January 2015 - Hawkdive

Monday, January 26, 2015

Explorer.exe does not show up automatically or computer goes to blank (Black) screen after loging in

Monday, January 26, 2015 0
What is Explorer.exe?

The process Explorer.exe is a commonly used process in all Microsoft Windows Operating Systems known as Windows Explorer. Windows Explorer is basically used to browse files and folders in Microsoft Windows. Explorer.exe provides a graphical user interface for browsing file systems. It is responsible to displays the user interface on the display screen that enables the user to utilize the computer’s functions. It also referred as Windows GUI shell or simply Explorer.So in short,Whatever graphics you see on the desktop is a part of Explorer.exe, be it the taskbar,Start Button, Start Menu,desktop icons,desktop background or folder or computer.If you close the Explorer.exe process from the task manager's processes your computer's desktop screen would be blank as shown in the picture below, all the opened applications stay up, hovering over an empty blue rectangular box and you can only navigate between them using Alt+Tab but you can't do anything else.Can't start anything else, can't get to your files, etc

The file explorer.exe is located in folder C:\ Windows or sometimes in a subfolder of C:\. It has a known file size ranging from 1,0321,292 bytes to 3,194,368 bytes.It is a trusted Microsoft application that records user inputs.

Duplicates of the explorer.exe file has been a constant target for different malware which were usually located in the system32 subdirectory of the Windows folder. These malicious files are usually added to the Windows start up by certain spywares and should be removed immediately from the system. These illigitimate explorer.exe files are not needed by the Windows system and usually causes harms to your system if not attended immediately.


Explorer.exe Issue: 

1. After logging into the windows it is showing a black screen without by icons,task bar or anything but a mouse cursor.

2. I start my PC after use login window where it should show the start screen my PC just doesn't show anything except for a mouse cursor.

3. Everytime I boot up Windows 8 Pro x64 installed on my laptop , explorer.exe process doesn't launch automatically as it should.Thus, all I get is a black screen, and I need to manually start it on task manager (run a new task).

4. My computer does not show desktop or my desktop is missing.

5. Windows explorer does not start automatically or an infected explorer.exe launch everytime I restart my computer.

5. When I restart my laptop it does not go to desktop, every time I have to end the already running faulty explorer.exe and start the new explorer.exe through new task(from task manager).I also put explorer.exe in startup option still I am facing the same issue.

Solution Applies to the following operating systems:

  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows Vista


Explorer.exe or windows explorer is a shell windows operating system uses.Windows has two shell that can run command line user interface shell- cmd.exe and Graphical user interface shell- explorer.exe.

This issue occur when the explorer.exe is corrupt or it is certainly possible the problem could be due to some virus infection too, which blocks the explorer.exe from running.
In other cases, explorer.exe which loads at startup is a virus, spyware, trojan or worm.You could Check this with Security Task Manager.

Restart your computer into Safe Mode if everything loads correctly, the problem may be rooted in a virus or other malware, and not a corrupt file. Next, check the location of your explorer.exe file. If the file is located anywhere other than "C:\Windows," your computer may be infected. If the problem is consistent no matter what you try and explorer.exe is in its correct place, the problem is likely rooted in the explorer.exe file itself, and can be repaired using system repair utilities.

I searched through the internet and tried all the troubleshooting steps mentioned on different website but that did not fix my problem but one real solution which is just two step registry key deletion made me happy which solved this issue.

Here is the step you need to perform to fix this.

1. Open your start menu, then type "regedit" to open the Registry Editor.

2. Navigate to the following key: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution.options".

3. If you see either "explorer.exe," "iexplorer.exe" or both listed under this key, delete them -- they should not be there. Close the editor, then restart your computer. Be sure to back up your registry before trying this step, and if any problems occur, access Registry Editor in safe mode and load your saved file.

Registry Path to remove explorer.exe Virus
Registry Path to remove explorer.exe Virus

My computer was fixed after I restarted it post doing above mentioned steps.

But if the above mentioned steps does not fix your problems try these below mentioned steps.

Method 2.

There's a registry key that tells Windows what "shell" to load on startup.Check to see if it is loading the correct explorer.exe.If it does not then correct the path as following

[for the current user]
HKEY_CURRENT_USER\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

"Shell" (REG_SZ) = "explorer.exe" or "C:\windows\explorer.exe"

[for all users]
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows NT\ CurrentVersion\ Winlogon

"Shell" (REG_SZ) = "explorer.exe" or "C:\windows\explorer.exe"

Method 3.

