Windows 6 & "Startup Repair" Post Boot-Time Scan?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Avast reported a root kit on my VAIO and advised a boot-time scan after
it had dealt with the issue.

It was coincident with connecting a USB-wrappered DVD drive and I
suspected a false positive.

Not knowing enough to give my suspicion any weight, I started the
boot-time scan

Got 3 indications of infection but none of Avast's 5 or 6 options would
work (Avast reported something like "Unable to do that...") so I wound
up pressing "Bypass" for each.

The scan would run and then require intervention every time if found
something - and it was only at 12 percent at the time, so I thought I'd
just kill it and come back when I had the time.

But upon re-boot, I'm getting "Startup Repair... Attempting repairs..."
and it seems tb running for a very long time.

Dunno who is popping that dialog - Windows, Avast, some sort of
malware... or what...

I can't get to Avast's log or I'd post it....

Anybody been here?

Is the VAIO hosed?
--
Pete Cresswell

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

Per (PeteCresswell):
Quoted text here. Click to load it

It finally ended:
-----------------------------------------------------------------
Root cause found:
--------------------
Unspecified changes to system configuration might have caused the
problem.

Repair Action: System files integrity check and repair
Result: Failed.  Error code = x0490
Time taken = 1004444 ms
-----------------------------------------------------------------
--
Pete Cresswell

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

Per (PeteCresswell):
Quoted text here. Click to load it

Followed a few more prompts/buttons....
-------------------------------------------------------------------
"If you have recently attached a device to this computer, such as a
camera or portable music player, remove it and restart your computer. If
you continue to see this message, contact your system administrator or
computer manufacturer for assistance.

To restart immediately, click Finish."
-------------------------------------------------------------------

Clicked "Finish", and the VAIO rebooted... seemingly A-OK.

Sheesh!!!!!

But it still begs the question "What Happened?".

--
Pete Cresswell

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

wrote:

Quoted text here. Click to load it

This - again, is why everyone should have such an imaging program as
Macrium Reflect, Acronis True Image, or some other disk imaging
software.  If you image a few times a week, and *definitely* before
installing anything new - software or hardware, you can come out of
these situations without a problem.

You got lucky that you solved it.

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

Per kellyt@that.invalid.place.net:
Quoted text here. Click to load it

Actually I do have a pretty good one: "ShadowProtect" and I live and die
by it's images on my desktop PC - and I'll re-image as soon as anything
even seems flaky.

But my personal paranoia just never extended to plugging in an external
drive or running a boot-time scan.

Now it does...... -)
--
Pete Cresswell

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?


Quoted text here. Click to load it

Windows 6 ?

Is this the same Vaio NB where it takes 30 mins. vs 10 mins as compared to a
desktop for a DVD ripping function?



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

Per David H. Lipman:
Quoted text here. Click to load it

Yes - 30 mins using the internal drive.

Windows 7
--
Pete Cresswell

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?


Quoted text here. Click to load it

I'll bet it was a FP based upon the OS Plug 'n Play of the driver to use the
device and it was based soley on the alteration of the system perceived by
Avast as noted by...
"Unspecified changes to system configuration might have caused the problem."


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

wrote:

Quoted text here. Click to load it

My paranoia is such that I do at least one full backup of my C: to an
outboard drive once a week.

A long time ago, I had a problem happen with my C: drive.  It was
Saturday and I didn't feel like running out to buy another drive.  I
figured I'd do it when coming home from work on Monday.  After all, I
had a 2nd drive with all my data backed up. Right? WRONG!  The 2nd
damn drive crashed on Sunday.  My C: totally crashed the same day.  I
lost every damn thing I had collected for years.  I now have SEVEN
outboard drives.  I am backed up to the wahzoo and everything is on at
least 4 of those drives.  You fool me once...etc.

I have a lot of music and movies on my comp.  That's also why I have
so many drives.  In short, when dealing with comps, paranoia is a good
thing.

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

Per kellyt@that.invalid.place.net:
Quoted text here. Click to load it

I go easy on the C-drive images because I don't want to get into a
situation where I have imaged a flaky system.   So my images are only
taken of systems that I'm pretty sure are "good".

I keep the images on a NAS box - which is backed up to an old WHS box.

For data, I've come around to your scheme except that I only have six
drives.

I try to keep two or three of them in a location that I cannot readily
get to.   Reason: I once had a interface (IDE?  USB?  SATA?  can't
recall...) card that had gone South, but not all the way.   It was
frying the drive as soon as it was connected.

I managed to fry two drives before it dawned on me that the backups were
not bad - that they were getting corrupted or whatever when they were
being connected.

So... if that happens again, maybe the unavailability of some backups
will save me from myself.... -)
--
Pete Cresswell

Windows 6 & "Startup Repair" Post Boot-Time Scan?

