Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Aditza on January 21, 2016, 09:06:09 AM
-
my testing system:
hardware:
mb: Intel Corporation - Intel Desktop Board DH55TC (XU1)
BIOS Version TCIBX10H.86A.0048.2011.1206.1342
Date 06.12.2011
CPU: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
x86 Family 6 Model 37 Stepping 2, GenuineIntel
Microcode signature: 0000000D
software:
- OS: WinXP Pro SP3 with POSReady updates, including latest, january 2016 from MS
- Avast Free AV 2016 11.1.2245
- Yubikey CLI Personalization tools v.1.17.3-win32
https://developers.yubico.com/yubikey-personalization/Releases/ykpers-1.17.3-win32.zip
running ykinfo.exe with a YubiKey 4 connected generated a pop-up from Avast (popup of the kind "please wait while scanning unknown app") and then immediately a BSOD.
BSOD record in the system event log:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x806e794f, 0xa31257a8, 0x00000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP.
Memory dump analisys (WinDBG)
NOTE: i don't have the symbols for the debugger installed.. so i get a lot of warnings about incorrect symbols
Loading Dump File [C:\ykpers-1.17.3-win32\BSODs\MEMORY.DMP]
Kernel Summary Dump File: Only kernel address space is available
[...snip...]
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp3_qfe.150205-1510
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
[...snip...]
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 8E, {c0000005, 806e794f, a31257a8, 0}
[..snip warnings about missing symbols...]
*** ***
*************************************************************************
Probably caused by : aswSnx.sys ( aswSnx+2090 )
-
P.S. ADDITIONAL_DEBUG_TEXT:
ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.
MODULE_NAME: aswSnx
FAULTING_MODULE: 804d7000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 569e3e86
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
hal!ExAcquireFastMutex+f
806e794f f0ff09 lock dec dword ptr [ecx]
TRAP_FRAME: a31257a8 -- (.trap 0xffffffffa31257a8)
ErrCode = 00000002
eax=00000000 ebx=87930008 ecx=0000006c edx=00000000 esi=87930008 edi=e46c3350
eip=806e794f esp=a312581c ebp=a3125c14 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
hal!ExAcquireFastMutex+0xf:
806e794f f0ff09 lock dec dword ptr [ecx] ds:0023:0000006c=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x8E
LAST_CONTROL_TRANSFER: from 804fe873 to 804f9fa3
STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
a3125370 804fe873 0000008e c0000005 806e794f nt!KeBugCheckEx+0x1b
a3125738 80542245 a3125754 00000000 a31257a8 nt!KeRaiseUserException+0xc29
a31257c4 8062f43a 00000000 e1037b60 e154d378 nt!Kei386EoiHelper+0x1d9
a3125c14 a6e76090 87d61898 87930008 00000000 nt!LsaDeregisterLogonProcess+0x162e6
a3125c40 804ef1f9 88c51888 00000000 806e7410 aswSnx+0x2090
a3125c64 8058082f 88c51888 87d61898 87e9c028 nt!IoBuildPartialMdl+0xed
a3125d00 80579292 000007f4 00000000 00000000 nt!NtWriteFile+0x391f
a3125d34 805417e8 000007f4 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
a3125d64 7c90e514 badb0d00 0022f780 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb80
a3125d68 badb0d00 0022f780 00000000 00000000 0x7c90e514
a3125d6c 0022f780 00000000 00000000 00000000 0xbadb0d00
a3125d70 00000000 00000000 00000000 00000000 0x22f780
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSnx+2090
a6e76090 8b450c mov eax,dword ptr [ebp+0Ch]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: aswSnx+2090
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: aswSnx.sys
BUCKET_ID: WRONG_SYMBOLS
-
Follow instructions: https://www.avast.com/faq.php?article=AVKB33#artTitle
-
ok... created ticket #151402 for this