Explorer.EXE Crash, Related to SHELL32.dll

0

I recently experienced another Windows Explorer crash. I have been experiencing Windows Explorer crashes sporadically for some time now. I was able to capture the event log.

Context: Occurs commonly after opening Control Panel and clicking on an item

Event:

Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c3a0ed
Exception code: 0xc0000005
Fault offset: 0x000000000009a661
Faulting process id: 0x87c
Faulting application start time: 0x01d150a557c92235
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: bcad9f6c-bcb5-11e5-9f2c-6805ca3cec3e

I have run CHKDSK and "sfc /scannow" to detect file corruption; however, both said that there is no corruption.

I am running Windows 7 Home Premium.

I have already searched for this specific error (relating to SHELL32.dll), and some people have said that it is due to file corruption, and others say that it is related to NVidia.

If anyone could help me stop Windows Explorer from crashing, I would really appreciate it.

Thanks.

windows-7
shell
windows-explorer
crash
shell32.dll
asked on Super User Jan 17, 2016 by (unknown user)

2 Answers

0

It may well be worth considering running the following in an administrator Command Prompt:

DISM /Online /Cleanup-image /Restorehealth
sfc /scannow

The DISM command attempts to fix a windows image by drawing its information from Windows Update, whereas sfc uses files already on the system for verification. As it is possible sfc is comparing damaged files to damaged files, DISM may help.

Note that DISM repairs the files sfc uses to check the system, hence why sfc must be run afterwards.

EDIT: "DISM /Online /Cleanup-image /Restorehealth" will not run on Windows 7, to repair system files the "System Update Readiness Tool" should be used instead, available here:

Official Download Page - Microsoft.com

answered on Super User Jan 17, 2016 by Unencoded • edited Jan 17, 2016 by Unencoded
0

It may be a use after free vuln. that is in the wild, or you may just trigger the crash that leads to the exploit, any way - Run malware scan from cd ( every major av company have a live anti-virus cd distro - google it ) or at least run malwarebytes from safe mode, just to be sure.

Apply updates for your OS.

MS15-109: Security Update for Windows Shell to Address Remote Code Execution (3096443)

Toolbar Use After Free Vulnerability - CVE-2015-2515

A remote code execution vulnerability exists when Windows Shell improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user. If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

answered on Super User Jan 17, 2016 by Setekh

User contributions licensed under CC BY-SA 3.0