because Internet Explorer is (to all intents and purposes) one of the main conduits by which viruses and malware enter a computer. Hardly a safe app, is it?

And this is a problem why?

This is alarming, both incidents are serious enough to cause IT people a nightmare, but something as simple as testing explorer.exe, how they missed that ??

I were in a planning stage to change all our clients from AVG/Panda to Kaspersky, after these incidents, I think I will sit tight until further notice.

explorer.exe is not Internet Explorer, but I guess your still in 80's Linux retro land

Can you imagine....

3am, your AV management server downloads the latest AV updates

4am, your clients are set to download from your management server

5am, your clients do their daily scan

5:10am - explorer.exe is deleted from Windows

5:20am - Your network is crippled....!

Stuff of nightmares....

First, this is Explorer, not IE. Deleting Explorer would require everything to be done from new task.

IE is iexplore.exe

explorer.exe is the Windows file manager component.

I know they are linked, but hosing explorer.exe is far more system-destroying than hosing iexplore.exe

Sorry to correct you, but explorer.exe is actually the main windows shell. It takes care of displaying such things as the start menu.

You're thinking of iexplore.exe, a totally separate piece of software.

I thought explorer WAS malware? As Tawakalna comments, it seems to allow anyone and their dog a conduit into getting complete control over a system. Seems only fair to flag it for what it is.

Windows Explorer is not the same as Internet Explorer.

Windows Explorer is not the same as Internet Explorer. I can't believe that people are still confusing these two terms. Shows how daft the M$ naming scheme was.

The "Windows Explorer" is your shell and file manager within Windows. If it is deleted, it does make life a little tricky getting anything done in XP. Though one could revert to the old Win 3.x progman.exe (found in Windows System32 folder...)

Windows Explorer, wot does the GUI bit, not Internet Explorer, wot does t'internet.

Speaking of irritating anti-virus updates, maybe someone could also tell Grisoft that rc.exe, compiler of resources in Visual Studio, is also not a virus, as I've had to remove it just to get my projects to compile properly.

No need for Chinese or Russian covert hacking activities then? All that Putin and his mob need to do is to infiltrate Kaspersky, introduce a trojan in one of the updates and hey, presto, the FSB will have access to nearly every computer in the West.

Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows.

You're mistaking the process as iexplorer.exe, the Internet Explorer process. This is the explorer.exe process which runs the file browser, Windows Explorer.

Ben

Perhaps it was a false false positive?

As being a virus, it might get some attention.

I can see it now. "Your computer is infected with the Vista virus, do you want to upgrade to XP?".

I'd mention Linux, but that just arouses more flamage....

"stuck in '80s Linux retro land" huh? If you're going to toss in a random mild insult because you're sore about yet another problem with Winduhs while you helpfully correct someone's confusion of IEXPLORE.EXE and EXPLORER.EXE, at least get your decade right. :o)

I think Kaspersky could improve on this by having it delete any C:\WINDOWS or C:\WINNT directories it finds, since having them on your computer is definitely a security hazard.

Isn't the point of AV software to stop things slipping through the net?

I wouldnt nesscarily say virus so much as a world wide beta gone bad.

(I can see this now 'When OS' attack tonight on FOX')

Though with most people Linux is not an option because they have gotten so used to the way Windows works even what should be a minor change will cause them to forget everything that they have learned and be completely clueless.

(Celebrity deathmatch 'Linux vs Vista' WHO WILL WIN!!!!)

I reckon they had it right in the first place, but the wrong name. It should have been W32.Monopoly.Worm.

Henry: Karspersky's deleted explorer.exe, dear Liza, dear Liza, Karspersky's deleted explorer.exe, dear Liza, deleted.

Liza: Well fix it dear Henry, dear Henry, dear Henry, well fix it dear Henry, dear Henry, fix it

Henry: With what shall I fix it, dear Liza, dear Liza, with what shall I fix it dear Liza, with what?

Liza: with progman.exe, dear Henry, dear Henry, dear Henry, with progman.exe, dear Henry, dear Henry, with progman.exe.

Henry: But how do I run progman.exe dear Liza, dear Liza?

