Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: gideond on February 23, 2010, 12:47:39 AM
-
I have a customer using Avast 4.8 Free. She's run into the problem back in December with the major bad definition update. Her computer ran though a lot of files and moved them to the chest. Evidently she's had many issues ever since then but has been able to use the PC regardless. She just now restarted the PC and I guess Avast moved the files that could not be moved while Windows was running. Now she is unable to get back into Windows normal or safe modes. I'm guessing major system files have been moved. She's getting BSOD every time. I wondering if there is a way to restore the vault files from quarantine without having access to Windows? Any help is appreciated.
-
The problem is that the chest stores files in an encrypted form and the file name is also changed, so it would be almost impossible to really identify what file name it was or where it would be located even if you were able to access the physical chest location on the hard disk. Even then the file is encrypted and I don't know if you would be able to encrypt it.
So the only real hope I would say it trying to find out what the BSOD is all about, e.g. full information on the stop error number and any other relevant info it lists, something is has like a title usually in capitals.
-
Yeah that's what I was afraid of. I expected that bad definition to cause me issues with a few customers but I wasn't expecting it this far after the fact. I might just have to do a repair install of Windows. That'll probably be easier than trying to sort out all the files that are missing.
-
If it didn't happen at the time of the FPs on that particular incident, then I highly doubt it is related, especially if it would have caused a BSOD. That would be almost immediate if a file was moved was required on boot.
So the only thing is to post as much info on the BSOD screen as I mentioned, or do a google search on the stop error number and file name that happens to have been mentioned in the info and any title.
Whilst it might be quicker to try a repair install of Windows, you would have to visit windows update as some file used in the repair install may have been the subject of a security update.
On the matter of security updates, there has been on on the last patch Tuesday, replacing some kernel files that has resulted in BSODs, KB977165 http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx (http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx).
I believe this was stated to be caused if the users system had a rootkit infection that effected one of the files to be replaced and that resulted in a BSOD.
-
Thanks for the info. These people are chronic when it comes to getting virus infections. One of the worse cases I've ever seen. It's quite possible that a rootkit could be the culprit. I'll be picking up the PC today and see what I can find out. I may recommend a complete reinstall to them. They've had 3 other techs before me unable to fix all the problems, so they say. I might be kicking a dead horse to try repairing it anyway.
-
See http://isc.sans.org/diary.html?storyid=8266 (http://isc.sans.org/diary.html?storyid=8266).
If you were infected with the TDL3/TDSS/tidserv AKA Alureon rootkit and applied the patch, then you would get the BSOD as the patch changed some pointers and the malware now tried to execute an invalid instruction.
-
Thanks for the reference Gopher John, I couldn't find it in a hurry.