BSOD when booting after install of Avast 5 and Avira?

[Sope]

Hi,

I'm trying to help sort out a friends PC with frustrating results.

It's a long story involving traces of old virus infections etc. so I'll keep it very short.

Dell PC
McAfee security suite was being used.
Traces of infection still evident but successfully cleaned up with MBAM and SAS
HiJack This file appears clean
Installed XP SP3
Uninstalled McAfee including using the clean up tool they make available though keep pretty hidden! No remaining traces of McAfee can be found now.

Now the problem -
Installed Avast 5 but on reboot BSOD just before desktop loads.
Booted successfully in safe mode where I uninstalled Avast.
Tried Avira with exactly the same results therefore also uninstalled in safe mode.

Memory dumps suggest issues related to fltmgr.sys, ntkrnlpa.exe, ntoskrnl.exe

Can't find where to go from here. Currently the PC is operating fine but with no AV installed (Windows firewall ok).

I'm nervous to try another AV (was considering MSE) in case the same thing happens, for fear I can't enter safe mode to uninstall!

Anyone have similar experiences?
Any suggestions appreciated?

[Anupam]

Seems like the virus infection was heavy, and had its toll on the PC, and the PC might be infected even now.

My suggestion at this stage, would be to use any antivirus rescue CD like Avira, or recently featured AVG Rescue CD, on the site. That would prevent any virus to be active.

I would also suggest Trend Micro HouseCall, which I found to be excellent, in case of infections like these, but since there is no resident AV on the PC, connecting to the internet would be too risky.

My suggestion is an antivirus rescue CD.

[Sope]

Thanks Anupam.

I was thinking more along the lines of OS file damage rather than a virus still being on the system as both Avira and Avast install and update successfully but on the first reboot the BSOD occurs. MBAM and SAS installed and work fine (as did HijackThis).

Nevertheless, I'll take your advice and give HouseCall a try.

[kendall.a]

I agree that connecting to the internet without an AV is risky, but I'd probably do it anyway. I'd either run HouseCall or download and run Hitman Pro. (The rescue CD's are a great suggestion as well.)

In the end, you may end up having to do a re-format.

[Anupam]

You can try and run System File Checker. It will run a file check on the important system files, and will ask for damaged files to be replaced. You need to have the CD of the OS for that, because it will ask for a CD, if it finds any damaged files.

The command is : sfc /scannow

Here is a help page for it :

http://www.updatexp.com/scannow-sfc.html

[Sope]

@Kendall
Yep, re-format would probably fix it but with everything that's on the PC that's a biggie, especially as I don't think all the relevant software discs are still around! I haven't looked into the procedure for re-installing a Dell PC but I suspect it won't be straightforward especially as some hardware components have also been changed some time ago.

I've considered trying to reinstall McAfee but it appears to run even in safe mode (at least something appears in the tray) so if I get the same BSOD's it'll be game over!

[Anupam]

Since you won't have an AV, and you do decide to connect to the internet, then to be safe, you can try installing HIPS like WinPatrol, or ThreatFire... so that they can detect changes to the system and warn you. You may also try PrevX, besides those. It may not be able to remove the infections, but it can detect them.

Also run scans with anti-rootkits to make sure, there are no rootkits lurking. Some good ones are Sophos Antirootkit, Gmer, Rootrepeal. But, you might have to take some help, with their results.

You can also try installing Panda Antivirus.

[Sope]

@Anupam
Thanks for the System File Checker link. I ran it but it gave no message to say anything needed fixing.
I also ran Chkdsk and no problems were reported.
Regarding rootkits, I've already run an FS Backlight scan and it was clean.

I'm becoming more and more inclined to blame McAfee security suite for the problem but I'm unsure if even reinstalling it will get things back to normal, albeit with an unsatisfactory payware AV solution Unfortunately this may be the best solution though under the circumstances.

[Anupam]

Yea, it may be because of McAfee. You can try reinstalling McAfee, and see how things go. If it is OK, then at least you will have a resident AV protection. You can then scan PC with online virus scanner... like Trend Micro HouseClean.

You can give one of the rescue CDs a try, because they won't install any AV.

Also, you can try to decode the BSODs by searching for them on Google, with the STOP code, and the error message. You can find stuff on Google related to those BSODs. You can take a look here as a start :

http://aumha.org/a/stop.htm

[Sope]

Quote:

Originally Posted by Anupam

Yea, it may be because of McAfee. You can try reinstalling McAfee, and see how things go. If it is OK, then at least you will have a resident AV protection. You can then scan PC with online virus scanner... like Trend Micro HouseClean.

You can give one of the rescue CDs a try, because they won't install any AV.

Also, you can try to decode the BSODs by searching for them on Google, with the STOP code, and the error message. You can find stuff on Google related to those BSODs. You can take a look here as a start :

http://aumha.org/a/stop.htm

Thanks Anupam

I've scanned with Housecall and it was clean!

I've also spent a lot of time searching the internet with the stop codes I have but without success
As I said earlier, the memory dumps suggest issues related to fltmgr.sys, ntkrnlpa.exe, ntoskrnl.exe but there is nothing specific out there to point me in the right direction. I'm convinced it has to be a driver conflict between a resident AV component (common to both Avast and Avira as it affects both in a similar way) and another driver loading with windows but not in safe mode.

I just hope that reinstalling McAfee will put things back to normal rather than cause even more severe effects Before resorting to this gamble I'll work my way through that aumha.org article. The stop code I get is 0x0000008E which suggests it's "nearly always hardware compatibility issues" although the problem is definately related to installation of an AV