Avast found multiple viruses, Windows will no longer start

Since I can’t access my files (Only goes to black screen after “Starting Windows” and I get a bluescreen with an error message when I try Safe Mode) I can’t access the specific names of the viruses/malware that avast! found. I googled them, and I’m pretty sure these are all of them:

  • Win32:Sirefef-HO in “C:\Windows\assembly\GAC_32\Desktop.ini”
  • Win32:Sirefef-FQ[Drp]
  • win32:malware-gen

(There may have been another one, keep in mind this is all from memory)

After using avast! to try and delete these, one or two of the 9 found said the file could not be found or something. I don’t know. I scanned again and no threats were found, but after I restarted my computer, that’s when windows wouldn’t start and these issues began happening. I’ve tried using a system restore point from Dec 25, but system restore is unsuccessful every time.

Help please?

Was one of the files consrv.dll ?

Do you have access to a cd burner and USB stick

oh right, yes consrv.dll was one of them, and yes i have access to both.

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing

[*]Download the attached scan.txt and save to a USB drive
[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :slight_smile:
[*]Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy [*]Double-click on the OTLPE icon.[*]Select the Windows folder of the infected drive if it asks for a location
[*]When asked “Do you wish to load the remote registry”, select Yes[*]When asked “Do you wish to load remote user profile(s) for scanning”, select Yes
[*]Ensure the box “Automatically Load All Remaining Users” is checked and press OK
[*]OTL should now start
[*]Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system
[*]Right click the file and select send to : select the USB drive.
[*]Confirm that it has copied to the USB drive by selecting it
[*]You can backup any files that you wish from this OS
[*]Please post the contents of the C:\OTL.txt file in your reply.

after reatogo finishes loading and I see the windows XP logo, i get a bluescreen error :S

Maybe overinstall Windows. Maybe run sfc /scannow.

Unfortunately I don’t have my Windows 7 disc at home, if that’s what you mean, and I don’t know what sfc /scannow is

could I be getting the bluescreen error because I’m using a CD-RW?

after reatogo finishes loading and I see the windows XP logo, i get a bluescreen error :S

Can you boot into WIN XP safe mode?

When I boot from the CD, I don’t have any option to boot into safe mode.

Don’t boot from the WIN XP installation CD.

As WIN XP starts up, tap the F8 key. A black sceen will eventually appear with boot options on it. Select Safe mode without networking. XP will then proceed to boot into Safe mode.

When your desktop appears, see if you can do a full Avast virus scan.

… as my first post stated, I can’t access any of my files from Windows 7 (which i forgot to mention is the OS I’m running on) or in safe mode. essexboy told me to burn Reatogo onto a cd and boot from that cd, but that’s where i get the rror code (I guess it uses some Windows XP build or something, I don’t know).

But yeah I’m not using a windows XP disc.

essexboy told me to burn Reatogo onto a cd and boot from that cd, but that's where i get the rror code

OK. I can’t help you with the Reatogo CD boot issue since I am not familiar with it. You will have to wait until Essexboy replies.

When it blue screend did it state why or give an error code ?