In system startup it will not delete the entry :System.ini(C:\WINDOWS\system ini) SHELL EXplorer.exe
The red X delete button is unworkable on this one item, yet the description on the side says it is full of malware and trojans.

Warning - The information on startup entries only reflects possibilities of what an entry by that name may be. There is no actual analysis of the startup entry (other than the name) nor of the program it points to. So before you attempt to remove any entry you better be sure that it should be removed.

What I am saying is, that in the tools section of spybot search and destroy, where system startup entries are listed, the big red delete X button at the top of the page is not lit up. But it will function with the other system startup entries. It is just this one entry that it won't delete.

What a simple question. And what a simple reply. And what a useless and unhelpful reply. What a goose. Anybody out there that knows an answer to this so simple question?

RODOT:


What a simple question. And what a simple reply. And what a useless and unhelpful reply. What a goose. Anybody out there that knows an answer to this so simple question?
What is the question? You made a statement (twice) that the delete function in Spybot's System Startup did not work on that particular startup entry. I'm sorry but I can't fix the program.

I was nice enough to warn you about the potential dangers of taking the comments that accompany startup entries literally. What to I get for my trouble? "… And what a useless and unhelpful reply."

In the type of entry that you indicated you have:
system.ini: Shell=Explorer.exe xxxxxxxx.exe
If you see Explorer.exe by itself, it should be fine, if you don't, then it could be a potential Trojan or malware. I personally think you just leave the entry alone.

Now if you would like to ask a question civilly, I might be inclined to answer it. In the mean time, I don't know what your question is: "How do I delete the entry", maybe?

I would really appreciate any help with this issue. I have a Windows 98 Machine that has this same entry in the startup.

System.ini(C:\WINDOWS\system ini) SHELL Explorer.exe

It was not found before I installed version 1.5.2. I can't uncheck it to stop it from loading with startup. The machine has really taken a hit on performance so I suspect this entry has something to do with it.

Thanks in advance for any help.

C.

Shmaley:

The following entry is a valid entry on a Windows 98 system:


System.ini(C:\WINDOWS\system ini) SHELL Explorer.exe

It s a real problem, same thing after i got the new spybot s@d. YOU know what im talkin' about. Close it down.

Grab a 16 lb sledgehammer and fix the problem.

Why does spybot have this to say about it in the startup info if it's legit?

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: Shell32.exe

Description
Added by the _BADSECTOR_ TROJAN!

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: ray.exe

Description
Homepage hijacker re-directing browsers to adult content websites

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: Tray.exe

Description
Homepage hijacker re-directing browsers to adult content websites

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: wmedia16.exe

Description
Added by the _GOLDUN_ TROJAN!

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: Open32.exe

Description
Added by the _SMALL-DL_ TROJAN!

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: Explorer.exe sound_drive16.exe

Description
Added by the _GP_ TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: Explorer.exe, msmsgs.exe

Description
Added by the _ZLOB_ TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: Explorer.exe [path] svchost.exe

Description
Added by the _DOYORG_ TROJAN! Note - this is not the legitimate _svchost.exe_ process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Winnt or Windows folder

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: explorer.exe

Description
Added by the _KAKKEYS_ TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: iexplore.exe

Description
Added by the _KIPIS-U_ TROJAN! Note - this is not the legitimate Internet Explorer _iexplore.exe_ process which is always located in the Program Files\Internet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a "Microsoft" subfolder

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: ibm0000*.exe [* = digit]

Description
Added by the _TORPIG-C_ and _TORPIG-J_ TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: taskmrg.exe

Description
Added by the _BANCBAN-FT_ TROJAN!

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: Explorer.exe winupdate.exe

Description
Added by the _AGENT-FD_ TROJAN!

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: ibm[RANDOM 5 DIGIT NUMBER].exe

Description
Added by the _ANSERIN_ TROJAN!

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: svchost.exe

Description
Added by the _GOLDSPY-B_ TROJAN! Note - this is not the legitimate _svchost.exe_ process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder

Source: Paul Collins Startup list
____________________

Current filename: Explorer.exe

Database status: Not required - virus, spyware, malware or other resource hog
Value: Shell
Filename: ibm00001.dll

Description
Added by the _TORPIG-Q_ TROJAN!

Source: Paul Collins Startup list
____________________



My guess was that a trojan had attached itself to my copy of Explorer.exe. And much to the programmers delight I cannot close it while I'm using the shell. It will have to be fixed in DOS... I have ran Hijackthis and Sysclean but haven't found anything. As well I have checked with Avast and Bitdefender to no avail. Spybot is the only one that finds this process to be a problem. What do you think?

Shmaley:

The information on startup entries only reflects possibilities of what an entry by that name may be. There is no actual analysis of the startup entry (other than the name) nor of the program it points to.

In the case you are observing all possible entries for "SHELL" in the Startup.tnfo file which is derived from Paul Collins Startup list.

Each of the entries you cited indicate:


Current filename: Explorer.exe
If the "Current filename" matched a "Filename" in any of the various descriptions that you cited, that could indicate a possible problem.

However:


Current filename: Explorer.exe
Does not match:


Filename: Shell32.exe
__________


Current filename: Explorer.exe
Does not match:


Filename: ray.exe
__________



Current filename: Explorer.exe
Does not match:


Filename: Tray.exe
__________

Etc.

The real question is, why won't the program delete that startup entry. My guess is that there is a gremlin (a hiccup, a problem..) in the new SPYBOT SEARCH AND DESTROY. Mark my words Bro. this will be it.

RODOT:

Unlike most startup entries that are in a registry entry, on Windows 9X systems that particular entry is a line in a file. In order for that entry to be deleted the file has to be edited.

Besides that particular entry should not be deleted. If Spybot was able to delete the entry, Windows would no long function properly. In Windows 9X systems the entry Shell=explorer.exe is the interactive graphical user interface shell i.e. the Windows taskbar and desktop environment.