Author Topic: Avast4 Pro blew up Win2k: now how do I get it back from nonbooting to just poor?  (Read 3909 times)

0 Members and 1 Guest are viewing this topic.

cerbie

  • Guest
As standard procedure for a PC that was randomly rebooting and generally dogged, I ran the boot-time scan, and only deleted what was obviously crap, and executable. However, I did move some other things to the chest.

Well, now it reboots just before logon (the blank blue comes up after the video driver loads, then it goes). How can I, from another PC (if Avast! is needed, it's there, too), get files out of the chest and back to where they came (note that I don't necessarily know the full path, if they are easy to get out), so as to begin a more manual malware removal process?

If it helps to find the file causing problems in general, too (though slightly OT), there's something with "system" then "logon", in braces, and "error" somewhere in there (since it reboots immediately, I haven't grapsed the whole thing).

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Are you able to boot into safe mode, keep tapping F8 as you boot. From their start avast and open the chest and see what is there and you can restore anything you feel should be restored. Exercise care don't just restore everything.

Deletion isn't really a good first option (as you may have found out, you have none left), 'first do no harm' don't delete, send virus to the chest and investigate.

Have (or did) you have another AV installed in this system, if so what was it and how did you get rid of it ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

cerbie

  • Guest
Safe mode didn't work.

I only deleted obvious randomly named EXEs; but I did move some DLLs to the chest.

PCCillin (Epox mobo CD) was the first AV client, it was removed with its uninstaller. However, that was nearly two years ago, I think, and the PC was clean then.

However, if the log states the files found and actions, I aught to be able to put clean files back in, now (the PC is no longer at the client's house, where I was hoping I'd find some temporary fix), having a couple other Win2k boxes here that are quite healthy.

joeloucyn

  • Guest
If you have the Windows 2000 CD, I would suggest booting from the CD and choose repair by pressing R at the Windows 2000 Setup menu! Sounds like you moved Windows components to avast chest.

cerbie

  • Guest
Yup. Clean DLLs got it booting. It's now in "working" condition without a repair, but that option is still open. IE & FF both don't work, but it hasn't spontaneously rebooted, nor has Explorer crashed; so I'm going to see if I can save it without going through a repair + updates.

joeloucyn

  • Guest
Are you able to establish an internet connection and see if you can ping a server such as yahoo.com? And are you on router, cable or dialup (includes PPPoE)?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
As standard procedure for a PC that was randomly rebooting
Sometimes this happens due to overheat (check your fans).
Sometimes, drivers conflict, see recent thread related to that http://forum.avast.com/index.php?topic=25979.msg212325#msg212325
Sometimes, due to malware/rookit infection: http://forum.avast.com/index.php?topic=25982.msg212340#msg212340
The best things in life are free.

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89006
  • No support PMs thanks
Yup. Clean DLLs got it booting. It's now in "working" condition without a repair, but that option is still open. IE & FF both don't work, but it hasn't spontaneously rebooted, nor has Explorer crashed; so I'm going to see if I can save it without going through a repair + updates.

What errors are you getting ?
Could this be a firewall (what is it ?) blocking ashWebSv.exe, the avast Web Shield, if so this is a common reason.

You could try pausing or terminating the Web Shield and does that allow access for IE and FF ?
If so this could point to blocking.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

cerbie

  • Guest
Quote
Sometimes this happens due to overheat (check your fans).
Oh, I forgot to mention, there: services.exe crashed, so it warned and gave a timer each time. However, fans and caps (it's from that time) are in good shape.

Quote
Are you able to establish an internet connection and see if you can ping a server such as yahoo.com? And are you on router, cable or dialup (includes PPPoE)?
'net was and is fine. Router out to cable in both places, and no odd things happened just when web or other net activity occurred (I reinstalled TCP/IP just in case, though).

The culprit for non-booting I think was sfc.dll infected with Banker.bkl. Looks like a very necessary file. Oops.

Quote
What errors are you getting ?
There were and are no errors once it got booting. IE would just crash (but works fine now), and FF still won't run (but Seamonkey will). Stopping the AV has had no effect. Given that it's an aging Windows install, doubt the the FF problem is malware of any kind.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
The culprit for non-booting I think was sfc.dll infected with Banker.bkl. Looks like a very necessary file. Oops.
What did you do with the infected file? Deleted? Sent to Chest (Quarantine)?

There were and are no errors once it got booting.
I'm confused..  ::)
What can we help?
The best things in life are free.

cerbie

  • Guest
Quote
What did you do with the infected file?
I sent it to the chest. I was thinking I'd need to be able to access that to get it back out and then go cleaning from there, but I was able to eventually get a clean copy on the PC, so it would boot up. I found the boot scan log, and that gave me the info I needed.

Quote
What can we help?
Now, no help is needed! It's working again. When it wouldn't boot, I could not read the whole error, because it would just reboot. I was hopin there was a magic, "Avast! Undo all that stuff I told you to do, and from the recovery console," or a "Avast!, take the chest from this drive I plugged in, and let me get the stuff out of it and back to where it was." Once it got back to booting with a new sfc.dll, the problems that persisted were not accompanied by error messages, making them difficult to track down (IE would not fully start, it did not appear to be doing too much network activity, and other crashes and slowdowns did not appear to be correlated to any action that I was taking).

My guess now is that gunk in IE was having some issues with various applications that were trying to get to the internet for updates and other stuff (likely over http). Things that didn't seem IE-related got fixed once IE was fixed.