1. Rename your explorer.exe to explorer1.exe
2. change the value "Explorer.exe" in regedit. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon to "Explorer1.exe"
3. Run "Explorer1.exe"
4. Delete HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\igfxcui.
5. Delete file C:\Program Files\Microsoft Common\svchost.exe.

Run Virus Scan

After making changes in registry and deleting the infected files run a full system virus scan on your computer. Quarantine or delete any viruses or infected files it may find, then restart your computer normally. Quarantined files are harmless, so you should not need to delete them to figure out if removing the virus fixed the problem. If you need a program to scan your computer with, try Avira, Kaspersky or Malwarebytes.You can download all these from the download tab of this website.I would recommend to Run a scan with Malwarebyte,AdwCleaner and Hitmanpro.

After completing the scan and cleaning.Ran ccleaner and delete all the schedules task if there is any and remove unwanted startup items from msconfig or ccleaner.And run registry fix to know how to use Ccleaner click here.

Run Chkdsk

Chkdsk (check disk) is a utility that checks the integrity of your file systems to make sure that all necessary functions are running correctly. It will sometimes run automatically after an error or improper shutdown, but you can run it manually at any time. open "Computer" - if you can't see your Start menu, press the "Windows" and "E" keys simultaneously -- right click on your hard drive and click "Properties." Click the "Tools" tab, then click "Check" under the "Error-checking" category. This process will take some time to complete, and in certain cases may ask you to perform the disk check when your computer restarts. Let the scan complete, and if any errors appear, chkdsk will try to repair them.

you can also run this utility using the command line.To do this type the command chkdsk /f /r.

Repair Windows Files

If explorer.exe does not load, and may not load even when you try to start it directly, it could be corrupt. This can sometimes be fixed by running the system file checker that attempts to repair important Windows files. Click on the start button and type CMD in the search box.Once the cmd.exe is shown in the search result at the top, right click on cmd.exe and select run as administrator and click continue if user account control settings ask the confirmation.Now type "sfc /scannow" and press "Enter." This process may also take some time, but when it is complete, it will display whether it found any corrupt files, what they were, and whether they were able to be repaired or not. After the scan, restart your computer and attempt to use it normally.

Conclusion: If you are also facing this issue that your explorer.exe does not start/launch automatically it could either be corrupted,infected or the computer has a virus/malware infection so begin your troubleshooting with the steps mentioned above and if that does not fix the explorer.exe issue then update your Antivirus database and run the scan for the whole computer and if nothing works create a new user accounts as most of the time these type of virus/malware target a user's profile.

**********End of article***********

People also read following top most searched issue

Best Google Search Tips and Tricks

Read More

Friday, January 9, 2015

Remove Zoomify Virus from your computer to stop pop ups in browsers

Friday, January 09, 2015 0
Nowadays we are getting so many pop ups showing advertisement or alerting you of virus infections which does not go easily.They keeps coming up after closing them and are very annoying.Some of them asks you to update flash player, Some would asks to update the browsers some would show your computer might be infected with virus while some would say the java Plug-in is outdated.

I am gonna talk specifically about Zoomify virus.It does not get removed easily and none of the security softwares detects it.I scanned my computer with ADWCleaner, Hitmanpro and Malwarebyte and ESET Online scanner when I already had my updated Norton antivirus ups and running.I was still getting the pop ups whenever opening any of the browser to surf internet.

Then after all the efforts, I tried to check the processes running in the Task manager and found some new and unfamiliar services running and when I tried to close one of them, it kept coming back to running state.I did not even allow me to delete the file associated with those services.Here is the snapshot of the processes running in the task manager.

Cozhost.exe Virus Process in Task Manager
Coz32host.exe Virus Process in Task Manager
When I searched internet to find out what these processes are and analysed them by some software, I found that this is a program which is associated with zoomify Malware and generating pop ups and redirecting browsers.This is a Virus.

Virus Type: Harmful Redirect Virus

What does it do?

  • Takes over the browser and modifies the default settings randomly.
  • Home page,Startup page, Search engine or other settings change on your computer. Exessive links are added to every website you open that point to websites that you'd usually avoid.
  • Always try to trick you into install malware, adware or other potentially unwanted programs or unwanted harmful Browser Addons or a fake message to update Java or Flash Player or their Plugin.
  • Pops up endless of annoying ads to interrupt users.
  • Consumes a large amount of CPU utilization.
  • Severely degrades the PC performance.
  • ZoomifyApp virus can monitor your online activities and collect your personal data

How to remove it?

Troubleshooting Steps (TS):Before we start the following troubleshooting I assume you have already updated your current security or Antivirus software and scanned your computer with that.

