Author Topic: Avast has borked my machine  (Read 15582 times)

0 Members and 1 Guest are viewing this topic.

Offline sglinert

  • Jr. Member
  • **
  • Posts: 27
Re: Avast has borked my machine
« Reply #45 on: January 06, 2014, 09:07:38 PM »
For very obvious reasons, I am reluctant to do that. I am going to find a partition manager first and see if it can even see the \??\ folder/partition or whatever it is. After that, I will copy everything over to a new drive and discard the Avasted one.

Needless to say, Avast is being removed from the other ten computers here. At least when Microsoft AV crashes, it blue screens, so it's easy to fix.

Offline AdrianH

  • Advanced Poster
  • **
  • Posts: 854
Re: Avast has borked my machine
« Reply #46 on: January 06, 2014, 09:19:51 PM »
Try using Knoppix  http://knoppix.net/  it makes a good rescue system.   
Win8.1 Pro 64Bit  : KIS2014 : CryptoPrevent : Privazer:

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Avast has borked my machine
« Reply #47 on: January 06, 2014, 09:19:56 PM »
These are dated 1/1/14; that is, after the problem surfaced. Should I swap them anyway?

But I thought you said you restored files that were after the issue ?  If so, and a manual restore could fix it I would assume those files are corrupted too ?
http://community.spiceworks.com/how_to/show/214-perform-a-system-restore-manually-when-windows-is-not-bootable


It's clearly not a registry problem.

.....Agreed...........so if this is a O/S corruption issue why play with physical partitions just yet ?
I would sure try..........
1) System File Check SFC /scannow   ......this can repair O/S issue.
http://pcsupport.about.com/od/toolsofthetrade/ht/sfc-scannow.htm
2) A "Repair" install...........this is NOT, I repeat not, a format HDD with clean install of Windows.
http://www.michaelstevenstech.com/XPrepairinstall.htm

.....lastly reading thru the thread it sounded like chkdsk or some other function was thrashing the HDD.....however, you don't know what it was.  Thus, if you can get to the command prompt perhaps try chkdsk c: /f and see if it fixes......you can always run without the /f to see the issues first.  Be sure to run in the root directory.

« Last Edit: January 06, 2014, 09:57:38 PM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Avast has borked my machine
« Reply #48 on: January 06, 2014, 09:36:52 PM »
Try using Knoppix  http://knoppix.net/  it makes a good rescue system.   

Since Knoppix is read only to the file system you may want to use BartPE.
http://en.softonic.com/s/bartpe-windows-xp
YouTube How-To: http://www.youtube.com/watch?v=wwpy55mb-nk
Here is how to run System Restore from BartPE
http://www.ehow.com/how_6158243_run-system-restore-bartpe.html

Another good recovery CD is UBCD: http://www.ubcd4win.com/

Also, for gurus on O/S & Recovery side of world there is a lot of Forums but here is ElderGeek.....good guys there.
http://www.theeldergeek.com/forum/index.php?s=29593ad23c269c5a992118c426f6cc1c&showforum=2
« Last Edit: January 06, 2014, 09:59:20 PM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline essexboy

  • Malware removal instructor
  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Avast has borked my machine
« Reply #49 on: January 06, 2014, 10:47:23 PM »
You need to bear in mind that windows reports the last successfully loaded driver and not the one causing the problem

Offline Dagon

  • Newbie
  • *
  • Posts: 1
Re: Avast has borked my machine
« Reply #50 on: January 06, 2014, 10:52:13 PM »
Hello,

Follow this guide (If you cannot  Boot the computer) and attach FRST.txt log http://forum.avast.com/index.php?topic=53253.0
Actually it is an Avast issue updated and the same thing happened to my system. So I went into safe mode and unistalled Avast and the system works fine.

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Avast has borked my machine
« Reply #51 on: January 06, 2014, 11:26:47 PM »
You need to bear in mind that windows reports the last successfully loaded driver and not the one causing the problem

Question to you the expert (you)......there are SO many posts on during boot a lock with last driver shown as asw*****.**** and many folks with your guidance use FRST with the TXT file to delete Avast.....then system runs fine.  To me this begs the question......what "Vast" driver is after these that is locking the boots or is the driver shown truly "completed" or possible it is but not released to next ?  I've been reading this V9/2014 Forum for months now.....completely paranoid to try Avast V9......and over 90% of the solutions are to do a clean uninstall and re-install.  I know for every poster of BSOD or lock that there is 1000 folks doing fine but with such a high percent of the postings pointing to some corrupt install (GUI, etc.) I just wanted to run by for your thoughts ?
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline sglinert

  • Jr. Member
  • **
  • Posts: 27
Re: Avast has borked my machine
« Reply #52 on: January 07, 2014, 12:33:48 PM »
Let me summarize the problem, because I don't think everyone understands what happens...and what I have done to fix it.

The system, in both Safe and Normal mode, loads part of the way, then starts thrashing the hard drive.

I loaded to a Bootlog system.
When I inspect the Bootlog file, the system loads normally in both modes until it encounters the following commands, after which it stops loading drivers, then it loads a driver, then it stops loading drivers, ad nauseum in a loop:

Loaded driver aswVmm.sys
Loaded driver aswRvrt.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys

Avast has been uninstalled and the default Windows registry files were copied from the Repair folder. I also did a manual search for all ASW files and there are none remaining on the drive.

