[hiddendragon]

Hi, I am working on my client's HP Pavilion 752n for virus removal.

After I installed AVG 8 newest version, and finished the full system scan, avg asked to move some infected files to vault, and then when I restart the system, it's keep looping restart by itself.

I can not enter safe mode as well, after I chose option:"disable automatic restart on system failure", system shows a blue screen says:

"Stop: c000135 {Unable to Locate Component}
This application has failed to start because baseotx32 was not found. Re-installing the application may fix this problem."

My question is there any way I can repair the system instead of reinstalling the whole system, or if it's possible I can recovery those moved files from AVG virus vault?

Thanks!

 

[CTSNKY]

Re: XP can't boot-up after AVG 8 move infected files to vault

First thing I'd try is running CHKDSK /R in the XP Recovery Console.

http://support.microsoft.com/kb/315265

 

[hiddendragon]

Re: XP can't boot-up after AVG 8 move infected files to vault

First thing I'd try is running CHKDSK /R in the XP Recovery Console.

http://support.microsoft.com/kb/315265

Already done the disk check, no help.

I thought the problem is some system files got infected, and then AVG move them to vault, and that makes xp still looking for some component at registry when reboot.

So I am thinking if I can put all the system files back, then the system can boot-up.

 

[CTSNKY]

Re: XP can't boot-up after AVG 8 move infected files to vault

Well, you can also try a Windows Repair Install, but I've had iffy success with that in the past.

http://www.michaelstevenstech.com/XPrepairinstall.htm

May be looking at a reload here. Back up your data while you can.

 

[chauffeur2]

Re: XP can't boot-up after AVG 8 move infected files to vault

Hi hiddendragon, Welcome to TSF! :wave:

Another alternative is...

Try powering up the computer from a 'cold start', while continually tapping the F8 Key.

Doing this will take you to "The Safe Mode Menu Screen"; select the option "Last Known Good Configuration", and follow the on-screen prompts.

Post back with the outcome.

Kind Regards,

 

[hiddendragon]

Re: XP can't boot-up after AVG 8 move infected files to vault

Hi hiddendragon, Welcome to TSF! :wave:

Another alternative is...

Try powering up the computer from a 'cold start', while continually tapping the F8 Key.

Doing this will take you to "The Safe Mode Menu Screen"; select the option "Last Known Good Configuration", and follow the on-screen prompts.

Post back with the outcome.

Kind Regards,

Thanks for your reply, but before I scan the virus, I shut off the system restore function, so this won't work.

I checked the "AVG8.vault" folder, total 44 files moved here, but I can't know what the file names they are, otherwise I will try to copy the system files from another system.

I tried to install a clean version of windows, and copy all files back, but I still got stuck at the same situation I mentioned before.

I do have the whole image ghost copy after system not booting-up, is there anyone knows how to check AVG8 virus scan log? That's might be help me.(I check the avg 8 folder, nothing similar like that yet)

 

[hiddendragon]

Re: XP can't boot-up after AVG 8 move infected files to vault

Problem Solved!! :wave:

Finally I found a solution:

1. Create a new Windows XP installation.
2. Copy all AVG old files into system
3. Reinstall AVG 8, and read the Virus Vault history, restore baseotx32.dll to c:\windows\system32
4. Backup the Baseotx32.dll, even it is virus infrected.
5. Ghost back the whole system, and restore baseotx32.dll
6. reboot the system, well, welcome back, my client's system, everything is there.
7. Modify the registry, find out the infected item related to baseotx32.dll, erase it, remove the dll file
8. Finally, done.

It's seems baseotx32.dll was part of KClone.T(never heard of it), and will modify

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems

String key: windows
from:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

to:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=baseotx32,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

That's the reason cause system cannot boot-up

 

[hiddendragon]

Re: XP can't boot-up after AVG 8 move infected files to vault

String key: windows
from:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

to:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=baseotx32,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

That's the reason cause system cannot boot-up

This part should be:

String key: windows
from:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll= baseotx32,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

to:
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
:grin: