Panda on XP Problem

[tizzo]

As the IT guy in the family, I have been called upon to help
troubleshoot a problem with my nephew's PC. His dad is very security
conscious, and has installed all kinds of protection software on the
machine, including Panda's AntiVirus product.

I'm still trying to sort out everything that was done to the machine
lately. What I know right now, however, is that the machine was
running slowly, so while my nephew was out of town, his father did
some "maintenance" on the computer. Dad went out of town and nephew
came home, and now the PC reboots itself within about 30 seconds of
startup.

I disabled autorestart on system error, and was able to determine that
the cause of the reboot is a STOP 0x000000D4 (driver unloaded without
canceling pending operations) in av5flt.sys, which is part of Panda.
The same thing happens in safe mode, so I can't even get in to look at
anything or try to disable Panda from starting automatically. Safe
Mode with Command Prompt just boots right into normal GUI safe mode,
which is not how I remember it working. I also thought there was an
option in which you could be prompted y/n on whether to start each and
every startup process, and was hoping I could prevent Panda from being
loaded that way, but none of the options on the F8 menu do that for
me. I thought it was the Enable Boot Logging option, but when I
choose that, it just boots right into GUI safe mode without any
prompting or printing, and the system halts about 30-60 seconds later.

Does this sound familiar to anyone? Any ideas on how to control
what's loaded at boot time? I'm quite concerned about the seemingly
anomalous behavior of some of the options on the F8 boot menu. Does
that sound like the work of a virus? Is it possible that Panda or
some other piece of defensive software interferes with or disables
some of the low-level control afforded by Windows XP in order to
prevent hackers from getting around it? I'm really at a loss here,
and any advice would be appreciated. Thanks.

 

[Billy No Mates]

As the IT guy in the family,

.... Who can't even control the startup process?

Did you get your certificates from Mickey Mouse?

 

[tizzo]

... Who can't even control the startup process?

Did you get your certificates from Mickey Mouse?

Yeah, thanks for that. Anything constructive to add?

 

[tizzo]

Well, I managed to maneuver my way around this problem. Since it
seems to have stumped everyone here (except Billy, who apparently
knows exactly what's going on but isn't sharing information or
advice), I'm posting my super kludgey "solution".

First, using recovery console, I deleted the offending file. I didn't
expect to be able to boot this way, but I thought I might be able to
force some other kind of error. Instead, during the next boot the
file was restored, loaded, and caused the same stop 0xD4.

Next, I tried replacing the file with a different driver. I copied
null.sys to av5flt.sys. This was basically a "Hail Mary" play, but to
my surprise, it sort of worked. I was able to boot into XP (not even
safe mode, right into the fully configured system), and was able to
copy all of the essential files to a second hard drive that was
installed on the system. Oddly enough, Panda was happily up and
running, apparently unaware that anything was amiss, other than it's
virus defs being out of date.

There were a number of other errors, including several popups telling
me that Windows had recovered from a severe error (gee, thanks,
Windows!), and prompting me to send a report to Microsoft. I also got
repeated attempts by Windows Installer to install something that it
could not find. My brother-in-law was sitting beside me at the time,
and casually told me that this happens all the time, all I had to do
was open task manager and kill everything on the screen. Fortunately,
he did recognize that something wasn't quite right about all this, and
had already resigned himself to reinstalling XP on the machine. So
having gotten far enough to copy off their important files, my job was
done.

So anyway, I don't know how good an idea this was, or what the long
term effects might have been. But if you ever find yourself in a
similar situation, in which some third party driver is stopping
Windows before you can even log in and do anything, and this happens
even in safe mode, then you might try doing what I did. Good luck.

 

[Brian Cryer]

Next, I tried replacing the file with a different driver. I copied
null.sys to av5flt.sys. This was basically a "Hail Mary" play, but to
my surprise, it sort of worked. I was able to boot into XP (not even
safe mode, right into the fully configured system), and was able to
copy all of the essential files to a second hard drive that was
installed on the system. Oddly enough, Panda was happily up and
running, apparently unaware that anything was amiss, other than it's
virus defs being out of date.

That sounds like a very useful tip. Thank you for posting it.