Anyone know what this Virus is?

My Dad's system got something that basically causes explorer.exe to shutdown and restart randomly every few seconds. In addition it made him have to re-activate Windows so he can't even get into his main desktop, only safe mode w/o networking. Nothing is listed in xxxx\Run in the registry, any suggestions on other places to look?

Thanks!
tsin

I would seriously suggest running some sort of virus scan. Check through MSCONFIG and see if anything is set up there. Its also possible that the Virus has called itself explorer.exe and replaced the real explorer.exe.

Ahhhh so stupid of me I should have checked explorer, I bet that's what the virus is spoofing. I'll have to recheck all the normal spots now to see if explorer is listed on startup. Heheh thanks for the brain check.

Run Autoruns from www.sysinternals.com the \Run key in your registry is not the only place where malware starts. Far from it. And yes, explorer.exe is listed on startup of course. It has its own registry key, aptly named "shell". There's even more than one since different users might use different shells (explorer is not the only one you can use)

Thanks klingens I will check that out when I take another crack at my Dad's system