« previous next »
Pages: [1]   Go Down

Author Topic: Taskbar Crashes - Quarantine and Deletion for Vulnerable Drivers  (Read 907 times)

0 Members and 1 Guest are viewing this topic.

Offline Fiery

  • Newbie
  • *
  • Posts: 1
Taskbar Crashes - Quarantine and Deletion for Vulnerable Drivers
« on: February 09, 2024, 08:15:30 AM »
I have recently updated Avast and get the following popup every time I restart. (See Attached)
If I understand correctly, Avast blocks the driver and doesn't delete it or stop it from starting up. Then since the driver is stored in the System32 folder the PC is slowed down to block it every time even after the original application that used it is removed. Which may result in many processes crashing at startup. It makes no sense for Avast to slow down your PC to the point of crashing it every time you start it without giving the option to remove it or quarantine it. Since for the people who want to allow it there is an option, then there should also be an option for the people who want to remove it.

(Update) I have since removed the driver in question. However, in the aftermath, there was still a 1-minute delay when loading the taskbar. After a bit of troubleshooting, I have found that after the incident when the Web Account Manager Microsoft Service is enabled, the taskbar takes about one more minute to load. Unfortunately disabling the service is by no means a workaround as you are forced to a local account, some restrictions, and even night light mode and other processes will be slowed down and start quite a bit later.
« Last Edit: February 11, 2024, 04:13:23 AM by Fiery »
Logged

Offline New_Style_xd

  • Sr. Member
  • ****
  • Posts: 397
Re: Taskbar Crashes - Quarantine and Deletion for Vulnerable Drivers
« Reply #1 on: February 12, 2024, 05:01:05 AM »
This issue is very complex, anyone who can help and support you, get in touch with them, and I think you will have better results for this problem.
Logged
OS: Windows 10 PRO / Intel(R) Core(TM) i7-6500U CPU 2.60 GHz.
Real Time: Avast Premium Security: 24.2.6104 (compilação 24.2.8904.819) IU: 1.0.799
Moble: Avast Security: 24.3.0-1004091
VPN: Avast SecureLine VPN: 5.29.9498
On Demand: Malwarebytes: 4.6.9.314

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5719
  • Spartan Warrior
Re: Taskbar Crashes - Quarantine and Deletion for Vulnerable Drivers
« Reply #2 on: February 12, 2024, 07:22:42 AM »
Best suggestion is to upload your detected system file to VirusTotal.com   https://www.virustotal.com

Reply by placing the url scan results in your next reply.

Possible detection of miner software?:  https://www.malwaretips.com/blogs/remove-winring0x64-sys/ 

A scan at VirusTotal will clarify.

Malwarebytes:  https://www.malwarebytes.com/cybersecurity/computer/what-are-computer-drivers
                         https://forums.malwarebytes.com/topic/298671-exploit-detections-of-vulnerable-drivers/

and                   https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

The last article discusses how device drivers can be changed to maliciously control a system at the kernel level.

Makes sense that this WinRing0x64.sys driver could interfere with normal Windows operation and removing it might have damaged your system even more.

Await your reply.

See an earlier thread posted here in this forum starting on February 9, 2023:  https://forum.avast.com/index.php?topic=322571.0
Logged
Windows 11 Home 23H2
Windows 11 Pro 23H2
Avast Premier Security version 24.8.6127 (build 24.8.9372.868)
UI version 1.0.814
Pages: [1]   Go Up
« previous next »