Problem with aswrvrt.sys (Won't boot)

Viruses and worms
1

Win 7 with a version of Avast, not sure which version
Was rebooting and it came up to the Boot Choice screen with only these options showing…

Windows Error Recovery
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Start windows normally

The first 3 options all run down the list of drivers that its loading but get “Stuck” on aswrvrt.sys where it stays for 20-30 seconds. It then shows the “Starting Windows” screen for 20-30 seconds then all I see on the black screen is the mouse cursor. With Start windows normally I get the same end result but don’t see the drivers loading.

I can see all my shared files and drives from my networked laptop. Unfortunately I don’t have access to my c: drive other then the c:\users dir.

Dell 8500 but I don’t have a Win 7 boot disk (they are sending one). Dell says I will have to reinstall Win 7 (yuck).

Any ideas for the present? Would love to be able to access a command prompt (But can’t) to try deleting aswrvrt.sys and see if that does anything.

2

are you able to download and run this http://www.avast.com/en-no/uninstall-utility

3

No.

All I see on my black screen is a mouse cursor.

4

OK…have notified Essexboy, he usually have some Magic Tools :wink:

5

Is it a 32 or 64 bit system

Download the following three programmes to your desktop :

  1. Rufus

For 64bit systems
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

For 32bit systems
2. Windows 7 RC
3. Farbar Recovery Scan Tool

Insert the USB stick Then run Rufus

https://dl.dropbox.com/u/73555776/rufus.JPG

Select the ISO file on the desktop via the ISO icon.

Press Start Burn

https://dl.dropbox.com/u/73555776/RufusISO.JPG

Then copy FRST to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this although yours will say windows 7.
Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

6

Here it is. Might have to leave pretty quick for work, waiting for a call. So I might or might not get back to this till later. Thanks in advance.

To much to paste in. Attaching it instead. Damn, Opera isn’t handling the attachment correctly. FF does.

7

Absolutely the same problem here after a blue screen one hour ago. :frowning:

Greez Etienne

8

@EtienneAvast please start your own thread

@ calcuttaman this is your fix…

Download the attached Fixlist.txt to the same USB as FRST
Run FRST as previously
Once it has completed reboot to normal mode

THEN

Download OTL to your Desktop
Secondary link

[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs

9

Same issue here but I get to aswrvrt.sys in safe mode and the PC blue screens each time. There seems to be no way to start up using any startup option

Due to changes in the config of the machine I get the tedious “System Recovery Option is not compatible with the version of windows you are trying to repair” so haven’t successfully started from the DVD as yet to try repairing that way.

As I can’t get to the desktop I am unsure how I can use the repair suggestions posted above.

Thanks

10

Been an Avast user for years but this was the first time I registered with the forum, solely to reply that Avast was indeed the cause of my boot problems and that removing it fixed them. Searching for Aswrvrt.sys led me to this page, which was fortunate since without reading this I had no clue that Avast was the problem.

I was able to boot into Safe Mode with Networking though so I could download and run http://www.avast.com/en-no/uninstall-utility
After it removed everything my machine was able to boot normally (albeit now with no Avast protection).

11

Ok, here they are

I did uninstall Avast.

12

It was not Avast causing the problem but a zero access infection

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Files
C:\$Recycle.Bin\S-1-5-18\$846807fb2202378a2f77ca8da49f469b

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

13

Oh oh, I just ran OTL and got this…

http://calcuttaman.com/public_images/2013-04-07_080649.png

What should I do now?

14

Close OTL and go direct to combofix please

15

That’s good to know that it wasn’t Avast. After this is over will delete Avg and go back to Avast.

Not a lot of info out there on how one gets infected with this, ideas?

Attaching ComboFix.txt

I guess there was something else I hadn’t told you as I had forgotten about it. I hadn’t been able to access my Windows Firewall for a couple of months. When I would try to load it, it would say I couldn’t load the module (Or something like that). Searched for answers but could never get it working. Combofix rebooted and I had programs that were marked for deletion so rebooted, lo and behold up popped the Windows Firewall screen asking for permission for Eye.fi. And I’m able to access it now.

Will run computer for awhile and see how its going.

16

That looks to have killed the remnants

If you are going to install Avast again you will need to do the following :

Download the AVG removal tool http://www.avg.com/gb-en/utilities to your Desktop.
Download Avast Uninstall Utility to your Desktop.
Download the correct version of Avast to your Desktop.
http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_pro_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_internet_security_setup.exe
Disconnect from the net
Uninstall Avg via control panel
Run the AVG removal tool
Run AswClear
Re-install Avast using the custom mode

17

Hello I have got the same problem. I have ran your tools and generate the frst.txt file (linked at this post).
Could you please help me ?

I have ran the zeroaccess symantec fix. It did not find the zeroaccess trojan.

18

I see that you have two hard drives, could you unplug one

19

My computer is a notebook. I have only one hard drive splitted in two partitions.
I have noticed the hard drive led is always highlighted, even if no application is launched.
My PC is very slow, when i try to launch any application. I can not access to diskmanager in order to disable the second partition.
When i try to set offline the volume data with diskpart in safe mode, i have got the french error message “le volume y a encore un chemin d’accès”

20

I can see no malware so I would assume that you have a disc problem especially as the drive light is always on and the second partition is activated