Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: lexluthor on April 01, 2008, 02:09:50 AM

Title: Boot Time Scan Problem
Post by: lexluthor on April 01, 2008, 02:09:50 AM
I'm trying to do a boot time scan on my Vista Home Premium PC.  I have 1 HD, 2 partitions, both NTFS.

The message down below is what appears at the end of my aswBoot.log file.

I tried twice.  According to my aswBoot.txt file, the first time 14443 folders were scanned and I had on archive scanning.  The second time 14447 folders were scanned and archive scanning was not on.  So, it appears as if it failed at around the same place both times.

I tried a windows on demand scan and that completed without any critical errors (there was some password zip and .7z files that I guess it couldn't scan).

Any thoughts?

Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x770529B2Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x770555E7Unhandled exception! Error:0x77078BC0Unhandled exception! Error:0x77078BC0

Title: Re: Boot Time Scan Problem
Post by: Lisandro on April 01, 2008, 04:27:44 AM
Wow... a new problem... never read this before and I'm here quite a long time...
Hope the programmers could help.
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 01, 2008, 08:46:43 AM
Wow... a new problem... never read this before and I'm here quite a long time...
Hope the programmers could help.
I sure hope so.

I am running Avast 4.8, by the way.

Title: Re: Boot Time Scan Problem
Post by: igor on April 01, 2008, 09:23:20 AM
Could you attach the file <avast4>\Data\Log\aswBoot.log here?
If you go into avast! settings / Troubleshooting page and check the option "Disable raw disk access in avast! boot-time scan" (and run a boot-time scan again) - does it change anything?

Do I understand it correctly that the scan went fine up to some point where it crashed with the following message? Or the scan seemed to reach the end "successfully", accumulating those errors on the way?
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 01, 2008, 02:21:28 PM
Could you attach the file <avast4>\Data\Log\aswBoot.log here?
If you go into avast! settings / Troubleshooting page and check the option "Disable raw disk access in avast! boot-time scan" (and run a boot-time scan again) - does it change anything?

Do I understand it correctly that the scan went fine up to some point where it crashed with the following message? Or the scan seemed to reach the end "successfully", accumulating those errors on the way?

Here's the full log.

I'll schedule another scan this afternoon with the raw disk access disabled.

I'm not sure when the messages accumulated.  I don't think I'd have any way to know.  I watched it for a while and I saw it get up to 20% or so with no errors at all.  When I came back, it had booted into the OS.  The time stamp on the log file was the same time stamp as on the report .txt file, so I think it would have written the final log entry at the same time it wrote the final amount of directories scanned.  The time stamp seems like it would have been around the time it booted the OS.

I'll let you know the results of the new boot scan, let me know if there's anything else you can think of.

Title: Re: Boot Time Scan Problem
Post by: ata on April 01, 2008, 10:53:25 PM
I am having a similar problem. About 60% through the boot scan, my system is going to sleep and can't wake up.  The only way is to turn off my system and then restart it.  When it restarts, it can not do a proper boot and I have to restore the computer.  Avast is then gone.

I have tried this 2 times now and the same happens, but a different points.  How can I do a boot scan if this happens?
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 01, 2008, 11:11:08 PM
ata, doesn't really sound like the same problem, can you please start your own thread?
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 01, 2008, 11:26:20 PM
Could you attach the file <avast4>\Data\Log\aswBoot.log here?
If you go into avast! settings / Troubleshooting page and check the option "Disable raw disk access in avast! boot-time scan" (and run a boot-time scan again) - does it change anything?

Do I understand it correctly that the scan went fine up to some point where it crashed with the following message? Or the scan seemed to reach the end "successfully", accumulating those errors on the way?

With disable raw disk access checked, the bootscan appears to have completed successfully.

So what's what mean then?

Is it safe to use it that way?

Anything else I can help so that you can fix the problem or is it something with my system?
Title: Re: Boot Time Scan Problem
Post by: igor on April 02, 2008, 10:56:32 AM
Well, it gave as some info, but not enough to say where the problem really is, I'm afraid (let alone fix it).
Would you be willing to run some test programs / scans if I prepare some special executables? It is possible that the scanner crashes on a particular file or folder (though if you say the crash occurred even with archive scanning disabled, it limits the possibilities) - but we'd first need to find out where exactly it crashes (on what file), and then - if possible - why.

