QUESTION :
I did a really stupid thing when trying to fix a ransomware problem on a Win XP SP3 (Swedish) computer (Microsoft Defender Offline didn’t work. Neither did Kaspersky recovery disc). Anyway at the time I believed that explorer.exe was infected. So to make a long story short I deleted it and tried to get it from another Win XP SP3 (swedish) computer. I eventually got rid of the ransomware but even though I copied the file from another swedish SP3 machine. Some text are in spanish (or some other language I don’t know) which I do feel is very strange. What could the problem be?
ANSWER :
Instead of copy the explorer.exe from another computer use the computers own cached version from c:WINDOWSSystem32DllCache. You will not be able to do this when running Windows on that computer. You could do one of the two following things:
- Boot up the computer from some Linux Live CD (or a Windows PE environment) and overwrite the file.
- Put the harddrive in another computer and boot from it instead and then copy the file.
It did work great for me.