Author Topic: BSOD aswsnx.sys  (Read 61836 times)

0 Members and 1 Guest are viewing this topic.

Unbeliever

  • Guest
BSOD aswsnx.sys
« on: November 05, 2012, 06:17:51 PM »
On Mon 11/5/2012 8:28:22 AM computer CB2306-HP crashed
crash dump file: \\CB2306-HP\C$\Windows\minidump\110512-12386-01.dmp
uptime: 00:06:57
How can I stop this from happening. It is only Windows 7 machines.

This was probably caused by the following module: aswsnx.sys (aswSnx+0x18C75)
Bugcheck code: 0x1A (0x31, 0xFFFFFFFF876063C8, 0xFFFFFFFF8059C000, 0xFFFFFFFFAF19F678)
Error: MEMORY_MANAGEMENT
Note: file information has been obtained locally and may not be correct.
product: avast! Antivirus System
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This indicates that a severe memory management error occurred.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software MEMORY_MANAGEMENT

wpn

  • Guest
Re: BSOD aswsnx.sys
« Reply #1 on: November 09, 2012, 12:33:27 PM »
did you try to run memtest on the machine already to exclude it is faulty memory?

Offline 1tb

  • Jr. Member
  • **
  • Posts: 71
Re: BSOD aswsnx.sys
« Reply #2 on: November 12, 2012, 06:04:34 AM »
I can confirm this happened to us on 2 different servers - first on Nov 1, and again on Nov 12.  On further investigation we found that the avast client (running on the server) has now lost the settings (for example the scan times are set differently to those specified in the SOA). Also on one of the servers we were faced with the SOA wizard (like it thought this was a first time install). Why?

ccrane95540

  • Guest
Re: BSOD aswsnx.sys
« Reply #3 on: November 28, 2012, 09:11:27 PM »
We get the exact same problem on one of our servers and it reboots it in the middle of the night.  Here is my MiniDump


Code: [Select]
Microsoft (R) Windows Debugger Version 6.11.0001.402 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\Minidump\Mini112812-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: C:\WINDOWS\Symbols
Executable search path is:
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: Server, suite: Enterprise TerminalServer SingleUserTS
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a6ea8
Debug session time: Wed Nov 28 06:29:34.443 2012 (GMT-8)
System Uptime: 0 days 2:07:15.094
Unable to load image \WINDOWS\system32\ntkrnlpa.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
Loading Kernel Symbols
...............................................................
...............................................
Loading User Symbols
Loading unloaded module list
....
Unable to load image \SystemRoot\System32\Drivers\aswSnx.SYS, Win32 error 0n2
*** WARNING: Unable to verify timestamp for aswSnx.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSnx.SYS
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, b6e02817, b60cb6c8, 0}

Probably caused by : aswSnx.SYS ( aswSnx+3c817 )

Followup: MachineOwner
---------

2: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: b6e02817, The address that the exception occurred at
Arg3: b60cb6c8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
aswSnx+3c817
b6e02817 8904b3          mov     dword ptr [ebx+esi*4],eax

TRAP_FRAME:  b60cb6c8 -- (.trap 0xffffffffb60cb6c8)
ErrCode = 00000002
eax=00000000 ebx=00000000 ecx=b60cb788 edx=8e715e5c esi=00000000 edi=00000000
eip=b6e02817 esp=b60cb73c ebp=b60cb748 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
aswSnx+0x3c817:
b6e02817 8904b3          mov     dword ptr [ebx+esi*4],eax ds:0023:00000000=00000000
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR:  0x8E

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from b6e03c5c to b6e02817

STACK_TEXT: 
WARNING: Stack unwind information not available. Following frames may be wrong.
b60cb748 b6e03c5c ffffffff b60cb788 00000000 aswSnx+0x3c817
b60cb770 b6e03de7 b60cb7a4 00000032 8e0c5ab4 aswSnx+0x3dc5c
b60cb7c8 b6e041cf 00000000 00000000 00000000 aswSnx+0x3dde7
b60cb80c b6e045a9 b60cb8f0 8e715e5c b6e12e6e aswSnx+0x3e1cf
b60cb8e4 b6e04716 b60cb920 b6e12dfa 80000514 aswSnx+0x3e5a9
b60cb90c b6de6944 b60cb958 b6e12dfa 80000514 aswSnx+0x3e716
b60cb994 b6ded7c0 000ce904 e7fb63e8 00000001 aswSnx+0x20944
b60cb9bc b6dedf92 000006d0 000ce904 e7fb63e8 aswSnx+0x277c0
b60cbb14 b6deebd5 fbf6cbc8 000ce904 b60cbb38 aswSnx+0x27f92
b60cbb78 8094a1d2 000006d0 000ce904 00000001 aswSnx+0x28bd5
b60cbcc8 8094af23 00b2d90c 001f03ff 00000000 nt!MiCloneProcessAddressSpace+0x4df0
b60cbd3c 8088983c 00b2d90c 001f03ff 00000000 nt!MiDecrementCloneBlockReference+0xd1b
b60cbd64 7c82845c badb0d00 00b2d59c 00000000 nt!MiRemoveUnusedSegments+0xbd4
b60cbd68 badb0d00 00b2d59c 00000000 00000000 0x7c82845c
b60cbd6c 00b2d59c 00000000 00000000 00000000 0xbadb0d00
b60cbd70 00000000 00000000 00000000 00000000 0xb2d59c