{There are ways, thanks to DOS. ..and win3.1 comes in handy too sometimes. We still can't live without 'em)

I thought that you'd weren't supposed to be able to delete critical Windows files like that? Surely even as an admin, deleting explorer.exe from WITHIN explorer.exe (as a shell) should be one of those impossible things? Shouldn't Windows be disallowing it anyway, with all it's fancy system file protection etc.? I'm not going to try it but even as an admin I didn't think you could actually delete explorer.exe. Or does Kaspersky put it on the list of files to delete on the next startup?

I know that Linux wouldn't stop you doing "rm -rf /" if you're daft enough to do it when running as root but I thought that Windows didn't like you having that sort of control over your own machine.

Setting Kaspersky AV to delete anything it deems suspicious is an incredible show of faith in its accuracy. Setting it to quarantine suspect items is much safer, and explorer.exe could have been simply recovered using the recovery shell, could it not? For that matter, if one knew what had happened, simply extracting explorer.exe from the same recovery shell would have fixed things right up.

Probably the bigger issue was with not knowing what had happened, and being unable to contact Kaspersky to find out.

GET BACK TO WORK, STUDY FOR YOUR UPCOMING EXAMS, GET A BEER OR GO OUT TO A PARTY AND GET SOME INSTEAD OF POSTING RETARDED/PREDICTABLE STUFF IN THE REG COMMENT SECTION ABOUT HOW INTERNET EXPLORER IS NOT THE SAME AS EXPLORER AND HOW QUARANTINING EXPLORER IS ACTUALLY A "DO WHAT I MEAN" KINDA THING.

This Message has been brought to you by the Reg Overwatch and Desensitization One-Man Committee.

Thank You.

You are confusing explorer. exe with iexplore.exe, the Internet Explorer application file...

Had to be done.

"Or take the simpler solution - ditch Windows"

This problem was not actually caused by windows itself, but by a trusted process being given permission to delete core files. Do the same on linux or mac and the results will be exactly the same (a hosed system).

If all windows users switched to linux or mac (or even BSD), it would not be a simple solution. Given that windows users like to run "admin" or root accounts, the security implications on any OS would be major. All OS's including *nix and macOS are susceptible to viruses, rogue code and mistakes. If you believe your OS is invulnerable then you're just asking for trouble.

If you believe your OS is able to withstand treatment from the average windows user, I dare you to run every single process as root for a week. When bind or sendmail are not attacked with exploits you may have a point.

This message comes to you from a windows machine that against all common beliefs held by *nix and apple fanbois is not actually a virus drone, and has never sent a single unauthorised email.

...to point out iexplore.exe versus explorer.exe?

@Mark Allen -- Can you really use progman? It just spawns then dies on my box. Now that would take me back... Maybe it would run under Wine, and freak out my coworkers. ("You're running Windows 3.1? Do we need to check your medication levels?")

Nod32 and bit Defender Internet security 2008 i use here at office and home (nod32 in office casue i have ISA in place and Bit Defender at home casue of its uber firewall) i Hate symantec casue its shite.... and kapersky i dont use cause its ... well ok but not as good as afore mentioned.. most i have tested have mist common virusus such as bagle but not nod or BT !! both updated hourly too

I set my default shell to sol.exe and was moderately happy for a while but this cut my output at work by at least 10 percent and I had to change it back.

That sucked.

I don't understand why anyone is suprised. It's a naff piece of software and anyone with an ounce of common sense is running NOD32.....

@system

Erm, yeah you've actually made the last guy's point for him. Linux/OSX users don't run every process as root, therefore it's actually very difficult for a process to delete core system files. They're not invulnerable (and anyone who claims as such is a fool), but this is the second time in as many weeks that we've heard of a userland app hosing Windows systems (the last one was the update for an MMORPG - can't remember which one - that removed boot files if you restarted after an update). It would be difficult for this to be replicated in the OSes, especially since the current favourite, Ubuntu, doesn't even allow root login in the standard way (everything's sudo-ed).

Most users aren't going to run bind or sendmail, but everyone in Windows land (including you I suspect) are running an AV checker like Kaspersky. Maybe you haven't got a virus, but how do you know that your virus checker won't do something like this next?

PLEASE PLEASE PLEASE stop talking about the above, its getting boring now!

