Author Topic: Problem with server file system filter driver???  (Read 15711 times)

0 Members and 1 Guest are viewing this topic.

Sp00k

  • Guest
Problem with server file system filter driver???
« on: January 19, 2006, 05:53:05 AM »
Hi! We are having a strange problem on our MS 2K Std Server as described exactly in MS support article 830265 (http://support.microsoft.com/?kbid=830265). I followed all directions supplied in the article to no avail, but when I disable Avast On-Access scanner - bingo, no errors. The article claims that the problem may be due to a filter driver issue. Any ideas? At the moment the antivirus is disabled, but this is obviously not the ideal situation...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Problem with server file system filter driver???
« Reply #1 on: January 22, 2006, 10:34:29 PM »
The KB article describes a number of symptomps. Do you suffer from all of those, or just some? (in that case, which ones?)


Is there any other low-level software installed on that machine? E.g. an online backup software? Has there ever been a different AV product installed on that machine (that might have been incompletely uninstalled)?


Thanks
If at first you don't succeed, then skydiving's not for you.

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #2 on: January 22, 2006, 11:30:28 PM »
Yes, we are suffering from all symptoms described, which is why I'm fairly sure the problem lies here.

Yes to both questions, too. Veritas was installed and I found and deleted the driver as instructed (we do not use veritas any more so it is no problem getting rid of it). I have confirmed that the driver has been deleted and restarted. I'm sure it has something to do with that. There had been another antivirus before yours (I don't remember which it was, but it was uninstalled through the control panel). Any ideas how I can find what else may be conflicting with avast!?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Problem with server file system filter driver???
« Reply #3 on: January 23, 2006, 07:04:35 PM »
Please use the Drivers.exe utility to get a list of loaded drivers
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/drivers-o.asp

Post the list and I'll try to identify which drivers might be causing the problem (and if they are not in use by any program any more, we can then try to deactivate them).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #4 on: January 24, 2006, 01:24:06 AM »
Thanks! I've attached it as an jpeg, but if you want it in the post I can scan and OCR it.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Problem with server file system filter driver???
« Reply #5 on: January 24, 2006, 04:48:06 PM »
Hmm, I don't really see any suspicious entries there, but it's possible I missed something because the jpeg not very easy to read. Do you think you could post it in a text version? Just redirect the output of the drivers.exe program to a file, such as

drivers.exe > drvlist.txt


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #6 on: January 29, 2006, 11:03:35 PM »
Sure thing:

  ModuleName    Code    Data     Bss   Paged    Init          LinkDate
------------------------------------------------------------------------------
ntoskrnl.exe  447040   97664       0  780672  140544  Fri Mar 05 12:44:35 2004
     hal.dll   25952    6048       0   16544   10272  Wed Nov 29 15:34:07 2000
 BOOTVID.DLL    5664    2464       0       0     320  Thu Nov 04 12:24:33 1999
    ACPI.sys   92096    9024       0   43520    4448  Thu Oct 26 06:59:00 2000
  WMILIB.SYS     512       0       0    1152     192  Sun Sep 26 04:36:47 1999
     pci.sys   12864    1536       0   31456    4640  Fri Mar 02 11:38:34 2001
  isapnp.sys   14368     832       0   22944    2272  Mon Aug 28 15:40:00 2000
  pciide.sys     672      32       0       0     128  Mon Aug 28 15:39:25 2000
 PCIIDEX.SYS    4544     480       0   10944    1632  Mon Aug 28 15:39:25 2000
MountMgr.sys    1088      32       0   23072    2240  Wed Feb 11 06:47:53 2004
  ftdisk.sys    4640      32       0   95072    3392  Tue Nov 23 06:36:23 1999
Diskperf.sys    1728      32       0    2016    1088  Fri Oct 01 10:30:40 1999
  dmload.sys    2848      64       0       0     608  Mon Aug 28 15:42:29 2000
    dmio.sys  105568   15168       0       0    2752  Mon Aug 28 15:42:30 2000
 PartMgr.sys     576       0       0    6656    1376  Fri Oct 15 10:59:16 1999
   atapi.sys   42752    3392       0   21952    8128  Fri Sep 15 12:18:07 2000
sym_895a.sys   15264    2496       0       0     640  Tue Feb 01 09:19:21 2000
SCSIPORT.SYS   22464     384       0   35360    4672  Sat Nov 11 13:52:30 2000
 aar1210.sys  206432    8032       0       0     544  Sat Mar 15 12:19:06 2003
  AACMgt.sys   29184   33504       0       0    2880  Sat Apr 26 04:09:41 2003
    disk.sys    9088     224       0   10368    4672  Wed Nov 15 11:56:32 2000
CLASSPNP.SYS   14464      64       0   11136    2368  Mon Aug 28 15:39:18 2000
     Dfs.sys   14208    9536       0   40704    3104  Thu Mar 08 13:42:37 2001
  KSecDD.sys   22592    6752       0   33216    1984  Sun Sep 21 10:32:19 2003
    Ntfs.sys   74400    5888       0  415520   12704  Tue Jan 16 10:05:38 2001
    NDIS.sys   12032    1344       0  124992    5440  Sat Jan 20 09:24:41 2001
  viaagp.sys    5664      32       0   12320    1024  Wed Aug 30 08:43:35 2000
     Mup.sys    6624    6688       0   62240    3168  Fri Mar 15 08:07:26 2002
VIDEOPRT.SYS    6272      96       0   30976    4192  Mon Aug 28 15:42:43 2000
 atimpab.sys   10912    9664       0   40224    1440  Thu Nov 11 10:34:06 1999
i8042prt.sys   10176     224       0   21472    3584  Sat Apr 14 11:50:05 2001
kbdclass.sys    6944     928       0    6848    3776  Wed Oct 27 09:12:37 1999
mouclass.sys    6208     896       0    5184    3648  Sat Oct 02 09:33:11 1999
     fdc.sys   18080     256       0     320    3840  Tue Oct 12 08:29:20 1999
 parport.sys   16512     480       0     288    1824  Mon Aug 28 15:42:36 2000
  serial.sys    8736     256       0   31456    9408  Tue Jan 16 19:47:59 2001
 serenum.sys    2016      32       0    7488    1344  Wed Oct 20 08:36:55 1999
   cdrom.sys   17568      64       0    3904    2336  Thu Oct 28 09:46:36 1999
    USBD.SYS    7488     544       0    6976    1312  Sat Nov 04 13:16:35 2000
    uhcd.sys   24000     128       0    3232    1728  Sat Nov 04 13:24:03 2000
    TAPE.SYS    4608       0       0    1856    1312  Fri Oct 22 05:34:06 1999
  4mmdat.sys    8288      32       0       0     192  Thu Oct 12 07:39:21 2000
e100bnt5.sys   72192    3072       0       0    2048  Thu May 04 09:39:27 2000
 audstub.sys       0       0       0     416     320  Sun Sep 26 04:35:33 1999
 rasl2tp.sys   44288     416       0       0    2432  Tue Nov 30 18:09:07 1999
ndistapi.sys    4544      96       0       0    1344  Wed Oct 13 09:54:43 1999
 ndiswan.sys   70688    2208       0       0    7456  Tue Jan 16 08:28:50 2001
     TDI.SYS    9344     320       0     288    1344  Sat Apr 07 10:35:56 2001
 raspptp.sys   38976     832       0       0    1920  Wed Oct 02 09:55:16 2002
 ptilink.sys   12896     160       0       0    1248  Mon Aug 28 15:42:38 2000
  raspti.sys   11136     608       0       0    2144  Sat Oct 09 06:45:10 1999
parallel.sys   47872    2080       0     384    2432  Thu Jun 21 07:43:05 2001
   rdpdr.sys   36544    3872       0   71040    7424  Mon Oct 04 05:58:22 1999
      ks.sys   22944      64       0   70112    4032  Tue Nov 30 19:51:38 1999
  swenum.sys     256       0       0     576     576  Sun Sep 26 04:36:31 1999
  update.sys     544      32       0  120960     800  Sat Mar 31 12:01:01 2001
flpydisk.sys    1696    1184       0   11232    2016  Tue Sep 28 13:47:21 1999
  usbhub.sys   14432     320       0   18688    2112  Wed Feb 07 13:13:52 2001
 NDProxy.SYS   31392    2080       0       0    2432  Fri Oct 01 09:25:35 1999
     EFS.SYS   15488    4960       0     384    2688  Mon Aug 28 15:42:24 2000
  Fs_Rec.SYS      32      96       0    3232    1504  Sun Sep 26 04:39:38 1999
    Null.SYS       0       0       0     256     416  Sun Sep 26 04:34:58 1999
    Beep.SYS    1088       0       0       0     736  Thu Oct 21 08:18:59 1999
     vga.sys     224       0       0   10144     960  Sun Sep 26 04:37:40 1999
   mnmdd.SYS      32       0       0    1664     320  Sun Sep 26 04:37:40 1999
    Msfs.SYS     480      32       0   14592    1632  Wed Oct 27 09:21:32 1999
    Npfs.SYS    6496     192       0   21344    3200  Sun Oct 10 09:58:07 1999
  rasacd.sys    3584     288       0     288    1120  Sun Sep 26 04:41:23 1999
   tcpip.sys  232352   28480       0   26112   18592  Sat Mar 31 05:25:41 2001
   msgpc.sys   28224    1280       0     448    1024  Tue Nov 30 18:37:21 1999
  wanarp.sys   19584     800       0    3456    2528  Sun Oct 31 09:36:06 1999
  aswTdi.SYS   22272    5568       0       0    1440  Sat Dec 03 01:03:27 2005
   netbt.sys   98304    1504       0   31232    5536  Sat May 05 05:58:50 2001
 netbios.sys   14528     704       0   11616    2304  Wed Oct 13 05:34:19 1999
   rdbss.sys   27776    2016       0   86848    8032  Tue Jan 16 18:30:34 2001
  mrxsmb.sys   91648   21888       0  237344   10016  Tue Jan 16 19:35:01 2001
Aavmker4.SYS   11520    3680       0       0    1280  Sat Dec 03 01:01:32 2005
dump_diskdump.sys       0       0       0       0       0 
dump_sym_895a.sys       0       0       0       0       0 
  win32k.sys 1536000   55616       0       0   19008  Fri Mar 05 12:50:14 2004
 atidrab.dll  121760    7200       0       0     928  Tue Nov 30 20:31:17 1999
     nbf.sys   84128     288       0    7520    3552  Sun Sep 26 05:16:47 1999
     afd.sys    8128    1568       0   95552    6656  Sat Jan 20 09:06:27 2001
  ParVdm.SYS    1312      32       0       0    2080  Tue Sep 28 13:28:16 1999
     srv.sys   40480    7808       0  164320    7456  Thu Oct 31 14:45:10 2002
  aswMon.SYS   27136   48000       0       0    2464  Sat Dec 03 01:06:00 2005
    Fips.SYS   16672     672       0   11296     896  Wed May 10 01:28:29 2000
  termdd.sys   22432     672       0    3104    3328  Fri Nov 17 12:37:29 2000
    Cdfs.SYS    5536     608       0   45664    4128  Tue Oct 26 05:23:52 1999
 Fastfat.SYS    7616     992       0  111680    7840  Wed Jan 03 03:53:33 2001
   TDTCP.SYS   13216      96       0       0    1632  Sun Sep 26 04:41:38 1999
   ipsec.sys   50592    1600       0    2592    2816  Sat Apr 14 05:01:34 2001
   RDPWD.SYS   79136     352       0       0    1184  Thu Jan 22 06:50:25 2004
 pscript.dll       0       0       0       0       0 
   NTDLL.DLL  307200   12288       0   16384       0  Wed Mar 24 13:16:59 2004
------------------------------------------------------------------------------
       Total 4657856  451968       0 3162848  436544 

