Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After attempting system tool removal, system hangs at avgidseh.sys


  • Please log in to reply
8 replies to this topic

#1 pronatureboy

pronatureboy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 11 January 2011 - 07:34 AM

Hi,
Firstly thanks in advance for any help.
My HP NC2400 running XP became infected with "system tool".
I found the removal guide and followed it until section 19, which stated I should allow a reboot if this was requested.
I allowed the reboot but unfortunately since then my bootup stops at "multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\AVGIDSEH.sys, then goes briefly to a blue and white screen "beginning dump of physical memory, then keeps looping. I have tried "safe mode" "last good config" etc with the same result.
Any help fixing this would be much appreciated.

Stupidly I have not backed up this computer recently.
Anybody know if "Ubunto" is any good at backing up files from a dead system please?

Thanks
Pete

BC AdBot (Login to Remove)

 


#2 lovewindows

lovewindows

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 11 January 2011 - 09:41 AM

Have you tried Last Good Configuation? Also Ubuntu does have it's own forums.

#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:54 AM

Posted 11 January 2011 - 02:59 PM

Hi pronatureboy -
If you read it they have attemoted 'Last Good' -
avgidseh.sys is related to AVG antivirus - There can be several reasons - Do you have Zone Alarm, or any similar Firewall installed -
You need to Un/re install AVG without any other firewall running as the latest version (2011) has its own version of a firewall - These can clash -
Do you think there may still be some of the 'System Tool' infection left ??
If so please start a new topic in the Am I Infected section -

Thank You -

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 12 January 2011 - 02:15 PM

First, lets see what BSOD code you get there.

We Need to Diagnose Your BlueScreen
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    Posted Image
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 pronatureboy

pronatureboy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 13 January 2011 - 05:15 PM

Thanks for your interest and help Elise.
Sorry about the delay in my respoinse.
This weekend I intend to try Ubuntu to recover my data, which as I previously stated I had not backed up for some time.
I have done as you requested and the following was displayed on a blue screen:

STOP: c0000218 {Registry File Failure}
The registry cannot load the hive (file):
\SystemRoot\System32\Config\SOFTWARE
or its log or alternate.
It is corrupt, absent or not writable.

Beginning dump of physical memory
etc.

Thanks again
Pete

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:54 PM

Posted 13 January 2011 - 06:40 PM

References for that error:

Error Message When You Install Windows XP STOP c0000218 {Registry File Failure} - http://support.microsoft.com/kb/830084

Repair Registry File Failure, C0000218 Error - http://xphelpandsupport.mvps.org/how_do_i_repair_a_stop.htm

Louis

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 14 January 2011 - 04:24 AM

Ubuntu can be used fine to back up files, but you don't have to install it, you can also use its Live CD. There are also smaller (download) alternatives to Ubuntu.

Do you have an XP CD? If so, try the following.

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
  • When prompted to choose a windows installation, type 1 and press enter.
  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

  • A command prompt will open
Type chkdsk /r and press enter. Let the disk check run unhindered. Note - this may take a while.

When finished type EXIT and press enter to reboot. Let me know how things are now.

If you do not have the XP CD, let me know and I'll give you alternative instructions.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 pronatureboy

pronatureboy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 19 January 2011 - 04:09 PM

Thanks Elise, and again sorry about my delay in replying.
I am still trying to get a drive image copy using ubuntu, unfortunately this fails with the following:

After many hours running the “dd” instruction I got the following error:

dd: reading ‘/dev/sda’: Input/output error
89491760+0 records in
89491760+0 records out
45819781120 bytes (46 GB) copied, 22059.7 s, 2.1 MB/s

and back to the input line: ubuntu@ubuntu:/media/1Terabyte/Ubun$ where 1Terabyte/Ubun was the directory I created on my external drive

My system I was copying from is windows xp pro (faulty) with a 60GB hard drive.
Backing up to a 1TB external drive with over 500GB free

I am now trying to get all my user info backed up before proceeding.

I also cannot get past the password when attempting your suggestion, don't know why as I am sure I am using the correct root password.

Cheers Pete

[Your comment is awaiting moderation and will be posted shortly.] Leave

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,833 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:54 PM

Posted 20 January 2011 - 02:43 AM

I also cannot get past the password when attempting your suggestion, don't know why as I am sure I am using the correct root password.

You mean when starting the recovery console? If you have no password set, leave it blank and press enter.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users