aswrvrt.sys problem

Hi. I have the well known issue. Win 7 64bit, blue screen during Avast IS instal. No problem with command prompt access.

My frst.txt log attached.

What’s the next move?

What is/was your issue with your install of Avast IS? Was your install a clean install or an upgrade? Is this still giving you a problem or is this resolved?

Is the problem you are having now since your install of AIS? If not, when did it start and can you give us more information as to what is happening?

You may also want to read the following post: http://forum.avast.com/index.php?topic=53253.0, and run an MBAM log and post your results in your next post. If anything positive comes up, follow the instructions in the post, then run the OTL log and also post that as well. Thank you.

It was clean install AvastIS. I’ve used to work with Kaspersky IS earlier. During the Avast install blue screen appears. After rebooting i can’t start install Avast IS again. There was error while extracting files. I’ve tried to uninstall all Avast programs, but there wasn’t anything on my programm list. Then I’ve tried to delete Avast folder manually (in c:\Program Files) but there was problem with permissions. I did this on my administrator account so i was suprised that i can’t do this. Then I tried to start win7 in safe mode and fix that(with setup repair option) and then the real problems begins. Now booting ends each time on system recovery console. When i choose language and start, after a few seconds it shows error and in details there is something about - aswrvrt.sys is corrupt. Everything else is finished successfully. I’ve options: shut down, reboot, send info about, error.

In Command Prompt i’ve opened notepad.exe and through file-> open… i’ve copied my desktop files on second partition and do the instructions from other topic:

[i]"Please download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC. Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

In the command window type in notepad and press Enter.
When notepad opens, click File and select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run. When the tool opens click Yes to disclaimer.
Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach it to your reply."[/i]

Sorry for my english, i hope it is clear enough.
I’m currently at work so i wrote this as i remember it was.

Hi, you did perfectly.

You Attached FRST which is what the removers need to help. I have notified someone to come help you.

I’ll delete Avast so we’ll see whether it solved the problem.

Download the attached fixlist.txt to the same location as FRST
Run FRST as before and press fix
Once completed retry normal windows .

Ok. Windows starts but keyboard and touchpad doesn’t work. Usb mouse works fine.
Device manager shows problem with keyboards and mouse. Update driver, uninstall and install again doesn’t help.
Maybe i should install avast IS again or only system recovery tools left?

Mbam found a few trojans, but no rootkit. My notebook: Asus G60jx if this help somehow.

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

files attached

I see no present or active malware.

Mbam found a few trojans, but no rootkit.

Attach here mbam log.

mbam log attached

It’s just adware.

Completely uninstall Avast by this instruction

http://www.avast.com/uninstall-utility

You must reinstall drivers.

http://support.asus.com/Download.aspx?SLanguage=en&m=g60jx&p=3&os=30

To uninstall the driver using this application (safe mode).

http://www.techspot.com/downloads/4266-driver-sweeper.html

ok keyboard and mouse works fine now without reinstalling drivers. Avast uninstall utility helps. All devices in Device Manager looks fine.

Can I install avast IS now or is it better not to take the risk?

You can install avast.
I’ll be me online.

Everything looks fine now. This time Avast IS has been installed successfully! Thank you for help! :slight_smile:

Great :slight_smile:

The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Trojan.Ransom, C:\Users\gring0s\AppData\Local\Temp\1756072.exe, Dodano do kwarantanny, [42be24dcfa0606fafb83a613e0207f81],

Temp folder, means that clicked on the link, malware is not active.