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswSnx+3c817
b6e02817 8904b3          mov     dword ptr [ebx+esi*4],eax

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  aswSnx+3c817

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswSnx

IMAGE_NAME:  aswSnx.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4ff44ee3

FAILURE_BUCKET_ID:  0x8E_aswSnx+3c817

BUCKET_ID:  0x8E_aswSnx+3c817

Followup: MachineOwner
---------

2: kd> lmvm aswSnx
start    end        module name
b6dc6000 b6e60000   aswSnx   T (no symbols)           
    Loaded symbol image file: aswSnx.SYS
    Image path: \SystemRoot\System32\Drivers\aswSnx.SYS
    Image name: aswSnx.SYS
    Timestamp:        Wed Jul 04 07:10:43 2012 (4FF44EE3)
    CheckSum:         0009DC0D
    ImageSize:        0009A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Not sure what I need to do to fix this but it is getting annoying to have to come in at 5 am to make sure all of the services are up and running when this server crashes.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: BSOD aswsnx.sys
« Reply #4 on: November 28, 2012, 10:02:32 PM »
can you please send me (kurtin@avast.com) your minidumps?
i'll see if this bug is fixed and send you patched version, thanks

torvista

  • Guest
Re: BSOD aswsnx.sys
« Reply #5 on: February 03, 2013, 10:00:03 AM »
I have the same issue:
Quote
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x165C)
Bugcheck code: 0x50 (0xFFFFFFFFA7BD0001, 0x1, 0xFFFFFFFF8054708C, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\WINDOWS\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
I'll send the file,
regards
Steve

Offline 1tb

  • Jr. Member
  • **
  • Posts: 71
Re: BSOD aswsnx.sys
« Reply #6 on: February 04, 2013, 02:04:40 AM »
We still see this problem too after months. We fix it sometimes as follows:
1. Disable Sandbox in SOA console
2. Check the settings are not 'magically' lost in SOA (this has happened to us - where sandbox has re-enabled itself) - leading to BSOD in aswsnx.sys and ntoskrnl.exe
3. Uninstall avast and the problem goes away! ???

hjason7812

  • Guest
Re: BSOD aswsnx.sys
« Reply #7 on: June 25, 2013, 12:36:14 AM »
I just got this bsod on my pc.. it has been doing off and on for awhile now.. if this is due to the program I am going to uninstall this thing and find something else that won't make my computer bsod every 5 minutes...

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: BSOD aswsnx.sys
« Reply #8 on: June 25, 2013, 12:57:54 AM »
Only version 8 will solve this proble.  In version 7, ASWSNX cannot be removed (believe me, I have tried it!)  In version 8, custom install, uncheck all virtualization components, and it will NOT be installed.  Make sure to ASWclear before ver. 8 custom install.

and Endpoint  ver. 8 RC is AWSOME! and works the same way!


Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

ralbrux

  • Guest
Re: BSOD aswsnx.sys
« Reply #9 on: June 27, 2013, 04:28:09 PM »
My Nir Soft Blue Screen viewer shows me that I have had 6 BSODs over the last 3 months caused by the address awsSnx.sys +51064.

avast@advantage77.com says the issue can only be solved in v 8 and that one should do a custom install after doing ASWclear (what is that ?).

I am running v 8.0.1489 which is there simply because of automatic updates, so no custom install was ever done and of course no elimination of awsSnx.

Can I disable awsSnx in my currently installed v 8 and if so, how ?

Thanks for any help.

Richard

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re: BSOD aswsnx.sys
« Reply #10 on: June 27, 2013, 04:29:40 PM »
Please send me all your minidumps (\Windows\Minidump folder) to kurtin@avast.com
Thanks.

