Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: grtguyintx on March 14, 2013, 05:02:12 AM
-
So i downloaded and installed the newest version of Avast onto a windows xp and a windows 7 PC and it has been a nightmare from the start.
The whole setup process was painfully slow, hogged my memory like crazy and it kept freezing. When i finally got it installed i tried to register it and the only thing that happened was that my screen froze when trying to do so. I am glad i didn't start the update to my third PC and i still have version 7 and that it is working great.
So is this a bug in the software or what is going on? Before you ask, i can't have any corrupt files as i did a whole reformat just before installing (or trying to install) Avast newest version.
Does anyone know what is going on? Anyone have any tips on how to fix this?
-
Do you have any other antivirus programmes on the computer ?
-
No other antivirus on the computers and no corrupt files either. They are both freshly formatted computers. I ran DBan to delete everything, than i re-installed the OS and the drivers. After doing that installed Avast which was a painfully slow process, and after downloading it and installing it that is where my worst trouble began. It is hogging my CPU memory big time and it has slowed down both computers bad. And if i try to register it, it freezes my computers.
Like i said, i had never had any trouble with Avast until this new version 8. I have a third PC that i still have version 7 and it is working great.
-
Where did you get the download from ? As I have Avast 8 on both win 7 and win 8 64 bit with no problems at all
Direct download links
http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_pro_antivirus_setup.exe
http://files.avast.com/iavs5x/avast_internet_security_setup.exe
-
I went to Avast.com and hit download which opened a box and once i clicked on i want free protection, it took my to CNET to download the software.
-
Hmm I never trust a cnet download.. I always get it direct if possible.
Could you fully uninstall Avast from one system and use the removal tool that Rejzor has made .. Available here https://skydrive.live.com/?cid=94a12102e5094675&id=94A12102E5094675%21952 (AvastCleanupTool)
Then do a custom install of Avast 8 from the direct link
-
Hmm I never trust a cnet download.. I always get it direct if possible.
Could you fully uninstall Avast from one system and use the removal tool that Rejzor has made .. Available here https://skydrive.live.com/?cid=94a12102e5094675&id=94A12102E5094675%21952 (AvastCleanupTool)
Then do a custom install of Avast 8 from the direct link
After some problems at Windows booting I've deleted AVAST and did run Rejzors removal tool. At least I think it did as there is only a quick flash of a message immediately on starting to run the tool and then nothing afterwards. Is it running in the background silently or do I have to do this in save mode?
I will re-install AVAST 8 afterwards.
regards
PS. Just tried to run in Safe mode and the uninstaller process seems to go further until a message comes up that it cant access remote ... something ???
Why does this uninstaller need to access anything 'remote'? I have remote registry access disabled in services, is this the problem?
-
Mmmmh, well, this time I used the AVAST uninstaller as linked by DavidR from save mode. Then installed again clean.
Straight away, same problem when booting from cold, gets to just after the Windows screen and then shuts itself down again to re-boot.
No problems when AVAST is not installed.
I tried to send a minidump file but windows won't let me ...
These probs have only been since the latest update (not the first V8 release which was fine).
regards
-
Do you have any minidumps ? If so could you upload them to a file sharing site where I can collect them and then analyse them
-
This will read stupid but how?
I tried to submit a minidump file by email but windows just says it cannot open it/I have no access ...
What file sharing site do you mean?
Thanks and regards
-
You can create a free account here, then upload the file and post the sharing link here
http://www.mediafire.com/
But first go to c:\windows\minidump right click the latest one and select copy to desktop then upload from there
-
Opened the account and transferred the minidump file to desktop.
Can't upload as administrator permission needed??
I am administrator ???
regards
-
OK next trick will be to zip the file and then try to upload.. If that fails we can take ownership of it
-
No read permission ... wont even let me zip it.
regards
-
OK download this zip file to your desktop
https://dl.dropbox.com/u/73555776/TakeOwnership.zip
Unzip and extract InstallTakeOwnership.reg to your desktop
Double click and allow to merge with the registry
Now right click the minidump and select take ownership
A black box will open and do its thing
You now own this file and should be able to upload it
-
Did what you said, clicked 'take ownership' ...
when trying to upload still the same message; You don't have permission ...
This is fun :(
regards
-
OK I will let you do the analysis
Please download and install whocrashed from here http://www.resplendence.com/downloads
Run Whocrashed and press the analyse button
(https://dl.dropbox.com/u/73555776/who%20crashed.JPG)
When it has completed scroll down where it states crash dump analysis and either screenshot or let me know what driver is responsible
-
Ok, that worked.
Thanks for your help
regards
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Fri 15/03/2013 17:43:23 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x27803)
Bugcheck code: 0xA (0x10, 0x2, 0x0, 0xFFFFF80003CB7EE9)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software IRQL_NOT_LESS_OR_EQUAL
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
One crash dump has been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:
aswsnx.sys (avast! Virtualization Driver, AVAST Software)
If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.
Read the topic general suggestions for troubleshooting system crashes for more information.
Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
-
aswsnx.sys is the culprit .. Part of the sandbox I believe
Could you do a custom install on Avast and untick behaviour shield and sandbox
If that then appears to fix the problem then go to control panel > programs and features
Select Avast > change and then tick behaviour shield (a reboot may be required)
Does the problem return ?
-
Will do.