EVe-Online is the MMORPG you mean - it deleted the boot.ini file. Lets hope XP SP3 adds at least a little protection for key system files!

Anyone found the paris hilton angle yet?

"No need for Chinese or Russian covert hacking activities then? All that Putin and his mob need to do is to infiltrate Kaspersky, introduce a trojan in one of the updates and hey, presto, the FSB will have access to nearly every computer in the West.

Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows."

IT is not cyber terrorism, AC, it is the Beta Use of CyberIntelAIgents and one would hardly XPect anything less from an Intelligence Man such as a Mr Putin. It is said that "Once a KGM officer, always a KGB officer" and such shenanigans are Stock and Trade Elements in all such Services. Making Better Beta Use of them though, is what sorts out the Men who know what they should be doing with them from the Boys who really don't.

And when Home forces are doggedly in the Boys camp, for whatever dumb reason, deaf, dumb and blind to home-grown CyberIntelAIgent Help, then IT easily finds a Ready Home elsewhere in the more Enlightened Surroundings/Regimes which display their Increased Awareness for a Reinforced and Reinforcing IntelAIgents Match...... CyberIntelAIgent Cultural Attache XXXXChange.

Now there's AI Novelty for the Boys in the Militarising Band of the Foreign and Commonwealth Office to mull over........ but only if they are in Fully Funding Support of dDeep Private Initiatives..... in Virtually Real, Out of this World, State Matters.

One is always hopeful that they can grown into Future Men rather than remain as Lackeys, lacking the System. It is not as if they do not receive regular upgrades and taunts to jog their own brains into working the much wwwider Fields of Global Operating Devices C2C Communications rather than relying on duff, short-sighted, Visually and Intellectually Impaired orders and instructions.

C2C???? Copy to China and Control to Command. Both Viable Options for XXXXPorting in AIRegister of Mutiple Use Interests.

... reminds me of when they did the same thing to SQL Enterprise Manager when we were trialling it last year. I do seem to recall shouting at them something along the lines of "....and what if it does the same thing to explore.exe?" Glad to see that they're learning by their mistakes.

Thank goodness for amanfromMars, whose cogent discussion of... erm... whatever that was a discussion of, made a refreshing change from endless discussons of Explore.exe and IExplore.exe.

For anyone still not aware of the distinction, Explore.exe is the windows file explorer, iExplore.exe is the Apple version.

As a direct result of failing to extricate its head in a timely fashion, The Reg Overwatch and Desensitization One-Man Committee has suffered massive implosive rectal failure, and will forthwith be taking some much-needed time off to become familiar with the uncomfortable procedure of delivering thru a plastic tube.

This Message has been brought to you by the Doctors of the Reg Overwatch and Desensitization One-Man Committee.

Stay Safe

If you're going to make snide remarks about others, it's probably a good idea not to make any mistakes in your critique.

That would especially include making a fundamental error in grammar such as mistaking 'your' for 'you're'.

(If I've made a mistake here, I'll now feel really silly.)

http://www.theregister.co.uk/2007/11/23/ms_explorer_ufo_sinking_ship_not_software/

I'm *so* glad my enterprise don't use Kraperski - the support calls would be hell....

Clearly PH doesn't know the difference between explorer.exe and iexplore.exe.

Well I loaded Explorer, and played it for a while, but I can't see what all the fuss is about. We are talking about the ZX81, right?

... and not a clever one as it takes a CD and 40 minutes to install.

You said something to the effect of "...AV is a userland app, how come it can kill Windows system components?..."

What would the point of it running in the user's context be? It would only be able to protect the user's files, it has to run at a relatively low level, just in case a system component is infected, as it will need to interact with the component (delete/move/deny access etc) therefore it has to be installed by the Administrator (root, if you have Apple/Linux/UNIX AV - yes, it is out there!)

You'll also find that all the people who installed and operated whatever game it was that killed boot.ini, in their user's context didn't end up with a knackered system. It was the eejits who insatlled and operated the game with Administrator that were the victims.

Duh!!!!

"Erm, yeah you've actually made the last guy's point for him. Linux/OSX users don't run every process as root"

That was kind of the point. It's about the users rather than the OS. Windows users are used to doing things with a single login. If you encourage them to jump to linux, they'll take the single login habbits with them and run as much as they can under root. Windows can support none-admin logins (which would have prevented this), just like linux, but it is not something the average windows user will consider.

