Avast causing BSOD bad_pool_header

[REDACTED]

This morning I was greeted with several computers coming up with BSOD errors, bad_pool_header. The only fix I've found was uninstalling the Avast client entirely in safe mode and rebooting.

Would like to continue using Avast, but they need to fix the client.

[REDACTED]

Same here. Several Windows 7 and Server 2012 R2 machines so far.

[REDACTED]

We have had 2 Windows 2008R2 servers and 1 Windows 7 workstation affected.  So far we have just removed the AV from these machines. 

[REDACTED]

One of my 2008 servers crashes even in trying to boot to safe mode , trying to hunt down the right raid driver to go into command line from windows recovery and delete the folder for avast. Looks like I won't be going home for dinner tonight. Thanks, Avast. =(

[Infratech Solutions]

From AVAST Software: "Our investigation has pointed to a problem with an older EPS version, 8.0.1603. So far we are unable to replicate the problem on the latest 8.0.1609.

Please check which version customers are running, and update if possible. The root cause is still unknown, but we are suspecting the MS patches on Tuesday, still under investigation."

[REDACTED]

I can confirm, in our environment, that users on 8.0.1603 are experiencing the BSOD, and with Windows Updates disabled, shouldn't have automatically received the MS patches on Tuesday.

[Lisandro]

Start some reports on Twitter: https://twitter.com/c3pown1337/status/885401520778469376

[REDACTED]

We are seeing this on significant numbers of computers (+50 so far, probably hundreds that we don't know about yet).

We're a school district and we're off for the summer. As such, we've had machines that have been powered-off since June 1. These machines have received no further Microsoft or Avast updates and are experiencing the problem on boot.

VPS versions 170519-0 and 170519-2 with Engine 8.0.1603 have exhibited the issue on both Windows 7 Pro SP1 x86 and Windows 7 Pro SP1 x64. It appears that VPS 170520-0 may have also exhibit the issue.

We can't get affected machines to proceed past "Applying Computer Settings..." so the idea to somehow upgrade Avast to alleviate the issue is a non-starter.

Right now we're PXE-booting machines into an automated WinPE environment that renames the Avast kernel-mode drivers, reboots, and allows a Group Policy-based script to run the Avast uninstaller to completely remove the product. That seems to be working, albeit it's more manual than we'd like.

(Ironically, one of our summer projects is to remove Avast and replace it, what with the free education program ending! We'd already written the uninstall script, but we hadn't deployed it yet as we have hundreds of computers that are unhooked while buildings are being cleaned.)

[Avosec-UK]

Is anyone who is experiencing the issue able to test something?

Can you boot into Safe Mode and rename the "C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe" to backup.exe.old.
Then reboot back to Normal Mode and let us know if BSOD occurs again?

[REDACTED]

Renaming backup.exe has allowed a test machine to boot up. Any insight into this? Wouldn't be bad if there weren't a lot of machines with the issue.

[REDACTED]

I won't be back on-site to try the "backup.exe" rename trick until tomorrow, but I'm eager to see if it would work.

We had multiple machines BSoD'ing right in the middle of users using them (actually saw one happen face-to-face) yesterday.

I'd be really interested to hear what the root cause is. We did enough troubleshooting to see that a machine exhibits the issue even when disconnected from the network.  Since we have hundreds of machines that aren't going to be powered-on again until August it would be comforting to know if there's anything to be done before we bring them up. (We have disconnected our Avast server VM from the network pre-emptively, just to see if that helped. It didn't fix machines that were already "looping" and it appears that some more failed during the time the Avast server was disconnected.)

Because our machines aren't making it through Group Policy application we've been unable to come up with an automated solution to resolve the machines that are "looping". The PCs return a few PINGs while they're coming up before they blue-screen. If the renaming "backup.exe" works I might try to write a little tool that repeatedly attempts to connect via File and Print Sharing to a remote machine and rename "backup.exe". If there's enough time to catch them while booting before they blue screen that would save a lot of time. That's certainly preferable to traveling out to the various buildings and walking room-to-room looking for looping machines. (I should be able to find the looping machines easily enough-- they'll be the ones generating DHCP discover packets every 2 - 3 minutes.)

[REDACTED]

We have a viable fix for our situation. We are running the script below remotely against machines experiencing the BSOD. The script waits for the machine to come up (by pinging it very quickly) and, as soon as it sees a good ping, renames the  "backup.exe". The PC blue screens again but comes up subsequently alright. (Then our Avast uninstall Group Policy Startup script takes over and removes the remnants of our Avast infection.)


@echo off
if "%1"=="" (
  echo Syntax: %0 [computer name or IP]
  echo.
  goto :EOF
)

echo Waiting for %1 to come up
:top
ping -n 1 -w 15 %1 | find "Reply from" >NUL 2>NUL
if errorlevel 1 goto :top

:doit
echo Renaming backup.exe on %1
ren "\\%1\c$\Program Files\Common Files\AV\avast! Antivirus\backup.exe" backup.exe.old.broken
dir "\\%1\c$\Program Files\Common Files\AV\avast! Antivirus\backup.exe*"

[REDACTED]

You might want to repost this thread to a different forum.  This is currently in the Avast for Business (Cloud) forum, which is not the same product codebase as you appear to be discussing.  Try https://forum.avast.com/index.php?board=33.0, they can probable give more valuable contributions.  Good luck!

[REDACTED]

I can also confirm that the backup.exe is the core of the issue now. In order to boot into a computer, I boot normally, with the ethernet cable unplugged, forces local login only. I get enough time to get into task manager and kill the avast backup process. Computer stays on no problem, even after booting it up. Going to rename the file as suggested, and then install the latest client.

Very unnecessary headache in the midst of ongoing summer upgrades!

[REDACTED]

grrrrr!!!!!!!!!!
It is the second time that we had an issue like this with the updates.
How can this occurs?

I have more than 50 customer with the issue!!!!!!!
Working during all the weekend trying to find the solution....