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 736
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: BSOD aswsnx.sys
« Reply #11 on: June 27, 2013, 06:13:09 PM »
Dear Richard, please send your mini-dumps to P.K. as this process will insure that we know whats going on for the future.  If some chasnges need to be made, P.K. WILL be the guy to do it, as he is the MAN!

What is ASWclear and how do you proceed?

http://advantage77.com/blog/2013/04/11/how-to-do-a-clean-install-of-avast-pro-using-the-avast-removal-tool/

I have only tested this on Endpoint Protection Suite Plus V.8 RC on a File Server (but it should be the same, as both are the version 8 engine.)

This how I did it. After ASWclear, and reboot, then I did a custom install, and under components, I cleared "Sandbox" and "SafeZone" check boxes.   

NOTE:  I really like AutoSandbox, and you WILL lose that feature with this install. AutoSandbox is the only thing standing between us and Polymorphic infection. Symantec has no AutoSandbox, so they just let the infection occur and try to mitigate the damage.

The normal reason I would not install the virtualization drivers are File Servers. We strip those installations to the File System Shield only.

Please let me know your result.  After this install, hopefully you should not be able to find ASWSNX.SYS.


Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

 
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

ralbrux

  • Guest
Re: BSOD aswsnx.sys
« Reply #12 on: June 28, 2013, 03:49:24 PM »
Hi pk,

After making my post I had a thought that maybe I was in the wrong forum.  I got to this forum by googling on "bsod aswsnx.sys" and did not pay attention to the forum title when I started reading the thread.   Actually I have a 5-user license for Avast  pro antivirus which is running on boxes on our LAN.  Does this qualify as Business Protection and is it pertinent to this forum?

Please advise me if I'm in the right forum.

Thanks,
Richard

REDACTED

  • Guest
Re: BSOD aswsnx.sys
« Reply #13 on: December 15, 2013, 10:18:17 AM »
Hi,

I just got BSOD with following info:

Quote
121513-16848-01.dmp
15.12.2013 01:22:55   DRIVER_POWER_STATE_FAILURE   0x0000009f   00000000`00000003   fffffa80`07371e30   fffff800`04c5a3d8   fffffa80`0d6d7010   aswSnx.sys   aswSnx.sys+e1400   avast! Virtualization Driver   avast! Antivirus   AVAST Software   9.0.2008.177   x64   ntoskrnl.exe+75bc0               C:\Windows\Minidump\121513-16848-01.dmp   4   15   7601   927,024   15.12.2013 10:54:55   

Looks like issue is still not fixed.
How can I disable the virtualization driver?

Inapickle

  • Guest
Re: BSOD aswsnx.sys
« Reply #14 on: December 26, 2013, 10:44:01 PM »
I also got this BSOD after installing Win 7 SP1 Home Premium 64-bit. This was a clean install. Let windows install all the high priority windows updates and then installed Avast AV (free version). Then got this system crash at windows log-in - first screen froze with scrambled horizontal lines, then BSOD. Nearly freaked when it happened as I feared a hardware problem. Ran MemTest and it passed OK. Did a clean re-install of Win7, updated and installed Avast again. Same problem.

Ran WhoCrashed (WinDbg) on the minidump, which identified aswsnx.sys as the cause.

Report:

Quote
System Information (local)
--------------------------------------------------------------------------------

computer name: XXXXXXXXXXXX
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
Hardware: ASUSTeK Computer INC., M5A78L-M LX PLUS
CPU: AuthenticAMD AMD FX(tm)-6300 Six-Core Processor AMD586, level: 21
6 logical processors, active mask: 63
RAM: 4007780352 total
VM: 2147352576, free: 1929555968




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Tue 12/24/2013 7:38:30 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\122413-25334-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800029B0B05, 0xFFFFF8800794EE80, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 12/24/2013 7:38:30 PM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x2D53F)
Bugcheck code: 0x3B (0xC0000005, 0xFFFFF800029B0B05, 0xFFFFF8800794EE80, 0x0)
Error: SYSTEM_SERVICE_EXCEPTION
file path: C:\Windows\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software SYSTEM_SERVICE_EXCEPTION



On Tue 12/24/2013 3:47:34 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\122313-24367-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x75BC0)
Bugcheck code: 0x18 (0x0, 0xFFFFFA80051EA8E0, 0x2, 0xFFFFFFFFFFFFFFFF)
Error: REFERENCE_BY_POINTER
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the reference count of an object is illegal for the current state of the object.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

3 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

aswsnx.sys (avast! Virtualization Driver, AVAST Software)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.


There I have been no further crashes in the 3 days that have passed since, but obviously I am monitoring things very closely.

I might add that I encountered no such problem with Avast when I was running XP Pro SP3 on the same PC up until a week ago.