Yeah, there are some distros and software coming out on linux that do their best to discourage running as root, but it's not all like that. The majority of distros are susceptible to all kinds of bad things happening if they were run like the average copy of windows.

Moving the majority of windows users to another OS is not a "simpler solution". If the other OS is not going to end up as bad as windows, it would require hardening of the OS and training of the users.

Moving the majority of "boy racers" out of Golf GTIs and into Porsche 911s is not going to solve speeding problems without speed limiters on the cars and retraining of the drivers :-P

I knew someone would figure it out eventually. All those people complaining that IE is uncompetitive as it can't be uninstalled have been proven wrong! Thank you Kapersky -you have opened the way for freedom of choiec in the browser market.

You can actually run Ubuntu as root in the normal way. Login as your normal user, then 'sudo su'. Enter password and Voila, you are now root.

You could also 'sudo nano /etc/passwd', change your UID to 0, log out and login and you're running as root without having to Sudo ever.

Of course the more important point is how it works out of the box, which is how most users would continue to use it anyway.

Now I'll run away and keep my pedantic comments to myself. Merry Christmas!

You have identified the main flaw with windows and it's supposed user accounts.

In order to do anything, you have to run as a privileged user so windows lets AV run with all power to do anything, even delete core system files. Great approach eh.

Its because this would be unlikely on a linux system that so many people here are taking exception to the anti-linux comment further up, by someone who criticises what they dont understand.

"Maybe it's happening already. OMG! Let's nuke them before it's too late!! Or take the simpler solution - ditch Windows."

That sounds great. Will you be paying for all the re-training of the sysadmin and users, software replacement and downtime needed for all the 'upgrades' and changes?

Despite the anti-windows seniment you get everywhere from overly-vocal linux fanatics, windows is still everywhere. And it will continue to be, as its what people know and can use easily. So unless you're happy to dress linux up EXACTLY like XP, and have it function EXACTLY like XP, then its easier in the long term to stick with what people can already use.

Linux aint free when it comes to upgrading corporate systems. The hidden costs are still there.

Someone else who hasn't read the thread. How many more posters have got to say it? IT IS NOTHING TO DO WITH INTERNET EXPLORER.

Something wrong with Internet Explorer?

I use Firefox...

Is that why Microsoft set up XP to look EXACTLY like Mac OSX and function EXACTLY like Mac OSX... which is a proprietary front end to, you guessed it, a Linux Kernel.

And as to paying the retraining costs.... who paid for all the training in the first place? Was it the sysadmins? I think it was more likely their employers, and unless I'm mistaken, there are new courses with every new version of windows.... so instead of doing the Vista course, why not do RedHat, SuSe (and I defy anyone who doesnt respect Novell as a player in the networking field) or even Ubuntu.

Right, rant over, I'll get my coat.

(It's a BSD kernel ...)

And system ... Posix AVs don't need to run as root, they only protect the userland. If anything gets past that, into the OS core layer, then it's not a virus. It's a rootkit or whathaveyou, and any modern distro comes with some hardening and antirootkit stuff. And, btw, my Linux boxes loaded with Clam AV and Panda haven't seen anything challenging in the past few years. Posix desktop users don't usually need to run servers (bind, etc.etc.) any more than Windows desktop users need to run Exchange Servers or IIS. Besides, Posix anti-attack progs are far superior to anything in Windowsland, because their programmers understand security better and are supporting much more secure systems out-of-the-box than Windows programmers possibly could.

Flame away!

OSX does not use Linux kernel in any shape or form, it is partly based on BSD on and it uses a derivative of the Mach microkernel.

Since SP2, the progman.exe file explorer has been crippled. It only exists to allow older software installs to run. So you can't run it as an alternative to explorer.exe.

windows/M$ products ARE viral, period.

I don't care about MS Windows explorer 'cos I use .

I run Chinese anti virus and it is very good.

Anti-virus are only needed on the desktop because Windows has a flawed architecture, and on top of that almost everybody is dumb enough to double-click anything that comes by, no matter from where.

Can´t get how many guys can find normal to use an anti-virus nowadays. Been using os/x and couldn´t have been more happier.