As standard procedure for a PC that was randomly rebooting and generally dogged, I ran the boot-time scan, and only deleted what was obviously crap, and executable. However, I did move some other things to the chest.
Well, now it reboots just before logon (the blank blue comes up after the video driver loads, then it goes). How can I, from another PC (if Avast! is needed, it’s there, too), get files out of the chest and back to where they came (note that I don’t necessarily know the full path, if they are easy to get out), so as to begin a more manual malware removal process?
If it helps to find the file causing problems in general, too (though slightly OT), there’s something with “system” then “logon”, in braces, and “error” somewhere in there (since it reboots immediately, I haven’t grapsed the whole thing).
Are you able to boot into safe mode, keep tapping F8 as you boot. From their start avast and open the chest and see what is there and you can restore anything you feel should be restored. Exercise care don’t just restore everything.
Deletion isn’t really a good first option (as you may have found out, you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
Have (or did) you have another AV installed in this system, if so what was it and how did you get rid of it ?
I only deleted obvious randomly named EXEs; but I did move some DLLs to the chest.
PCCillin (Epox mobo CD) was the first AV client, it was removed with its uninstaller. However, that was nearly two years ago, I think, and the PC was clean then.
However, if the log states the files found and actions, I aught to be able to put clean files back in, now (the PC is no longer at the client’s house, where I was hoping I’d find some temporary fix), having a couple other Win2k boxes here that are quite healthy.
If you have the Windows 2000 CD, I would suggest booting from the CD and choose repair by pressing R at the Windows 2000 Setup menu! Sounds like you moved Windows components to avast chest.
Yup. Clean DLLs got it booting. It’s now in “working” condition without a repair, but that option is still open. IE & FF both don’t work, but it hasn’t spontaneously rebooted, nor has Explorer crashed; so I’m going to see if I can save it without going through a repair + updates.
Are you able to establish an internet connection and see if you can ping a server such as yahoo.com? And are you on router, cable or dialup (includes PPPoE)?
Sometimes this happens due to overheat (check your fans).
Oh, I forgot to mention, there: services.exe crashed, so it warned and gave a timer each time. However, fans and caps (it's from that time) are in good shape.
Are you able to establish an internet connection and see if you can ping a server such as yahoo.com? And are you on router, cable or dialup (includes PPPoE)?
'net was and is fine. Router out to cable in both places, and no odd things happened just when web or other net activity occurred (I reinstalled TCP/IP just in case, though).
The culprit for non-booting I think was sfc.dll infected with Banker.bkl. Looks like a very necessary file. Oops.
What errors are you getting ?
There were and are no errors once it got booting. IE would just crash (but works fine now), and FF still won't run (but Seamonkey will). Stopping the AV has had no effect. Given that it's an aging Windows install, doubt the the FF problem is malware of any kind.
I sent it to the chest. I was thinking I'd need to be able to access that to get it back out and then go cleaning from there, but I was able to eventually get a clean copy on the PC, so it would boot up. I found the boot scan log, and that gave me the info I needed.
What can we help?
Now, no help is needed! It's working again. When it wouldn't boot, I could not read the whole error, because it would just reboot. I was hopin there was a magic, "Avast! Undo all that stuff I told you to do, and from the recovery console," or a "Avast!, take the chest from this drive I plugged in, and let me get the stuff out of it and back to where it was." Once it got back to booting with a new sfc.dll, the problems that persisted were not accompanied by error messages, making them difficult to track down (IE would not fully start, it did not appear to be doing too much network activity, and other crashes and slowdowns did not appear to be correlated to any action that I was taking).
My guess now is that gunk in IE was having some issues with various applications that were trying to get to the internet for updates and other stuff (likely over http). Things that didn’t seem IE-related got fixed once IE was fixed.