Blue Screen of Death - XP Home

Hi.

I’ve been using Avast Home (4.7) for months now on XP Home. Everything running the most recent updates. I was really happy.

Yesterday morning it intercepted an e-mail coming in with a virus. This happens every now and again, so I did what I always do: click on delete and move on. About a minute later I get a BSOD. I reboot, log in, and try to run a full scan with Avast. As soon as it starts, I get another BSOD.

I figure there’s something wrong with Avast - maybe the virus corrupted it. So I boot up in safe mode and try to repair the Avast installation. Same difference - as soon as I start scanning, BSOD. So I uninstall Avast. Reboot. Re-Install Avast. Reboot.

And then I get really scared! Now I get BSOD as soon as the system finishes loading the Desktop. There isn’t even enough time to go ctrl-alt-del and try to kill a few processes. OK. Deep breath. Reboot. F8. Try any other option (safe mode, safe mode with network, last working version, etc., etc.). Nothing works. For EVERY single option on the F8 screen, it starts loading drivers and stuff and in about 6 seconds gives me a very quick (just a flash) BSOD and then the maching reboots itself.

The only option that works is “Normal Boot”. But that takes me to the login screen, then starts loading the desktop and before I have time to do anything… (you guessed it) BSOD!

I eventually pull out my Dell original CD and do a re-install of the OS (preserving the installed apps).

Looks fine. I lost my wireless access, but I’ll deal with that later.

Boot up. Try installing AVG. The installation fails on the very last step. I look up possible causes and end up running both the Norton remove utility (although I don’t think this machine ever had Norton, but hey, Norton is such a badly behaved software… wouldn’t hurt removing it anyway) AND the AVAST clear utility.

Try re-installing AVG. Same problem.

Try re-installing Avast. Installs OK. Reboot. BACK AT SQUARE 1. BSODs all over the place again and none of the F8 options work.

After trying several times, I managed to get one of the safe boot options to work, and I uninstalled Avast.

Now everything seems to be working fine, except I CAN’T INSTALL ANY ANTIVIRUS on my machine!!!

So I run the Norton online scan (the active-x thing they’ve got) and it identifies 3 viruses (none of them in active memory BTW). I remove them manually. I re-install Avast… and… I’m back in BSOD heaven again.

PLEASE HELP. I really like AVAST! I wanna keep using it!

FYI, the viruses found and removed where: Bloodhound.Beagle; Trojan.Tooso.R; a generic Trojan Horse (it just said “file so-and-so is infected with Trojan Horse”)

Best regards,
EBaldino

Hi again.

Just realized Avast also has an online scanner. Will run that now.

rgds
EBaldino

Sorry, spoke too soon.
Avast´s online scanner does one file at a time… useless, really… kinda forces us to go to Norton…

Anyway, if anyone could help me with my original post, I´d be very thankful.

rgds
EBaldino

Please send me the contents of the \windows\minidump folder (by email).
That should help us analyse the problem.

Thanks
vlk

Hi Vlk.

Got your email, and though at first I couldn´t follow your instructions, I realized your intention was to make sure the viruses I had were removed. After some digging, I figured out how to do it, and IT WORKED. So I am reporting it here, in the hope it may help other people.

The viruses I got were Bloodhound.Beagle and Trojan.Tooso.R

Apparently these two go as a pair. One loads the other - so you have to make sure you remove them both. To remove them, you need to make sure to:

  1. Disable the Windows System Restore option (my computer - properties - system restore - disable.

  2. Boot into safe mode (reboot - F8 - safe mode). I think any safe mode will do, but the only one I could boot into without getting a BSOD was the one that mentions “directory restauration” or some such thing.

  3. Go into the registry (regedit) and search (F3) for m_hook.sys and delete all entries making reference to it - even the ones with “LEGACY” on them, if you can manage to delete them (mine wouldn´t go away). You will usually find m_hook.sys in HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services, but make sure to look into other versions of ControlSet (I had ControlSet001 thru 004).

  4. Similarly delete all instances of hldrrr.exe from the registry.

  5. Do a file search for m_hook.sys and hldrrr.exe in the hard drive and delete them. In my case, I could only find them when I was in safe mode, and it wasn´t because the directory was hidden, either… Make sure to empty your trash can aftwards.

  6. Reboot normally. Go look in the register to see if m_hook.sys and hldrr.exe didn´t magically reappear. These are persistent little bastards. It took me two or three rounds of following the above procedure before I got rid of them. And no other file in the system was infected: I ran Symantec´s online scan to make sure.

  7. If everything went OK, you should now be able to install and run Avast again. Make sure to enable the Windows Restore option you disabled in step 1.

Good luck!

BTW, thanks Vlk !