crash.exe help needed

  MidgetMan 20:15 16 Nov 2004

pc running xp home edition is infected with crash.exe, I have so far installed and run - adaware, a2cleaner, spyware blaster and ccleaner, also installed is avg, none of these pick up the worm. I have manually found it and deleted it from among other files re-cycle bin, win/sys32, internet temp files. the prob is that as soon as i open internet explorer it loads itself again (without even connecting to internet).

This is making me think that somehow the worm is in internet explorer itself, is this likely?? and if so will removing explorer then re-install sort it out??

Totally flummoxed one this one so anyhelp etc welcomed.

  MidgetMan 20:20 16 Nov 2004

forgot to mention, have disabled restore and scanned etc, also done scans in safe mode as well.

  VoG II 20:21 16 Nov 2004
  MidgetMan 20:24 16 Nov 2004

thanks, have already tried the manual sugggestion, a2 is also supposed to catch/kill this but does'nt bit loathe to keep loading these cleaner progs as already got 3 on!!!!

  MidgetMan 08:47 17 Nov 2004


  MidgetMan 13:00 17 Nov 2004


  JIM 14:09 17 Nov 2004

go to the registry (start/run/type in regedit)
Go to the edit tab, click on find, type in crash.exe and click on find next to see "if" crash.exe comes up so that you can delete it.(right click = delete)Click "F3" on keyboard and again "if" it comes up delete.Keep clicking F3 a few times to re-check or till you have the box telling you (finished searching etc.)Cross out, reboot and see if your problem still there.

"Have a dummy run first in registry to see if crash.exe shows it's self if you want." No deletions.

"Before doing the above" Back up the registry/export file,"Covering myself " before you search for and deleting the crash.exe Personaly i would not for that exe. but!!!!

Dis-able systems restore also.
Also make sure there is no crash.exe running in the task manager/processes, or in the startup or services via the Msconfig.---- Worth a look in the windows prefetch folder to delete any reference if in there.See how you do but there is no-way reinstalling internet explorer will solve your problem if the worm is on your system.Format yes.

  MidgetMan 15:18 17 Nov 2004

Good advice, I will try that as possible last resort as not happy playing with reg.

This is a very confusing one. The virus? consists of 4 files, 1 dos batch file of 4kb, 1 text file of 1kb, one html file of 4kb and a archived file (looks like winrar) of arounf 84kb. the effect being when it runs is that it opens so many ie windows in the background that the pc runs out of resources and crashs. (well named little bugger this)

No matter how many times it is deleted it will re-appear almost instantly when internet explorer is opened (without a connection being made), it is this that makes me think that somehow it is "hiding" within explorer or is somehow attached via a batch file. The only other thing is could it be within the google taskbar that is installed???? I am really getting to my wits end with this one, and also losing face as it is a freinds pc who asked me for help. Very loathe to re-format as not mine.


  MidgetMan 17:47 17 Nov 2004


  fredski 17:57 17 Nov 2004

not much info on crash.exe, but if all else fails well save and FORMAT :o))

  JIM 19:19 17 Nov 2004

but not that risky in this situation for crash.exe You could try the following but no guarantee.

On bootup to desktop, disable systems restore via my computer properties(right click).Close then hit the keys ctrl/alt/delete for task manager and processes.End task to crash.exe if listed there.

Go to start,control panel,network and internet connections, select internet options icon, and delete cookies, files, clear history.Close.

Open up my computer and go to the tools tab(top) and choose/open, folder options.

Click on View tab and open it then tick the show hidden and systems files then apply, click ok, close the open window.

Go to Start, search,when open click on the more advanced options button and make sure all top three are ticked.

Type in crash.exe search and delete them. If there was any other files named when using AV search and delete them also.

After that run AV and see what it may or not bring up,(If you have to search again for other files do it)

Run your add-ware/spybot S&D, whatever. Then connect to internet and if still having problens do the following.

Use the floppy or cd with CWShredder and HijackThis on it that you made earlier from your own connection at home :)

click here

for CWShredder™ Version 2.0 just download CWShredder and save it to a floppy or? Run it from the floppy/or ? let it do its job,follow information etc.

For HijackThis.Following link for Info ETC.But all you would do would be to run the program and if you see anything with (crash.exe)tick the box and delete/following viewed instructions.

click here

Click on HijackThis from first word highlighted from the link above for program,both very small.

Still may have to follow info from last post "if" still having problems,would be quicker:)


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

HTC U12 Plus review: Hands-on

Best Android emulators for Mac

Comment utiliser l’Apple Store Éducation ?