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #7 on: February 02, 2006, 11:20:45 PM »
Any ideas, guys?

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #8 on: February 07, 2006, 08:03:59 AM »
heloooooo...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Problem with server file system filter driver???
« Reply #9 on: February 08, 2006, 11:35:51 PM »
Sorry I'm still researching this but so far no idea... :-\
If at first you don't succeed, then skydiving's not for you.

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #10 on: February 12, 2006, 11:41:17 PM »
thanks VLK. Thought you had forgotten me!

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #11 on: March 14, 2006, 03:48:29 AM »
Any news? We've been running without an antivirus on the server now for a while. Getting a bit nervous...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Problem with server file system filter driver???
« Reply #12 on: March 17, 2006, 12:15:50 AM »
First, let me apologize for the delay. :-\

The fact is, I'm still not sure what may be causing this mysterious problem. I went through the list of drivers loaded on the server, and didn't find ANYTHING suspicious at all. In fact, it's almost suspicious how clean the listing is - it's like it was a freshly installed machine...

I have one more question: so, right now, there's no backup software installed on the server? You said BackupExec USED TO be there, but isn't anymore? Or any other similar program?

Also, could you please ZIP the whole \windows\system32\drivers directory and upload it to ftp://ftp.avast.com/incoming ? (please note that you won't have READ access to the ftp server, just write - so you want be even able to see what you just uploaded).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #13 on: March 20, 2006, 03:07:30 AM »
Thanks for the reply, Vlk. We use NTBackup at the moment. Crappy on @k server because there is no Shadow copy, but it does the job. There is also a custom database program that the client uses (real-estate software). I'll see if I can get any information on it for you. Anything in particular I should ask the software developper? I will upload the driver directory for you now.

Thanks again for your help. Shame you couldn't make it to Oz... We'll have to party on without you ;-)

Sp00k

  • Guest
Re: Problem with server file system filter driver???
« Reply #14 on: March 20, 2006, 03:12:01 AM »
Uploading now. Filename = drivers sp00k for Vlk.zip