Using a 60-day free trial version of AVAST! The program found that USER.DAT was infected and advised me to put it in the chest, which I did. I guess all my registry backups were also infected and deleted. Now, when I try to boot to windows, I get "Warning: Windows has detected a registry/configuration error. Choose Command Prompt and run SCANREG. " When I run scanreg, it says that it’s installing a backup, then it reboots to the same error (“Warning: Windows has . . .”) How do I get the infected USER.DAT out of the chest and repair it without windows?
That is why you need a back up of your system. In the old days you had a “panick” floppy for that, now you have it on CD.
Else you need a distro cd, and repair the user.dat file with this proggie: http://www.12ghosts.com/ghosts/profile.htm, download it on a cd from another comp on a linux that serves a win environment. That is what I see so far, else you have to recover from inside dos. Maybe someone here on the forum done that before?
I would restore the user.dat from the avast! Chest to an USB drive (or floppy).
From there, you can submit it to Jotti and let us know the results, i.e., if it is or not a false positive.
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus (at) avast.com.
Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see About avast: right click avast icon) will also help.
If it’s a false positive, you can add it to avast! exclusions and restore it to the original location and get your registry back.
Otherwise, only a backup of that file (or entire disk) will help.
He should know the full path to the chest then in dos to this chest file. Can you give it to him. That would help him and others in a similar situation. I once had a similar situation where the chest ate a file without which the whole windows would not start up. This is part of the virus strategy to corupt your OS when you try to repair it.
Now I’m seeing the user does not have XP…
In XP, the file is a little bit different, C:\Documents and Settings<user name>\ntuser.dat.LOG
In 98 or Me, it shoud be under C:\Windows\Profiles<user name>\user.dat if I’m not wrong.
UBCD has some tools that can repair registry on win9x/ME. It has also regedit tool. So it makes possiböe to find what program are running at startup.
But best way is diable AV and restore backups of registry.
//kill all avast processes, rename folder, reboot
//or go in dos and rename “avast4” folder to “avast4.old”, reboot
Use some registry cleaner to clear registry. And some online-scanners.
You can google at them->
online virus scanner
online trojan scaner
online spyware scanner
Do repair of windows/reinstall.
Reinstall avast.//rename folder back to avast4 and do repair of it if nessecery
I think I found the file in C:\PROGRA~1\ALWILS~1\AVAST4\DATA\CHEST with a filename that starts with 6 zeros. It’s too big to edit with “edit,” but when I “type” the file I see that the first 7 bytes are “-chest-” so it looks like the file is changed. I wonder if it’s encoded or changed in some other way as well. It’s windows 98SE and you’re right, I don’t have a recent backup or a boot CD.
Stuck, C:\PROGRA~1\ALWILS~1\AVAST4\DATA\CHEST is the Chest (Quarentine) folder.
Files there are encrypted as they are infected. The Chest if exactly for this: hold infected files.
You can’t edit or manage the files ‘outside’ from the Chest application. That is for your own safety.
But there is another question for this poor fellow. How can he save his data. Can someone explain, what to do if system files vital for starting up windows cannot be run anymore. How to restore to a situation, where you can start windows again. Or and that is my question, are there cases where there is no other way open than a fresh re-install or what we call “TOTAL RECALL”. Another way is saving your data with a burning program on a distro of another OS.
Here one sees clearly explained the value of start-up diskettes/disks/cd’s or backups.
When you try to boot, can’t you just hit the F8 key, so you can choose to go into Dos. Then type scanreg /restore. Normaly you can choose a back-up from your registery off any older date. When that doesn’t work, you can also try : scanreg /fix. Don’t forget the space between scanreg and /.
Well go and have a look at this thread. http://forum.avast.com/index.php?topic=13771.0. Always have to remember that undefined functions in Windows, are mentioned as ündefined". and not without a reason,
Stuck, as far as I can tell, since the registry file is “trapped” in the chest and (according to Tech) there is nothing you can do to bring it back or repair it, the only thing that matters now is to backup/move the files that are important to you (e.g. address book, emails, favorites, documents etc) and re-install.
If you need increased functionality in order to do that (e.g. burn them on CD, access a network etc) compared to a plain Dos environment, you could install Windows on an alternate partition (if it exists) or even the same partition under a different folder.