90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!
AVG causing system reboot during scan.
I have a Compaq running XP SP2 (currently unable to update, working with MS on this issue), and when I attempt a scan with AVG, it gets to the same place each time, near the beginning of the scan in the registry, and the system reboots. After reboot, a message comes up indicating there was a fatal error and prompts me to send the report to MS. When I do, it comes back stating there was a Blue Screen and give me three things to try, updating drivers, virus scan, and chkdsk. I am able to run the AVG scan in safe mode, and a chkdsk gave up no errors. I have not tried the drivers yet, but wanted to get some feedback on this since sometimes updating drivers can cause other issues. May posts point to heat issues, but since I am able to run the scan in safe mode, and I have been able to do defrags and other disk and cpu intensive items without issue, I think it is isolated to AVG. My system is a Compaq Presario S6500NX. Thanks.
Who is Participating?
I suspect that the problm is less with AVG and more with what it is scanning. If you are having a problem with upgrading (presumably to SP3) then the problems are most likely linked.
Have you tried a chkdsk on the hard drive to see if there are any bad sectors as advised? This could isolate the problem as running the scan in safe mode may well cause AVG to miss the sector where the problem is.
Give it a try and let us know the results.
Snibborg
Have you tried a chkdsk on the hard drive to see if there are any bad sectors as advised? This could isolate the problem as running the scan in safe mode may well cause AVG to miss the sector where the problem is.
Give it a try and let us know the results.
Snibborg
Hello
Do you get any error code with the message indicating the fatal error?
if you do not, to see the blue screen error do the following:
Right click My Computer , click Properties.
Click the Advanced tab.
Go to Startup and Recovery, click Settings
Uncheck the box marked Automatically restart and click OK
Reboot, run the scan again. This will let you see the error code, might give a clue on what's going on.
Do you get any error code with the message indicating the fatal error?
if you do not, to see the blue screen error do the following:
Right click My Computer , click Properties.
Click the Advanced tab.
Go to Startup and Recovery, click Settings
Uncheck the box marked Automatically restart and click OK
Reboot, run the scan again. This will let you see the error code, might give a clue on what's going on.
He indicated that he did run chkdsk, nothing found.
Can you tell us a little more about the "unable to update XP to SP3" part? Could be related.
You're years behind on the drivers if you haven't updated since SP2. The ancient drivers could be an issue here.
Can you tell us a little more about the "unable to update XP to SP3" part? Could be related.
You're years behind on the drivers if you haven't updated since SP2. The ancient drivers could be an issue here.
I have been battling an issue on this machine all weekend where windows update won't run and I've had a high page file usage. I think they are related, and so does MS at this point. The initial report on the device was they could not update AVG to version 9.0. I ran a scan with Malwarebytes and found a few Adware Professional trojans. Once these were cleaned, I still was unable to upgrade AVG (I was getting updates). I then uninstalled AVG 8.5 and tried to install 9.0 again, no good. I checked the processes and found Windows Installer not running, and it would not start, so I regestered the service, and it worked, and allowed me to install AVG 9.0. Thought all was good, until I tried to run Windows Update. Some patches updated, but 7 did not. I renamed the Software Distribution folder (stopping and starting wuauserv in the process), and ran Windows Update again. This time, it wanted to install SP3, which after a few minutes failed also. This is when I got MS engaged. They had me try to register all the DLLs for Windows Update, but several of them failed. Namely, WUAPI.DLL, WUCLTUI.DLL, WUWEB.DLL, MUCLTUI.DLL, and MUWEB.DLL. I have provided MS with the WindowsUpdate.log and system.nfo and am waiting on a response (which I know I won't get until early tomorrow morning). I have attached those files for your information. Thanks for helping.
mbundy62.zip
mbundy62.zip
The only thing I could find related to the error 0x8e5e044 is people advised to disable the anti-virus and anti-spyware software and try again the update process....
I just noticed another oddity...I cannot get to any websites for Microsoft KB articles. Basically, any time I hit a link to go to http://support.microsoft.com/kb/xxxxxx, it just hangs with an hour glass and I have to kill the IE window. Normally, I would suspect a virus, but in this case, since I have ran AVG and Malwarebytes, I think I am dealing with the residual effects of a virus. Any thougths?
Given the age of this system, suspicion of virus etc. is it out of the question to just do a nuke-and-pave reinstall of XP + SP3? Sometimes you have to cut your losses and take the shortest path. Obviously you would back up any important files first, gather up the necessary drivers etc. in advance, then go for it.