Step 1. Run RKill to terminate any malicious processes

RKill is a tool that we should run before doing any troubleshooting on PC, this software will attempt to terminate all malicious processes that are running on your machine, so that we will be able to perform the next step without being interrupted by any malicious software and also if these processes are terminated the performance of the system would definitely increase a bit to allow you to perform action faster.RKill was developed at BleepingComputer.com.

You can download the latest official version of RKill by clicking here.Please note that we will use a renamed version of RKILL so that malicious software won’t block this utility from running.

RKill is available in different filenames because some malware will not allow processes to run unless they have a certain filename.

These link will automatically download RKILL renamed as iExplore.exe.

Double click on iExplore.exe to start RKill.


When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.Do not reboot your computer after running RKill as the malware programs will start again.

Now you can perform your troubleshooting steps a lot easier way.

Step 2.Stop the processes associated with Zoomify Virus

Since ZoomifyApp cannot be removed from control panel and antivirus applications all fail to pick it up, you have to remove it manually. Before starting the operation actions, please back up your registry.And also enable show hidden files and folder in folder options.
To do this go to control panel and open folder option.And click on the view tab and select show hidden files,Folders and drives-ON and also uncheck the option "Hide protected operating system files" as highlighted in the picture below.After that click ok.

Folder Option
Folder Option

Open task manager and try to stop the processes of ZoomifyApp running in the background.

Zoomify App.exe

Step2. Delete all files and folders related to ZoomifyApp virus

%program files%\ Zoomify App\
%documents and settings%\all users\ application data\ ZoomifyApp
%AllUsersProfile%\Application Data\ ZoomifyApp.exe
%progran files%\ Ads by Zoomify App.exe
%AllUsersProfile%\Application Data\.exe

if you are unable to stop the zoomify App process or Cozhost.exe, Cozwhost.exe, Cozahost.exe,Cozadhost.exe,coz32host.exe,Cozad32host.exe, zoomifyL32.exe, zoomifyD32.exe, zoomify.exe, wzoomifyd.exe or any of the services which are similar to them.Right click on the process and select option to open file location as shown in the picture below.

Open Location of the process running
Open Location of the process running
This will open the folder where this file is running from and you would need to delete all the files showing here so select all and press Shift+Delete key to delete the permanently.

If you are unable to delete them as I was not able to delete because it was already running or being used.Please rename all the .exe and .dll files with some other xyz name.

Also delete or rename all files and folders from the following locations.

%program files%\ Zoomify App\
%documents and settings%\all users\ application data\ ZoomifyApp
%AllUsersProfile%\Application Data\ ZoomifyApp.exe
%progran files%\ Ads by Zoomify App.exe
%AllUsersProfile%\Application Data\.exe
C:\Program Data\Zoomify

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\CAQ30L6F.php
%WINDIR%\Tasks\Tempo Runner cozahost.job
%WINDIR%\Tasks\Tempo Runner coz32host.job

Step 3. Clean Zoomify virus from Registry.

Open registry editor and remove all the registry keys that ZoomifyApp malware added

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[ZoomifyApp]"
HKEY_CLASSES_ROOT\CLSID\[random numbers]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zoomify App
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[random numbers]

Now if you are an advanced user and want to delete the Zoomify completely from everywhere you can search through registry for the the following files names and delete all the entry associated with them.Be very careful with registry and only delete entry associated with these names otherwise your computer will becomes unstable if you delete something necessary to your computer.

Cozhost.exe,Cozwhost.exe,Cozwdhost.exe,Cozahost.exe,coz32host.exe*32, Cozadhost.exe,coz32host.exe,Cozad32host.exe, zoomifyL32.exe, zoomifyD32.exe, zoomify.exe, wzoomifyd.exe

Step 4. Now delete Temp  and %Temp% and Reset all the browsers.

Step 5 . Use Ccleaner

Download Ccleaner. And Run it to clean all the junks.Now click on the Tools and then click on Startup and go to Scheduled Tasks>Select all the unknown and unnecessary task and delete them.This will stop the Zoomify virus to restart their service or look for it after certain intervals.


Also check for windows Startup items and remove the entry which are not required.

Now click on registry option on the left of Ccleaner window and Scan for registry issues and then fix them as shown below.

CCleaner Registry Fix
CCleaner Registry Fix

Step 6. Restart your computer and now it should be running fine.

Note:- Zoomify Virus App also comes with one another name called Zoompic with its associated file named ZoompicL64.dll with the originating folder C:\Program Data\makulitsidweso you might want to find and delete this folder .

Happy Troubleshooting :-)



Read More