Avast WEBforum
Other => General Topics => Topic started by: warriorclassb on December 24, 2007, 02:45:51 AM
-
It says it has to restart my OS every time I start it up. What is going on? I recently caught something called "Gebyy.exe" and "Qrmodule" or something to that extent, if that would be relevant. I am running Windows Xp and have never had problems up until just now.
-
Are you saying this is an avast request to reboot ?
If Operating system restart needed by avast message - First check the contents of the C:\Program Files\Alwil Software\Avast4\Setup\setup.log file, which should show you why it thinks the reboot is needed.
This may be solved, in some systems, by deleting the file C:\Program Files\Alwil Software\Avast4\Setup\reboot.txt
If that doesn't resolve it check this:
You can also check this registry entry (right after computer restart):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager, if it contains "PendingFileRenameOpertaions".
Check its contents and if there's only "reboot.txt" from avast4\setup folder, delete PendingFileRenameOperations, don't delete any other key.
Back-up (export) the registry key before you edit/delete, just in case.
-
Sorry about the huge delay in answering but your methods did not solve my problems. What the problem was, was something like TBhot *Troj*. Something to that extent. It creates/created a file called gebby.dll. That infected about half of my start up services, and 1/3 of my start up programs, including avast. So avast needed to restart because it was never loading properly.
-
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
Also, follow the instructions here: http://forum.avast.com/index.php?topic=32337.msg270377#msg270377
Also if you do have vundo / virtumonde, after you delete it with combofix be sure to update your sun java because, most probably, that is what allowed the infection in the first place.
-
I am almost 100% sure you got infected with exactly the same thing like my desktop PC was. See this thread:
http://forum.avast.com/index.php?topic=32297.msg269903#msg269903 (http://forum.avast.com/index.php?topic=32297.msg269903#msg269903)
In your first post you mentioned: "Gebyy.exe" and then in your second post you said: "gebby.dll". I think that the right name is Gebyw.exe and it is located in C:\Windows\System32\ subfolder.
Nasty infection... I simply backed up my working folders (separate partition), reinstalled Windows from the scratch and restored my data.
-
It depends on the variant. But combofix will show which and in the great majority of cases is recoverable