+ User FidoNet address: 1:3634/12.42
 P> But my personal paranoia just never extended to plugging in an
 P> external drive or running a boot-time scan.

i guess you never heard of those digital picture frames that yo connect to your
PC via USB and load them up with your photos to be shown in the device? quite a
few of them were purchased from wally world and other electronic device stores
that were infected from the factory...

and then there's sony who thought it a good idea to infest PCs with a rootkit
from their music CDs as part of their supposed DRM stuff...

 P> Now it does...... -)
 P> --
 P> Pete Cresswell

i should hope so! do you know that one of the biggest ways that penetration
testers get into a network is by seeding the parking lot with infected
thumbdrives and then waiting for someone to plug them in one of the office
network machines to see what's on it??

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

Quoted text here. Click to load it

I'd heard about giving them away at trade shows.....

All the ways to infest a PC that I never would have dreamed of seem to
support my notion of not imaging a system for the purpose of later
restoration unless I'm very sure it's not infected....    

Now making sure it's clean.... that seems to be a whole other ball
game..... You have me thinking that I should at least run a Kaspersky
boot-time scan before I make the image - and maybe one or more other
scans.

??

--
Pete Cresswell

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

On Tue, 05 Feb 2013 08:34:47 -0500, "(PeteCresswell)"

Quoted text here. Click to load it

If you hang out in this group long enough, these maxxie paranoids
who inhabit it will ruin the computer game real fast for you.
They have no other life except to see maliciousness in every
twist and turn of using a comp.  They will  drive you nuts.  They
simply don't know when enough is enough.  If you have a lengthy
history of incremental backups on your machine, worse case is
that going backwards a few times will get you to a safe image.
(And don't forget to make a full image on another drive or two at
least once a week. With Tb drives, who's worried anymore about
disk space?)

If things are working as usual on the comp, chances are
everything is fine.  More people have screwed up their boxes
'fixing what ain't broke.'  Of course that doesn't mean scanning
with a good AV product isn't the thing to do.  Even here, the
maxxie paranoids will have you using 123 different products just
to "make sure" everything is fine - and then they'll tell you
that even then, you can't be *really* sure. Jeez!  Enough is
enough already.

In other words, there comes a point you have to stop listening to
these maxi-geekwads in this group.  I've seen them drive newbies
insane with their insane measures of that constitutes "safe hex"
in their world. Image frequently, both incremental and full, and
enjoy the comp.  Let the paranoids whose whole life is that of
*knowing* bad things *always* happen suffer their daily trembles,
waiting for the next hex calamity.

Windows 6 & "Startup Repair" Post Boot-Time Scan?

+ User FidoNet address: 1:3634/12.42
Quoted text here. Click to load it

 P> I'd heard about giving them away at trade shows.....

that's one thing and those were likely not known to be infected when they may
actually have been...

 P> All the ways to infest a PC that I never would have dreamed of seem
 P> to support my notion of not imaging a system for the purpose of
 P> later restoration unless I'm very sure it's not infected....    

that's a hard job... very hard and has been for a long time...

 P> Now making sure it's clean.... that seems to be a whole other ball
 P> game..... You have me thinking that I should at least run a
 P> Kaspersky boot-time scan before I make the image - and maybe one or
 P> more other scans.

the problem is that "we" do not know what may have infested our systems... just
because malwarebytes, and AV scans along with other tools all say it is clean
doesn't mean that it is... why? because detecting these critters is and has
always been a chase game... you can't detect what you don't know is there...
until the industry turns things around and goes in the complete reverse
direction, critter writers will always have the upper hand... especially as
long as the software and OS developers continue to allow project managers to
decide what is good enough for distribution and especially so with the major
lack of proper testing and enforcing buffer length checking and other related
situations that may allow something to overrun a buffer and place code where it
may be executed...

a lot of the ideas out there and used today would never have been needed if the
code was properly tested and vetted in the first place... we can all place the
blame for this on greed, as simple as that is...

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Re: Windows 6 & "Startup Repair" Post Boot-Time Scan?

Quoted text here. Click to load it

My little scheme has been to:

- Do the initial build without any IP connection.

- Image that build as my first "Good" system.

- Keep notes on whatever I do to that system.

- Every so often, even if there are no known problems,
  re-image from the last "Good" image and apply the
  changes from my notes.

- Image that system as my next "Good" system.

- Push-comes-to-shove, I can always restore
  from that first "Good" image and apply all
  the changes since - but that has not happened
  yet.  

- If I even suspect a problem, I just re-image
  from the latest "Good" image, apply the changes
  made since, and then image that as my latest
  "Good" image.

I find that once one gets the "Data goes on D:" discipline
down pat, re-imaging is close to trivial: say 30 minutes
absolute max.... maybe more like 15-20.

Now, whether or not that "Good" image is really good.... -)
--
Pete Cresswell

Site Timeline