show 5 more comments
It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.
Apply updates for your OS.
MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)
Toolbar Use After Free Vulnerability - CVE-2015-2515
A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest
– Setekh
Jan 17 '16 at 3:58
add a comment |
It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.
Apply updates for your OS.
MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)
Toolbar Use After Free Vulnerability - CVE-2015-2515
A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest
– Setekh
Jan 17 '16 at 3:58
add a comment |
It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.
Apply updates for your OS.
MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)
Toolbar Use After Free Vulnerability - CVE-2015-2515
A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way -
Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.
Apply updates for your OS.
MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)
Toolbar Use After Free Vulnerability - CVE-2015-2515
A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
answered Jan 17 '16 at 3:49
SetekhSetekh
52426
52426
Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest
– Setekh
Jan 17 '16 at 3:58
add a comment |
Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest
– Setekh
Jan 17 '16 at 3:58
Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest
– Setekh
Jan 17 '16 at 3:58
Most likely it is not malware because then the exploit would of been working and not crashing the system :) The update is : technet.microsoft.com/en-us/library/security/ms15-109.aspx Hope that helps.. it doesn't look like bad memory either, but still a check would not hurt - you can use the Windows Memory Diagnostic as you have Win 7 so no need for memtest
– Setekh
Jan 17 '16 at 3:58
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1027411%2fexplorer-exe-crash-related-to-shell32-dll%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Does it happen within
Safe Mode
?– Ramhound
Jan 17 '16 at 2:35
You will need to try and figure out what causes it then boot not Safe Mode to confirm if it does or does not happen. if you want to solve this problem that is one of the only ways to do it.
– Ramhound
Jan 17 '16 at 2:43
If you have a dump of the crash you might want to try debugging it in Windbg. Set the symbol server to
srv*c:symbols*http://msdl.microsoft.com/download/symbols
, open the dump file and writeanalyze -v
in the command line.– spherical_dog
Jan 17 '16 at 2:48
Do a computer-wide search on *.dmp files and see if anything shows up.
– spherical_dog
Jan 17 '16 at 4:07
create a dmp file fist: pastebin.com/WACz5GBU if you're unsure, zip the dmp and share it, so that we can look at it
– magicandre1981
Jan 17 '16 at 6:31