Therefore, it's clearly not a registry problem, as the system does the same thing when a fresh registry is installed.

ChkDsk has been run, repairs have been run from the original Windows CD, the system has been restored to four different backup points, and the same drivers still try to load.

I am baffled as to exactly where these loading instructions are coming from. A fresh registry from the initial Windows installation should not allow this to happen. What other file(s) instruct Windows as to which drivers should be loaded? And why should these drivers be loading during Safe Mode at all?






Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Avast has borked my machine
« Reply #53 on: January 07, 2014, 04:42:58 PM »
Let me summarize the problem, because I don't think everyone understands what happens...and what I have done to fix it.

The system, in both Safe and Normal mode, loads part of the way, then starts thrashing the hard drive.

I loaded to a Bootlog system.
When I inspect the Bootlog file, the system loads normally in both modes until it encounters the following commands, after which it stops loading drivers, then it loads a driver, then it stops loading drivers, ad nauseum in a loop:

Loaded driver aswVmm.sys
Loaded driver aswRvrt.sys

Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys

Avast has been uninstalled and the default Windows registry files were copied from the Repair folder. I also did a manual search for all ASW files and there are none remaining on the drive.

Therefore, it's clearly not a registry problem, as the system does the same thing when a fresh registry is installed.

ChkDsk has been run, repairs have been run from the original Windows CD, the system has been restored to four different backup points, and the same drivers still try to load.

I am baffled as to exactly where these loading instructions are coming from. A fresh registry from the initial Windows installation should not allow this to happen. What other file(s) instruct Windows as to which drivers should be loaded? And why should these drivers be loading during Safe Mode at all?

OK....so clearly Avast is still trying to "load" something and there are remnants of the install.  How & What did you use to uninstall if you can't boot to Safe Mode or Windows ?

I think the next steps should be for Essexboy to step you thru using FRST.  He'll show you how to create bootable USB or CD with it and he can blow away all remainders of Avast.  Also, just reaching for items but in http://forum.avast.com/index.php?topic=144233.0 the guy mentions "to get a reboot I renamed the file aswSP.sys (eg to aswSP.sys.bak) that is in the folder windows/system32/drivers". 
Seems you can get to command prompt somehow since you said you have looked for Avast files ?  If so, check for this one.

Also, hopefully Essexboy will chime in on FRST but looking at one of his "example" FRST logs here are some other locations of Avast files he was getting rid of in FRST.  I only post them for you to see the path to look for..........if you find any I would rename, with .bak, not delete.
Note, you can see the drivers below you outline in your boot log......
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\Drivers\aswFsBlk.sys
C:\Windows\system32\drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswrdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys

...............for the below statement from..........
Loaded driver \??\C:\WINDOWS\system32\drivers\aswFW.sys
..........obviously look for the aswFW.sys as well.
FYI, you mention about "partition" but I'm only guessing that Avast uses a "hidden/virtual" partition to accomplish things.
Obviously, I am not expert nor have any official insight on how/what Avast does but just a guess on why you see the \??\.
« Last Edit: January 07, 2014, 05:18:06 PM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To

Offline sglinert

  • Jr. Member
  • **
  • Posts: 27
Re: Avast has borked my machine
« Reply #54 on: January 07, 2014, 06:36:43 PM »
I have already made a bootable USB as described, ran FRST, uninstalled Avast via a FIX file, the Avast Cleanup Tool, manual scrubbing of the System32 folder, and disable registry entry commands made via the Recovery Console. There should be no trace of Avast left, and yet, there apparently are still drivers somewhere that I cannot find.

So yes, I can boot from the USB drive and do things from there, such as copy and paste registries. But as I stated above, copying a brand-new default registry and pasting it into the \system\config folder does not fix the problem.




Offline sglinert

  • Jr. Member
  • **
  • Posts: 27
Re: Avast has borked my machine
« Reply #55 on: January 07, 2014, 08:09:42 PM »
I am reinstalling Windows. Thanks anyway.

Offline thekochs

  • Speak Your Mind, Who minds don't matter, Who matters won't mind
  • Advanced Poster
  • **
  • Posts: 1115
  • Hapkido Blackbelt
Re: Avast has borked my machine
« Reply #56 on: January 07, 2014, 10:12:09 PM »
I am reinstalling Windows. Thanks anyway.

Why not try System File Check SFC /scannow to repair O/S first ? http://pcsupport.about.com/od/toolsofthetrade/ht/sfc-scannow.htm

Then if this does not work do a "Repair" install...........which is not the same as formatting HDD with clean install of Windows. http://www.michaelstevenstech.com/XPrepairinstall.htm

Either way....let me know how it goes........
« Last Edit: January 07, 2014, 10:31:24 PM by thekochs »
OpenDNS + Avast Free + MBAM Premium + MBAE Free Anti-Exploit + CryptoPrevent + Windows Firewall
Avast FAQ Videos
Avast 2016 Videos
Avast Clean Un/Re-Install How-To