And yes, you can run the boot-time scanner without raw disk access... it will not be effective against some rootkits, but it should be OK otherwise (and rootkits should be dealt with by the embedded rootkit scanner in the rest of avast! scanners).
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 02, 2008, 01:16:14 PM
Well, it gave as some info, but not enough to say where the problem really is, I'm afraid (let alone fix it).
Would you be willing to run some test programs / scans if I prepare some special executables?
I guess I could.  How would you like to get the files to me?
Title: Re: Boot Time Scan Problem
Post by: igor on April 02, 2008, 11:04:38 PM
I'll have to prepare them first (something with extensive logging of performed operations)... give me a day or two, please ;)
I'd let you know by PM where to download and how to install/run it, OK?
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 02, 2008, 11:28:25 PM
I'll have to prepare them first (something with extensive logging of performed operations)... give me a day or two, please ;)
I'd let you know by PM where to download and how to install/run it, OK?

Ok.  I would prefer if whatever goes back to you is pretty clear, so I know what I'm sending (i.e. I need to be able to read the filenames, etc. that I'm sending to you).
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 08, 2008, 06:05:04 AM
I'll have to prepare them first (something with extensive logging of performed operations)... give me a day or two, please ;)
I'd let you know by PM where to download and how to install/run it, OK?

Are you still working up something for me to test with?

Let me know.
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 08, 2008, 02:36:19 PM
Igor,

I'm not sure how to or if I can reply to your PM.

Anyhow, I ran the scan you sent and it completed without errors.

BUT, it says it only searched 14668 folders.  That's somewhat close to the number of files it searched when it failed (14443). 

I was watching it, for the most part, and it did go all the way up to 100% and I see it made it onto the D drive, so it looks like it actually did finish.

I don't recall how many folders it said it searched when I did a successful boottime scan with raw access disabled.

Here are the last few lines of the log:

CFileNtfs (1), this 001EBAD0, rec 0x4e, name "/Software/WLinstaller.exe"
CUFSD::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428], 0x0011EAF0
CFileSystemNtfs::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428]
CUFSD::IoControl returns status 0x0, written bytes 0xa0
CFileMFTRecord::ReadEx 0x4e not complete. Size 0x1bad70, Offset 0x0, ToRead 0x1c0000, Read 0x1bad70, AttributeList "no", Compr "no"
*RAW:D:\Software\WLinstaller.exe /before
~CFileNtfs (0), this 001EBAD0, rec 0x4e, name "/Software/WLinstaller.exe"
*RAW:D:\Software\WLinstaller.exe /after
CFileNtfs (1), this 001EBAD0, rec 0x4f, name "/Software/XviD-1.1.3-28062007.exe"
CUFSD::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428], 0x0011EAF0
CFileSystemNtfs::IoControl: 121, [0x0011EAE8, 0x8], [0x012D6248, 0x428]
CUFSD::IoControl returns status 0x0, written bytes 0xa0
CFileMFTRecord::ReadEx 0x4f not complete. Size 0x9ceec, Offset 0x0, ToRead 0xa0000, Read 0x9ceec, AttributeList "no", Compr "no"
*RAW:D:\Software\XviD-1.1.3-28062007.exe /before
~CFileNtfs (0), this 001EBAD0, rec 0x4f, name "/Software/XviD-1.1.3-28062007.exe"
*RAW:D:\Software\XviD-1.1.3-28062007.exe /after
Pop level : 0, Vcn 0xffffffff
~CDirNtfs: (1), this 002495D8, rec 0x28
Pop level : 0, Vcn 0xffffffff


What next?
Title: Re: Boot Time Scan Problem
Post by: igor on April 08, 2008, 02:42:25 PM
Please check the end of the aswBoot.log file - what are the last few lines?
Title: Re: Boot Time Scan Problem
Post by: oldman on April 08, 2008, 02:47:17 PM
Quote
I'm not sure how to or if I can reply to your PM.

lexluthor

Make 1 more post, them PM will work for you.
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 08, 2008, 02:55:40 PM
Please check the end of the aswBoot.log file - what are the last few lines?


See above, I edited my post.
Title: Re: Boot Time Scan Problem
Post by: igor on April 08, 2008, 03:03:36 PM
That's the very end of the log?
Even though it seems like it mostly finished (is "Software" the last folder on your D: drive - alphabetically, and XviD-1.1.3-28062007.exe the last file inside of it?), the last line should say "CloseLog"...
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 08, 2008, 03:18:59 PM
Yes, that's the end of the log.

