Avast WEBforum
Other => Viruses and worms => Topic started by: keltika on November 16, 2013, 12:43:40 PM
-
This is a similar situation to many posts. Windows 7 64bit boots to the Windows logo and hangs. Safe Mode boots up to aswRvrt.sys and then hangs. I am unable to create a USB bootdisk because the Windows 7 64bit RC link (in the calcuttaman thread) gives me a 404 error at Dropbox. Consequently I can't provide a FRST.txt file.
If essexboy is available to help me (since he seems to be magic at this issue), I would be very happy.
Additional info: I've used avast with no issues for many years. It did detect a Flufferminer trojan yesterday. The bootscan found some infected Windows Defender file, which I deleted. Also (not sure whether this was before or after), Windows installed some updates yesterday. Booting was fine after all these. My PC did not shut down properly yesterday, since the power went out. I only started it up again this morning, at which point I was met with my current predicament.
Thank you.
-
Hi there I will PM the link for the win7 64bit ISO. I cannot use a public link as it exceeds my download limit and I lose the download folder for 24 hours
Once the USB has been created could you attach the FRST log
-
Thank you. It will take a while because my internet connection is woefully slow this time of day.
-
Okay, I created the USB bootdisk. It showed the screen stating that Windows is loading files, then moved on to a black screen with "Microsoft Corporation" and a bar above it with some green lines moving across it. No further progress is made.
-
So the recovery console is not loading at all .. We can use another programme to access the hard drive and see if the problem is related to the registry
Download Peazip (http://peazip.googlecode.com/files/peazip-4.7.3.WINDOWS.exe) to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly
(https://dl.dropbox.com/u/73555776/peazip.jpg)
Download the following files to the desktop .. Right click the links and select save as...then select desktop
Rufus (http://rufus.akeo.ie/downloads/rufus_v1.3.2.exe)
OTLPE_standard (http://oldtimer.geekstogo.com/OTLPEStd.exe)
Right click OTLPE on your desktop and select ..Open as archive
(https://dl.dropbox.com/u/73555776/Unzup%20archive.png)
Select OTLPE standard
(https://dl.dropbox.com/u/73555776/select%20archive.PNG)
Click Extract, ensure that desktop is selected
(https://dl.dropbox.com/u/73555776/extract%20archive.PNG)
Insert the USB stick Then run Rufus
(https://dl.dropbox.com/u/73555776/rufus.JPG)
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
(https://dl.dropbox.com/u/73555776/RufusISO.JPG)
Once the USB has burnt then
- Download Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to the flash drive.
- Reboot your system using the boot USB you just created.
Note : If you do not know how to set your computer to boot from USB follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
- Your system should now display a Reatogo desktop.
- Locate the flash drive and run FSRT
- The tool will start to run.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FRST2.gif)
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
Is there someplace else to get OTLPE? I've tried and tried to download it and it stops every time. The best I've managed is a pathetic 3MB. Usually I don't even make it to 1 ...
-
Not really, are you able to access the command prompt ? If so we could run a chkdsk from there
-
I can't access anything. With any form of Safe Mode booting, I get to aswRvrt.sys and then it hangs. Attempting to boot using your USB drive or the Windows 7 installation disc leads to the black screen with the progress bar and tirelessly moving green lines.
Is it possible that my HDD is dead? I'm clinging to the hope that it's alive but just "locked away", due to the fact that Windows does load a couple of files before it hangs.
-
I would suspect some form of HDD problem, either an MFT problem or a corrupted registry
Unfortunately the only way I could tell is if I can see a log. As it stands OTLPE is probably the only one that will work
-
It turns out the internet turns into the autobahn in the wee hours of the morning in my country and I seemed to be the only one screaming down it. So I managed to download OTLPE in less time it took me to get Peazip yesterday. Alas, my euphoria was shortlived. Booting from this newly created USB disk resulted in a black screen with a blinking cursor in the top left corner (just after selecting the boot from USB option). Nothing changed for at least 20 minutes. The USB drive's light remain on and unflickering.
Then I tried something else. I made an Ubuntu USB boot drive and managed to successfully boot with that. I know absolutely nothing about Linux, but I was able to access my HDD and copy some important data to a flashdrive.
Is it possible to do something with Ubuntu to remedy my situation?
-
Just checking out the ability of a Linux distro setting windows to run chkdsk as I believe this will solve the problem.. Back in a bit
-
That was quick
http://ubuntuforums.org/showthread.php?t=1907603
Sorry to hear about your problem. I was unclear whether you had windows and ubuntu file systems to check or just windows ones?
Both can be checked from the terminal on the live CD - boot it up and open gparted (on the desktop) to work out what each of the partitions you want to scan are - and what file system they are, for example /dev/sda1 - ntfs, /dev/sda2 - ext4
then open a terminal by pressing ctrl+alt+t
For scanning NTFS (Windows)
sudo apt-get install ntfsprogs
sudo ntfsfix /dev/sdaX - set X as the number of the Windows (NTFS) partition in gparted
Hope it helps
-
Okay. Gparted results:
/dev/sda1 ntfs System Reserved 100 MiB
/dev/sda2 red ! ntfs 931.41 GiB
unallocated unallocated 1.71 MiB
sudo apt-get install ntfsprogs
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package ntfsprogs is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or is only available from another source
However the following packages replace it:
ntfs-3g ntfs-3g:i386
E: Package 'ntfsprogs' has no installation candidate
sudo ntfsfix /dev/sda2
Mounting volume... OK
Processing of SMFT and SMFTMirr completed successfully.