IT-Monkey_Dave,
I agree that I am really close to that point. I think I will give MS an opportunity this evening to see what they come back with. I really think all of this is related. I will everyone know what they say. Thanks anyway.
I agree that I am really close to that point. I think I will give MS an opportunity this evening to see what they come back with. I really think all of this is related. I will everyone know what they say. Thanks anyway.
I would also try Spy Boot search and Destroy.
http://www.safer-networking.org/en/download/
But, yeah, as Dave said you might not get away without a reinstall.
http://www.safer-networking.org/en/download/
But, yeah, as Dave said you might not get away without a reinstall.
I would recommend to check if you system is clean and to do this do the following:
Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php
Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
64bit
http://dl.surfright.nl/HitmanPro35_x64.exe
If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684
If this does not resolve your issue then try Combofix:
Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post logs here for further analysis.
Sudeep
Run malwarebytes in Safe Mode with Networking and update it before running a full system scan:
http://www.malwarebytes.org/mbam-download.php
Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
64bit
http://dl.surfright.nl/HitmanPro35_x64.exe
If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684
If this does not resolve your issue then try Combofix:
Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Tutorial on how to use combofix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Post logs here for further analysis.
Sudeep
All, I received information back from MS this morning on things to try, which unfortunatly failed. But, one item was a link to something that jogged my memory on another issue I had in the past when trying to install SP3. I found the KB article KB949377 (http://support.microsoft.com/kb/949377/) which had a Microsoft Fit It to reset the registry and file permissions. This worked to allow me to use windows update to install SP3, and all subsequent patches. It also corrected the high page file issue. I still had issues with not being able to get to support.microsoft.com/kb sites, but I used windows update to install IE8, and that issue was resolved. Now, I still have the original issue of AVG causing a blue screen and reboot. It does it at the beginning of the scan when it tries to scan a section of the registry. It goes by very quickly, so all can get is \system\ControlSet003\... So, I tried searching for this in the registry with regedit. I actually searched for 003. I found it twice, something associated with the keyboard/mouse, then I hit F3 again to find the next one, and got the blue screen reboot again. Obviously, something is wrong with the registry. I have a dump file, but am unable to read it. If one of you wants to take a crack at it, I would appreciate it. I sent it off to MS, so we will see what they have to say also. Thanks.
Latest.zip
Latest.zip
are you able to see the blue screen error?
(Right click My Computer , click Properties.
Click the Advanced tab.
Go to Startup and Recovery, click Settings
Uncheck the box marked Automatically restart and click OK)
I am more and more convinced that you won't get away without a reinstall :(
(Right click My Computer , click Properties.
Click the Advanced tab.
Go to Startup and Recovery, click Settings
Uncheck the box marked Automatically restart and click OK)
I am more and more convinced that you won't get away without a reinstall :(
Compaqus, when I change the settings to show the blue screen errors, all I get is a solid black screen and I have to power the PC off and back on to reboot it.
Compaqus, thanks for the advice. And you are right, registry repair tools are crap. I ran RegInOut on the system a few days ago, and although it didn't help, it caused no issues. I ran it again last night, and now I can't boot the system, in normal or safe mode. So, I guess it made my decison for me...I am rebuilding. Fortunatly, I backed up all the data when I started working on it. Since this is a Compaq, it has the recovery volume on the D: drive. I am trying the "kind" recovery first, which states it will save my data, but will reinstall the OS and Compaq provided applications to original configuration. I will need to reinstall all updates and non-Compaq applications. If that doesn't work, the "distructive" recovery, including a format of C:, will be next. Thanks again for your help. I probably should have gone this way before, but was caught up in the thrill of the chase.
You are very welcome. Good luck with the install.
PS. Don't forget to rate any answer that was helpful here, that helps us a lot :)
Thanks
PS. Don't forget to rate any answer that was helpful here, that helps us a lot :)
Thanks
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Given the time you already spent on this issue, now and in the past, I would recommend a reinstall. Even if you succeed in getting avg running properly again this will come back to bite you sooner or later. As I can understand your windows installation is pretty messed up and patched here and there.
There are tools for cleaning and/or repairing the registry but none of them have a good reputation mostly because is too easy to delete something you really need from there and mess up the machine even more.
A new win installation takes you a couple of hours... I would reinstall and then install the AV first thing in order to make sure that I do not get the new installation reinfected by putting back the files you have backed up.
Sorry mate...