The D: only has one folder, called Software.  It's only a 1GB partition.

There appears to be no "CloseLog" entry.

What next?
Title: Re: Boot Time Scan Problem
Post by: igor on April 08, 2008, 05:36:07 PM
Well, I'll build the real boot-time scanner (the logging version) to see if the problem can be simulated at least there...
Title: Re: Boot Time Scan Problem
Post by: hines232 on April 08, 2008, 07:05:04 PM
System Windows ME.
Regseeker
Super antispy ware
Spywareblaster
CCleaner
Avast 4.8 (Home)
(Wish every one did this)
What the heck is a BOOT TIME SCAN ????? (Home or Pro version):-X
Title: Re: Boot Time Scan Problem
Post by: Tevion on April 08, 2008, 07:10:35 PM
Well, I'll build the real boot-time scanner (the logging version) to see if the problem can be simulated at least there...

hi,
hope there will be a solution soon ... have the same error logs like lexluthor.
This are the now well known last lines of my boot-time scan:

exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DD55E7Unhandled exception! Error:0x77DF8B8AUnhandled exception! Error:0x77DF8B8A

Tevion
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 08, 2008, 07:22:35 PM
Well, I'll build the real boot-time scanner (the logging version) to see if the problem can be simulated at least there...

Got it.  I probably won't be able to report the results back until tomorrow morning US time.
Title: Re: Boot Time Scan Problem
Post by: igor on April 08, 2008, 08:59:05 PM
No problem, thanks for any help.

Tevion, would you also be interested in trying a special executable (with extensive logging capabilities)? It might give us some clues...
Title: Re: Boot Time Scan Problem
Post by: DavidR on April 08, 2008, 11:32:57 PM
System Windows ME.
<snip>
Avast 4.8 (Home)
(Wish every one did this)
What the heck is a BOOT TIME SCAN ????? (Home or Pro version):-X

It isn't available on non-NT OSes, win9x, WinME. But it is able to do a scan before windows boots. This overcomes virus detections that when you select move to chest, etc. they can't be moved because they are in use or protected. When avast is first installed, if your OS supports it avast suggests you run a boot-time scan.

So basically you wouldn't suffer a boot-time scanner problem.
Title: Re: Boot Time Scan Problem
Post by: Tevion on April 09, 2008, 07:40:42 PM
No problem, thanks for any help.

Tevion, would you also be interested in trying a special executable (with extensive logging capabilities)? It might give us some clues...


Hi Igor,
sorry for my late answer ...yes, indeed i have interest to help!
What should i do?
Tevion
Title: Re: Boot Time Scan Problem
Post by: igor on April 14, 2008, 05:02:54 PM
OK, I hope I found this one... it was quite tricky.
A supposed fix will be included in the next update (or beta refresh, if there is any - so you are welcome to check).
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 14, 2008, 05:41:52 PM
Great news.

How'd you find it?  Want to share what was going on?
Title: Re: Boot Time Scan Problem
Post by: igor on April 14, 2008, 09:40:17 PM
Well, in the end I was able to reproduce the problem on my notebook... which was followed by two days of debugging, trying to find out where the hell the memory gets corrupted (it's not possible to start the boot-time scanner normally from Windows, so I used a special loader to make it possible, which in turn had some strange effects on the keyboard, so I had to control the machine remotely from another computer standing next to it...). In the end I found something wrong in the handling of threads in the boot-time scanner (well, "wrong" means it seemed to be wrong... the whole thing is undocumented and I didn't want to trace deep inside of Windows kernel, because Vlk - who knows more than me about NT kernel - is skiing somewhere ;))

Anyway, if you're interested, you can try the updated version here (http://public.avast.com/~glucksmann/aswboot.zip).
Just note that when you overwrite the original file in Windows\System32 folder with this new one, avast! setup will notice soon and overwrite it back with the official build - so you'd better overwrite it right before the restart (after scheduling the boot-time scan).
Title: Re: Boot Time Scan Problem
Post by: lexluthor on April 14, 2008, 09:45:55 PM
Thanks for the insight.

I don't really do a boot time scan often.  I'll wait for the update though the standard channels to try again.