NTFS volume version is 3.1.
NTFS partition /dev/sda2 was processed successfully.
I am running Ubuntu in Try mode from the USB drive.
-
That should now force a chkdsk run on windows reboot, could you try that now
-
Rebooting takes me to the screen with the options to Repair or Start Normally. Repair goes the black screen with the bar and green lines. Normal goes the splash screen. Both hang.
I have additional information from Gparted, relating to the red exclamation mark:
Warning:
ntfsresize v2012.1.15AR.1 (libntfs-3g)
Device name :/dev/sda2
NTFS volume version 3.1
Cluster size :4096 bytes
Current volume size: 1000097182208 bytes (1000098 MB)
Current device size: 1000097185792 bytes (1000098 MB)
Checking filesystem consistency...
Accounting clusters...
Cluster accounting failed at 23051869 (0x15fbe5d): missing cluster in $Bitmap
Filesystem check failed! Totally 1 cluster accounting mismatches.
ERROR: NTFS is inconsistent. Run chkdsk /f on Windows then reboot it TWICE!
The usage of the /f paramter is very IMPORTANT! No modification was and will be made to NTFS by this software until it gets repaired.
Unable to read the contents of this file system!
Because of this some operations may be unavailable.
The cause might be a missing software package.
The following list of software packages is required for ntfs file system support: ntfsprogs.
-
Confirms the hard drive problem
It appears from my reading that you are in a catch 22 situation, Ubuntu will not attempt a repair until a chkdsk is run. Chkdsk will not run until it is repaired.
I would suggest that you back up all data using Ubuntu and then re-install windows
-
Okay. But how? My Windows 7 dvd won't boot. How do I reinstall? The only thing I've been able to get to work is Ubuntu.
-
After you have backed up the data then use Gparted to reformat the drive, this will then cure the HDD problems
-
Okay. Thank you for all your help. I appreciate the effort :)
-
Sorry I could not help resolve it.. I feel if we were able to run Chkdsk then that would have cured it
-
essexboy:
forum won't let me send personal messages, assuming because my account is new. Can you PM me a link to the win7 64bit ISO? I tried using my Windows 7 DVD and a flash drive to run FRST and am just failing miserably.
-
When you use the windows DVD that you have what errors do you get, as the ISO contains part of the windows DVD
-
When you use the windows DVD that you have what errors do you get, as the ISO contains part of the windows DVD
I don't get any errors, I just can't see the flash drive after booting from the DVD. I'm guess its not getting mounted. Figure this wouldn't be a problem if I could just boot from the flash drive with the ISO.
-
OK so the DVD gets you to the recovery console
But the USB is not detected is that correct
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
(https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif)
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
OK so the DVD gets you to the recovery console
But the USB is not detected is that correct
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
Right, when I look in notepad, the flash drive is not there. The only drives available are C - the OS harddrive, D - the Windows 7 DVD and X - the repair partition. I can't run FRST on the flash drive because I can't access it. If I could boot from the flash drive instead of the DVD, I'm sure I'd be able to see it then but I can't find the Win 7 ISO to make the USB drive bootable
-
Ah OK check your PM in a minute
Download Rufus (http://rufus.akeo.ie/downloads/rufus_v1.3.2.exe) to your desktop
Insert the USB stick Then run Rufus
(https://dl.dropbox.com/u/73555776/rufus.JPG)
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
(https://dl.dropbox.com/u/73555776/RufusISO.JPG)
Then copy FRST to the same USB
(http://dl.dropbox.com/u/73555776/frstwintoboot.JPG)
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here (http://lifehacker.com/5991848/how-to-boot-from-a-cd-or-usb-drive-on-any-pc)
-
So when I boot from the USB drive, the ISO creates a boot drive under drive letter X. I'm assuming it's a RAM disk that the Windows repair console runs in because I can pull the flash drive and I can continue to access the files. The USB drive is not actually mounted. I can run FRST from a DVD but then there's no way to get the FRST.TXT file off of the computer because it won't boot. This process is extremely frustrating. I can't figure out a way to mount a drive from the repair console. Does the repair console even load the proper drivers to mount a USB drive?
-
So even booting from the USB and windows does not recognise it .. That seems a bit weird as all the required drivers are loaded
The X drive is now part of your hard drive as an additional partition
Could you run the following command from the recovery console
chkdsk c: /r
If that fails I will investigate a Linux programme that we may be able to use
-
When looking for a solution to the same issue the first search hit was this one. I came across a very similar issue to the one described here, but my conclusion is that it's actually some kind of incompatibility affecting or caused by Avast free version. My first suspicion had to do with an Epson scanner twin driver, which now seems to have been a pure coincidence.
Tracking messages in logs the following can be noticed:
- an Avast service doesn't respond and lead to a timeout
- an effect is that the service TaskScheduler stops
- after this a number of other services malfunction
- for some reason this also leads to an atapi controller error which normally indicates a hardware problem
I've removed Avast and run several diagnostic tools to determine if there's cause to suspect hardware problems, in this case a Samsung F1 sata-disk, but the outcome is so far very clear: no hardware issues detected. I've also plugged in the Epson scanner to make sure it's not the culprit.
With Avast removed the precious errors don't affect the system.
Unfortunately I've not time enough to give further help in tracking down the real cause of why Avast service is malfunctioning and how a timeout can lead to such severe problems.
-
i had this problem too, after check the file aswrvrt.sys i noticed that the file size was 0 (zero) bytes. after reinstall avast, the file size was 64,2 KB and windows started normaly.