Avast Needs To Restart My OS?

General Topics
1

It says it has to restart my OS every time I start it up. What is going on? I recently caught something called “Gebyy.exe” and “Qrmodule” or something to that extent, if that would be relevant. I am running Windows Xp and have never had problems up until just now.

2

Are you saying this is an avast request to reboot ?

If Operating system restart needed by avast message - First check the contents of the C:\Program Files\Alwil Software\Avast4\Setup\setup.log file, which should show you why it thinks the reboot is needed.

This may be solved, in some systems, by deleting the file C:\Program Files\Alwil Software\Avast4\Setup\reboot.txt

If that doesn’t resolve it check this:
You can also check this registry entry (right after computer restart):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager, if it contains “PendingFileRenameOpertaions”.

Check its contents and if there’s only “reboot.txt” from avast4\setup folder, delete PendingFileRenameOperations, don’t delete any other key.
Back-up (export) the registry key before you edit/delete, just in case.

3

Sorry about the huge delay in answering but your methods did not solve my problems. What the problem was, was something like TBhot Troj. Something to that extent. It creates/created a file called gebby.dll. That infected about half of my start up services, and 1/3 of my start up programs, including avast. So avast needed to restart because it was never loading properly.

4

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

Also, follow the instructions here: http://forum.avast.com/index.php?topic=32337.msg270377#msg270377

Also if you do have vundo / virtumonde, after you delete it with combofix be sure to update your sun java because, most probably, that is what allowed the infection in the first place.

5

I am almost 100% sure you got infected with exactly the same thing like my desktop PC was. See this thread:

http://forum.avast.com/index.php?topic=32297.msg269903#msg269903

In your first post you mentioned: “Gebyy.exe” and then in your second post you said: “gebby.dll”. I think that the right name is Gebyw.exe and it is located in C:\Windows\System32\ subfolder.

Nasty infection… I simply backed up my working folders (separate partition), reinstalled Windows from the scratch and restored my data.

6

It depends on the variant. But combofix will show which and in the great majority of cases is recoverable