Boot problem - stalls at aswrvrt.sys

I seem to have exactly the same issue as described in http://forum.avast.com/index.php?topic=120531.15 where my boot fails at aswrvrt.exe

I’ve followed the instructions to generate a FRST.txt file but am not sure what to do with the information. Please could someone help?

hi sequin,

It is really best if you start from the beginning. You may think you have exactly the same infection, but following a thread along and applying fixes made especially for another victim/user is not really a good idea. ([EDIT:] At least I hope that’s not been happening.)

Reason for that is because systems are set up differently, and infectious agents mutate all the time, and infect different machines in different ways. So, the variant you have can be very different from another user posting at the same time you are, and with what appears to be exactly the same problem.

essexboy is trained in malware removal and will know what to do with the FRST file.

Suggest starting with this link: http://forum.avast.com/index.php?topic=53253.0

Please attach, not paste, the resulting logs from these four programs:

  • AdwCleaner
  • Malwarebytes
  • OTL
  • aswMBR.exe

He needs these logs to see what you have. Without them, he will not be able to help. FRST is a secondary program used for analysis, not one of the first. The first four are what you start with…

I’ve gone and notified essexboy.

Thanks so much - it’s definitely not the same problem as the original poster and no attempted fixes applied but thought the log might tell someone something. Am working through the list of diagnostics and will post when I get home from work!

Hi what was the sequence of events prior to the non-booting ?

I.e. Did you install a programme or get some windows updates

Am failing at the first hurdle as I can’t get any of those diagnostic tools to run - end of a long day so quite possibly an attack of the blondes… when I try to run from command prompt I get the message “The subsystem needed to support the image type is not present”?

No new software installed but I think I had a Windows update, an Avast update and possibly a Firefox update not long before I started having issues booting. Originally it would boot Windows but then hang trying to open any program. Now it won’t even boot Windows.

Do not worry. essexboy has more tricks up his sleeve than even I know about. ;D

I take it you are not even able to boot into Safe Mode?

I feel it was a windows update that caused this as I can see no malware present. Do you wish to recover data from the system as you may well need to reformat. I can provide a tool for you to recover your data using either CD or USB

Windows updates seem to cause more problems than they solve! I’ve managed to run a scan and then chkdsk, which is hanging at stage 4 but seems to have done enough to get in (normal boot). If you can provide a tool to recover the data, that would be great - I’m trying to copy things across now while I still have access, but am fairly certain it will crash again soon!

Please print these instruction out so that you know what you are doing

[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :slight_smile:
[*]Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
[*]You now have a windows XP desktop to copy all your data to USB

hi sequin,

Suggest getting a free disk imaging back up program for use in the future. This will save enormous time in restoring your system(s) to a known clean/working state; I use such and restore to good only takes 15-20 minutes vs. days or a week or so to re-set up a clean install, updating security fixes, etc.,. Plus, should the main os drive ever die, most will allow you to use another similar drive to image a saved disk image to it in in about the same amount of time. Businesses use this all the time to save time and money, so…

Thought you might like to know.

I will be happy to provide links to good free imaging programs if you are interested.

Thanks so much for all your help - links would be great.

I still have full access at the moment and have run all the diagnostics suggested just in case there is something lurking. First 4 are attached to this post. I found 2 trojans in the process. Can you let me know if there is anything else I should do at this stage?

Thanks in advance!

Last log attached

Excellent job there!

Note no action taken on Malwarebytes findings. OK to quarantine and delete the two files found; essexboy may or may not reply as it is now 9:31 PM where he lives. Post a new MBAM (Malwarebytes) log after scanning again and removing these Trojans. Have option to quarantine/delete any files found selected. Quarantining option will allow you to restore if you should ever need to do so.

Links to free disk imaging programs: http://www.macrium.com/reflectfree.aspx
http://www.todo-backup.com/products/home/free-backup-software.htm

Note free license is limited to one home user only per program. Paid always has more features built-in, multiple system licenses available, so…

[EDIT:] c|net is tricky to download macrium free; be sure to only select the main download button w/o the download helper program. Otherwise you may find you have unwanted programs other than macrium free installed along with your download and be worse off than before. :smiley:

Ran Malwarebytes again and found another exploit. Third time lucky is now clean - both logs attached!

Any further problems since you rebooted back to normal windows ?