Thanks for the fantastic guidance and I'll report back tomorrow
regards
-
I have passed this thread to Avast as it may be what they are looking for
-
Thanks
-
With Windows XP at least, I have found that it is necessary to thoroughly clean out v7. Doing an uninstall of v7 is insufficient. It was necessary to run aswclear.exe in safe mode to banish v7 from the system. Having done that, v8 runs like a dream.
-
aswsnx.sys is the culprit .. Part of the sandbox I believe
Could you do a custom install on Avast and untick behaviour shield and sandbox
If that then appears to fix the problem then go to control panel > programs and features
Select Avast > change and then tick behaviour shield (a reboot may be required)
Does the problem return ?
I switched both behaviour shield and auto sandbox off in existing installation and rebooted twice. No problems.
Turned behaviour shield on, rebooted twice. No problems.
Switched Auto Sandbox back on, rebooted. Crashed.
Hope this helps and many thanks for your time and help!
I look forward to the next update and leave Sandbox turned off for the time being.
regards
-
Crashed again this morning on booting from cold, with the sandbox turned off.
Not sure what causes the conflict but it seems behaviour shield, as pointed out by you Essexboy, may has something to do with it though last night it booted ok with it on :-\. I've turned that off again and it booted fine just now. I use Commodo FW in Chiron's configuration by the way.
Not quite sure what to do as protection is impaired with that shield off.
regards
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Sat 16/03/2013 07:56:59 GMT your computer crashed
crash dump file: C:\Windows\Minidump\031613-25272-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75C40)
Bugcheck code: 0xA (0x10, 0x2, 0x0, 0xFFFFF80003C71EE9)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Sat 16/03/2013 07:56:59 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x87752)
Bugcheck code: 0xA (0x10, 0x2, 0x0, 0xFFFFF80003C71EE9)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\tcpip.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: TCP/IP Driver
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
-
And the sandbox module was uninstalled ?
-
It was 'un-ticked' under FileSsh.
Behaviour Shield on.
regards
-
My Avast is the second clean install of this latest 8.0.1483. I have no other AV's or remnants. Old versions have been deleted both via uninstaller and the Avast tool.
Never had a problem until the 'fixes' to version 8 have been applied.
regards
-
So non installation of sandbox cures the problem ? Do you have any other sandbox type programmes installed ?
-
Commodo FW
regards
-
Hmm I wonder if there is a conflict there, what element of Comodo do you have running ?
-
http://www.techsupportalert.com/content/how-install-comodo-firewall.htm (http://www.techsupportalert.com/content/how-install-comodo-firewall.htm)
regards
-
Could you disable defense+ and then see if you are able to restart with the Avast sandbox
-
Ok, did a few system starts;
Twice with Commodo Def+ disabled, Avast Behaviour Shield on and Sandbox on ... crashed both times.
Twice with Commodo Def+ off and Sandbox off, Avast as above ... fine
Twice with Commodo Def+ enabled, Sandbox disabled, Avast as above ... fine.
There was a third crash but I can't remember the setting of that particular one :)
You are right, that is probably the conflict. I heard/read about it before but forgot as I never had this problem running the two programmes side by side. What has changed since the last update? Also, Defense+ does not automatically switch off Commodo's Sandbox.
More to the point, what is the solution in your informed opinion? What to run and what not ... .
Thanks and regards
On Sat 16/03/2013 15:55:32 GMT your computer crashed
crash dump file: C:\Windows\Minidump\031613-25662-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75C40)
Bugcheck code: 0xA (0x10, 0x2, 0x0, 0xFFFFF80003C9FEE9)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Sat 16/03/2013 15:55:32 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: tcpip.sys (tcpip+0x87752)
Bugcheck code: 0xA (0x10, 0x2, 0x0, 0xFFFFF80003C9FEE9)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\tcpip.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: TCP/IP Driver
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.
On Sat 16/03/2013 15:50:38 GMT your computer crashed
crash dump file: C:\Windows\Minidump\031613-25599-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75C40)
Bugcheck code: 0x19 (0x3, 0xFFFFF80003E0DF00, 0xFFFFF80003E0DF00, 0xFFFFFA8005246198)
Error: BAD_POOL_HEADER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that a pool header is corrupt.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
-
At this stage I would go with the Commodo defence+ as Avast sandbox at this stage appears to be the source of the conflict, obviously this is based on you still wanting to run Commodo
-
Well, I've used Commodo for quite some time so I've never really looked at other FW's. I'm not really security obsessed but like to know that there is some protection.
Which FW would you recommend? I am not a power user and prefer things that quietly run in the background. I've applied Chiron's tweakings as mentioned before and never changed anything.
regards
-
Actually the windows 7 and 8 firewalls are just as good if you are behind a router
There is PCTools free http://www.pctools.com/mirror/fwinstall.exe but I have never tried it
-
Many thanks
regards
-
Please note that PCTools firewall has been discontinued
Source: http://www.pctools.com/forum/showthread.php?69742-PC-Tools-Firewall-retired&p=242700#post242700
Please note that Comodo firewall is flawed in that it cannot provide outbound protection with Avast! installed.
This is because it is unable to check connections redirected through a transparent proxy.
Source: http://www.wilderssecurity.com/showthread.php?p=2194740 (look at vlk's post)
Edit: Windows firewall does a good job for inbound only protection on default, while the outbound protection can be covered by Avast! network shield to a certain extent (due to malicious url blacklisting, it would block outbound connections from your PC to that malicious actor).
-
Thanks
regards