A virus could crash Avast and as conseguence crash windows ?

hello

Some days ago I posted here about a problem, at boot Windows XP crashes with error c000021a;
as also Safe mode don’t work, I suspect, that a virus (like bagle) crashes Avast at loading
the Avast driver, so the entire SO crashes: could be possible ?
And what is the registry key that start the Avast driver ?

yours

Alberto

avast! drivers are not loaded in safe mode, so if it doesn’t work even in safe mode, it’s not connected to avast.

Safe mode don’t work ! This is because i suspect a virus.
At this time I cannot boot the PC at all.

Alberto

Did you install any new hardware or software just prior to thus happening

The STOP 0xC000021A error occurs when either Winlogon.exe or Csrss.exe fails. When the Windows NT kernel detects that either of these processes has stopped, it stops the system and raises the STOP 0xC000021A error.

This error may have several causes. Among them are the following:
Mismatched system files have been installed.
A Service Pack installation has failed.
A backup program that is used to restore a hard disk did not correctly restore files that may have been in use.
An incompatible third-party program has been installed.

I update Avast to new releases :-[

Alberto

No one can help me ? :-[ :-[

[list]Please print these instruction out so that you know what you are doing

[*]Download OTLPEStd.exe to your desktop
[*]Download the attached scan.txt to a USB drive
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD

[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :slight_smile:

[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]Double-click on the OTLPE icon.
[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes
[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start.
[*]Double click the Custom scans and fixes box
[*]In the dialogue locate the scan.txt you have on the USB
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system.
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please attach the C:\OTL.txt file in your reply.

very very interesting !!!
As soon as possible I’ll do this

thank you

Alberto

Only a thing essexboy

As long as I can understand it is probably that the virus (is it is so)
deleted the part of the registry where Save Mode (safebootminimal).
OTLPEStd work as the same ?

yours

Alberto

No OTLPE is a standalone windows system and is not affected by anything on the main system. You will be working outside of your windows installation

Excuse me

the link to OTLPEStd.exe seems not to work
there is a alternative link ?

Alberto

Could you try this link then http://www.itxassociates.com/OT-Tools/OTLPEStd.exe

oh thanks essexboy

it works

I’ll try thank you

Alberto

very good program, is there a user manual of these applications ?

Alberto

But this CD have a sort of COMBOFIX ?

Alberto

Omonimo you need to hide your email if you dont want your account being harvested.

Nope it is entirely manual fixing.

I think there may be a reatogo manual out there somewhere http://www.reatogo.de/REATOGO.htm

thanks craigb I didn’t see that tha mail was public

but I mark as “hide” but it seems not to work, how can I hide the email ?

Alberto

Now that you have ticked it to hide only you will be able to see it, we cant.

thanks craigb