Repairing a computer that wont start after AVG detects a virus in sysperf.sys

Published:
This was an interesting problem I came across and thought it important to post up the solution for anyone that has this problem as I couldn't find any reference to it here.

The basics of the problem was this, malware was attempting to inject itself into the file sysperf.sys, and AVG was detecting it and quarantining the file.

On a system that did not have a SIS IDE controller, this was fine, the computer would start, if the system had the SIS IDE then it would crash just after the windows XP logo splash came on the screen, regardless of whether you tried Safe Mode or Last known Good configuration.

A full system repair did repair this problem, but is quite time consuming, especially when we had seven to repair in the same day with this problem.

I found that the easy fix was to simply copy the file back onto the affected PC, the sysperf.sys needs to go into the directory C:\Windows\System32\drivers.

There are a few ways you can do this, I have a test bench so I remove the hard drive from the affected system and place it in the test system and copy the file over and then place the hard drive back in. If you don't have access to another computer you could boot up the system using BartPE from CD, or boot the system using the windows CD and choose, Recovery console.

For more information on how to create a BartPE cd visit their site: http://www.nu2.nu/pebuilder/

If you want to use Recovery Console (compliments of the Microsoft Site):
   1. Insert the Windows XP CD into your CD drive and restart your computer. If you are prompted, select any options required to start (boot) from the CD.
   2. When the text-based part of Setup begins, follow the prompts. Select the repair or recover option by pressing R.
   3. If you have a dual-boot or multiboot system, select the installation that you want to access from the Recovery Console.
   4. When you are prompted, type the Administrator password.
   5. At the command prompt, type Recovery Console commands, and then you can refer to the commands that are listed in the "Available commands within Windows Recovery Console" section.
   6. At any time, you can type Help for a list of available commands.
   7. At any time, you can type Help command name for help on a specific command. For example, you can type help attrib to display the help on the attributes command.
   8. At any time, you can exit Windows Recovery Console by typing Exit at the command line.

To copy the file over you will need to have it either on a CD or on a floppy disk, and then use the command: copy x:\sysperf.sys C:\Windows\System32\drivers, with x: being the path to the file.

If you don't have the sisperf.sys file, it comes as part of the SIS IDE Driver that can be downloaded from the sis site directly, The link is as follows
http://www.sis.com/download/

Simply select your operating system and then select SIS IDE and extract the file and find the sysperf.sys file.

Once you have copied over the file place your hard drive back in your PC, and restart and it should load fine.
0
3,540 Views

Comments (1)

Lawrence BarnesSenior SQL Developer
CERTIFIED EXPERT

Commented:
I'm having a very similar issue with Windows 7...would this solution apply?

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.