How to list Explorer extensions and disable them?

67,933

Solution 1

My personal favorite is Autoruns from Sysinternals (Microsoft). It goes well beyond just shell extensions and covers tons of areas where third party code can run.

Assuming you've done a virus scan and it didn't catch it, you might want to watch this excellent video from Mark Russinovich on advanced malware cleaning techniques.

Solution 2

ShellMenuView is a small utility that display the list of static menu items that appeared in the context menu when you right-click a file/folder on Windows Explorer, and allows you to easily disable unwanted menu items

Shell Extensions are in-process COM objects which extends the abilities of Windows operating system. Most shell extensions are automatically installed by the operating system, but there are also many other applications that install additional shell extension components. For example: If you install WinZip on your computer, you'll see a special WinZip menu when you right-click on a Zip file. This menu is created by adding a shell extension to the system.

The ShellExView utility displays the details of shell extensions installed on your computer, and allows you to easily disable and enable each shell extension.

Solution 3

CCleaner also has a feature to clean up the context menu.

It's found under Tools -> Startup -> Context Menu

Solution 4

Check this location in the registry and see if there is a sub-key called 'Blocked'. I found my sharing tabs disappeared because the CLSID was located there:

\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

I suppose if you want to block a shell extension, that's a good place to do it since it's pretty darned effective and pretty unknown it seems. Only one of my machines had that sub-key and I had never heard of it before.

Solution 5

Get Process Explorer.
Use Process Explorer to suspend any suspect processes to stop them from writing to registery.
Get Auto Runs.
Use the Autoruns to look at everything that gets loaded at start up, into Explorer and Internet Explorer and shut down any suspect services (non-Microsoft).
Find Google Updater, Adobe Updater and Flash Utils processes and rename and stop them from running.

View more solutions

67,933

Timwi

Updated on September 18, 2022

Comments

Timwi almost 2 years

I have reason to believe that I may have malware on my system in the form of an Explorer extension. I suspect this because Procmon shows that Explorer.exe keeps re-writing a certain Registry key that is intended to run a certain EXE at startup.

How do I find out what Explorer extensions are installed, and how do I remove them?
Josh about 13 years

Suspend the process instead of killing it. It keeps malware "buddies" from restarting each other.
Zero3 over 8 years

Interestingly, these tools finds a lot of things that Autoruns doesn't...
Morten Jensen almost 8 years

+1 for an Excellent free tool for doing this. Found and removed an unwanted context menu item (in the right-click menu) that I couldn't find using ShellMenuView and ShellExView.