Cannot login to Windows

Hi everybody!

I have installed Avast4 yesterday. And during a scan (the 1st one…), I chose “quarantaine all suspect files” (something like that ;P) And i think it has removed some system files (files in c:\windows and \system volume information) and now, when i try to login to Windows, the screen go blue and a very long message appeared . I have no time to read it, the pc restarts after 1 second…
I tried to go to the chest, but it is impossible, it says “error, cannt load files”… I also tried to login in save mode, there’s no probleme (pff… i have luck… ;))…
What should I do now??? plz help me T_T

You say you can log in in safe mode? Can you start avast in safe mode and restore the files from the chest? Use either the icon on the desktop or from start button.

Can you boot into safe mode, keep tapping F8 whist booting (it should give the option to boot into safe mode) ?

Did you choose to delete the files or move them to the chest ?
If moved to the chest you should be able to tell what files they were and the location (don’t worry about the files from the system volume information folder they can’t have an effect like this). It may also be possible to restore files from the chest, but don’t just restore everything, you can extract them to a temporary location first so they can be checked later.

Have (or did) you have another AV installed in this system, if so what was it and how did you get rid of it ?

I can login in save mod and avast. But the probleme is I cant access to the chest, it says “Program cannot use Chest client: (null)—>Description: Virus chest server is not running. RPC communication failed.” So i dont think it’s not question of another AV (that means I have an other AV, should I uninstall it? it’s very old and useless, i dont think it may make problemes…)
So, i cant restore files… But I found the report of the scan, and im sure that they are in the chest, not deleted.
The files are:
C:\WINDOWS$NtServicePackUninstall$\wmiprvse.exe
C:\WINDOWS\system32\CD_CLINT.DLL
C:\WINDOWS\system32\msstart.exe
C:\WINDOWS\system32\svrhost.exe
C:\WINDOWS\TSAd.dll
and the others aint system files
Have i removed some important files?

And the screen which appeared when i tried to login normally… I think I saw something like “memory” and “hardware”, sry… but it appeared only 1 second and i havn’t the time to read it, mayby i should take a photo with my DV, then I can know what it said… :stuck_out_tongue:

You should only have 1 av installed at a time. Any more will in all likely cause conflict. Uninstalling the old one now, probably won’t solve the problem you are having now, but who knows. At any rate it will prevent future conflicts.

Will the pause key on your key board stop the screen so you can read the message? Or how about the event log viewer?

If Avast did this to your system then I feel very unsecure if Im to keep having Avast AV software installed.
As a user you have to rely on the installed AV software to be smart and not to remove critical systemfiles.

You can do a google search on the file names and that should give you an indication if the detection was good.

This is one hit http://www.liutilities.com/products/wintaskspro/dlllibrary/cd_clint/ for cd_clint.dll.
The same for msstart.exe http://www.filseclab.com/eng/tech/backdoor.livup.htm.
The same for svrhost.exe http://www.bleepingcomputer.com/startups/Svrhost.exe-8078.html
The same for TSAd.dll http://www.spywareremove.com/removetsaddll.html

So in short the detections look good and even if they weren’t they aren’t system files that would cause this problem, by being removed.

The wmiprvse.exe could well be genuine http://www.liutilities.com/products/wintaskspro/processlibrary/wmiprvse/, however removal shouldn’t have any effect like you are experiencing as all it would do is stop you installing the windows installer.

So far from your other AV not being a problem it may well be at the heart of the problem, RPC errors are often as a result of conflict with another AV. What is the other AV ?

I suggest uninstalling it and reboot and see if avast and windows can start in normal mode.

If you read my comments and also check out the links you will find that they aren’t critical system files and the most likely cause of the failure to boot into normal mode is conflict from the presence of another installed AV.

This is also another important point not to delete files but move them to the chest.
Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest and investigate.
There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

DavidR… u are a ready “avast evangelist” :smiley: :stuck_out_tongue:
The probleme is solved now!!! You’re right :slight_smile: it’s because the other AV, when I uninstall it, all return to normal :smiley: thx vry much guy (and avast which detects all those virus)!! XD

No problem, glad that I could help.

Welcome to the forums and a Happy new Year.