System with the problem:
Windows 7 Home Premium Edition 32-bit
Gigabyte EP45-UD3P motherboard
Intel Core2 Duo CPU E8400 3.00GHz
4 Gigs RAM
500 GB SATA3 hard drive (checkdisk found no problems)
I have a paid AVG 2012 3 license on a friend's computer, his wife's who is bed-bound, and mine. His wife had a trojan pop up during a scan.
c:\windows\system32\drivers\afd.sys Trojan horse BackDoor.Generic14.CBJJ
She tried for five hours or so to fix it, then passed the problem on to me. It was a file that AVG couldn't delete or heal because it was a system file. She had tried doing a system restore but that didn't work and it uninstalled her AVG (or messed it up) which wouldn't re-install.
I found out from google that I'd need to copy a clean version of the file over the bad one, so after finding out how to delete files protected by TrustedInstaller, I put a clean copy of the afd.sys file in place of the bad one.
However, now I can't get AVG to re-install either. I tried for longer than she did. The error we get:
Error code 0xC0070643
Error Message: General internal error.
Additional message: MSI Engine: failed to install the product
Service 'AVG WatchDog' avgwd could not be installed. Verify that you have sufficent privleges to install system services. (0xC0070783)
Context:AVG product installation, MSI action failed.
I was logged in as her, which I checked was an admin account. I tried the "run as administrator" anyway on the full install exe, but that didn't help. I checked the forum for an uninstall, and got the 2012 uninstall for 32-bit. I ran the uninstaller, rebooted, deleted the left over AVG directories it said to delete, but still got the same error on install. Sometimes it would say, reboot to finish install and then on reboot the error pops up. Sometimes it gave the error without having to reboot. I noticed she had Malwarebytes and Spybot search and destroy running, so I uninstalled those and closed the rest of the stuff running that I could. Nope. I saw that one person was told to download the full install from another computer to a usb flash drive and run from the flash drive. That got the same error as well. The install where you just download a little program that downloads the rest of avg gets the same error. Each time the install failed, I ran the un-installer, rebooted, and deleted AVG directories. The free version fails as well. I can put a free version of avira anti-virus on there with no trouble though and it found no problems on it's scan. Checkdisk on her boot drive found no problems either. One odd thing though. When I installed Avira, it checked for programs that might conflict and it listed under the manual un-install the AVG Link Scanner even though I did the AVG uninstall and delete AVG directories.
The reset access tool didn't help. Got the same errors. I checked the registry and there were none of the sub-keys listed. I got the msinfo and the autostart GMER scan, but the full GMER scan ran for 16 hours while I slept then went to work. It was still on the program data directory. That's were it was when I left for work 11 hours ago. It wasn't locked up. It kept of flashing really long filenames that were strings of numbers and letters inside brackets. It was even slowing down browsing the web for her, so I told her to just save what it got so far and I'd ask about it. I know the post on GMER says if the computer freezes to try the earlier version, but it was still running. Before I download and run the earlier version can you give me an idea on how long it should take? It's 600 gigs on C but only 124 used. D is 600 GIG too but 598 GIG used. Today and tomorrow are my days off, so I can sit and watch the scan when she goes back to sleep.
BTW: I don't know that it makes a difference, but after running the reset access tool, the Documents library from the start menu didn't work. It said it was missing or damaged but since the library really isn't the directory, we could just delete the library without loosing files. She has her documents folder on D instead of C. That's the only thing I can think of that maybe the tool told it the libraries were back on C.
Thanks, but nope. It looped again. Installing in Safe Mode also got the same error.
I ran into an odd problem with the older version of gmer. It can do the autostart scan, but the full rootkit scan, I can't click the scan button. All the other buttons work. Can't tab to the scan button either.
I'm trying again with the current version after installing the free version of Avira anti-virus so the computer has something for virus protection while gmer tries again. One of the directories was ART for windows media player. Even though I went to the directory in explorer and saw it only had 4 files, it had been scanning that directory flashing .jpg filenames for over 20 min. I deleted the 4 files and will see how that does.
Turns out those 2 directories that gmer seemed to get stuck in were Windows Media Player clip art directories. Each with over 101,200 files in them. They were just hidden and system files. After deleting those directories, the full anti-root kit scan went a lot faster. Put a new msinfo and gmer atuostart log in the zip as well.
I tried the AVG Rescue CD a day or two ago. It didn't mention finding anything on C and when it hit D, it stopped with a segment fault.
I was able to uninstall toolbarHelper and BCU but still install crashed. I think for now, she is just going to want to stay with either the free version of avria anti-virus or Vipre anti-virus. As it is, I had to wait for her to go to sleep and use GoToAssist's power on feature for unattended support to turn on her computer and try this. She may let me try next Wednesday and Thursday (my days off) but to aggravated with AVG for now.
Ah well. If she wont let me continue, I'll just move the third license for AVG to my laptop (it's using avg free right now) and she can use what ever anti-virus program.