Author Topic: Avast One Blocked a vulnerable drive - on every reboot  (Read 2837 times)

0 Members and 1 Guest are viewing this topic.

Offline HnyBear

  • Newbie
  • *
  • Posts: 8
Avast One Blocked a vulnerable drive - on every reboot
« on: September 24, 2023, 08:41:04 AM »
This has been happening for some time on every reboot. I can't seem to find out what it is or how to get rid of it as the file it points to is never there. The name is always tmp????.tmp the numbers and letters in it are different every time but the tmp part stays the same. I'm on Windows 11 with latest version of Avast One. Any help is very much appreciated.



Offline HnyBear

  • Newbie
  • *
  • Posts: 8
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #1 on: September 27, 2023, 01:54:48 AM »
/bump

Offline Myroslav Sidorov

  • Newbie
  • *
  • Posts: 4
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #2 on: October 12, 2023, 09:48:34 PM »
/bump

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #3 on: October 13, 2023, 01:00:51 PM »
you may Delete Your Temporary Files In Windows 11  https://www.youtube.com/watch?v=ZKKL9EHuaWI&t=65s



Offline Myroslav Sidorov

  • Newbie
  • *
  • Posts: 4
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #4 on: October 13, 2023, 03:05:26 PM »
I've found a way to identify the driver.

Event Viewer -> Windows Logs -> System:
Code: [Select]
Information / Service Control Manager / 7045
In my case it was:

Code: [Select]
A service was installed in the system.

Service Name:  WinRing0_1_2_0
Service File Name:  C:\Users\[username]\AppData\Local\Temp\tmp6FE0.tmp
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account: 
« Last Edit: October 13, 2023, 03:07:10 PM by Myroslav Sidorov »

Offline Myroslav Sidorov

  • Newbie
  • *
  • Posts: 4
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #5 on: October 13, 2023, 04:33:44 PM »
If you are interested, then

I've temporarily disabled (unchecked) "Block vulnerable kernel drivers" in Avast -> Menu -> Settings -> General -> Troubleshooting -> Enable Self-Defence (to prevent blocking of the vulnerable driver).

And I've found the Software which uses this driver via Process Explorer (File -> Show Details for All Processes) -> Find -> Find Handle or DLL (Ctrl+F) -> in "Handle or DLL substring" typed "WinRing" -> Search


In my case it was PCMeterV0.4.exe which is extension for Windows 7 Gadgets "All CPU Meter" / "GPU Meter" (uses file "\Device\WinRing0_1_2_0").

And this is pretty logical that this software tries to get access to hardware via kernel drivers to monitor the states of the CPU/GPU which could be identified as mining software...

Next step, I'm planning to play with the check boxes in PCMeter settings, to partially disable it or I'll remove PCMeter in case if nothing help.

Offline Myroslav Sidorov

  • Newbie
  • *
  • Posts: 4
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #6 on: October 13, 2023, 05:16:51 PM »
  • Removed PCMeter (as I don't need to monitor CPU frequency in realtime, percentage by core/thread is enough for me);
  • Enabled back "Block vulnerable kernel drivers" in Avast;
  • Restarted PC;
  • Avast Alert is gone;
  • PROFIT 8)
« Last Edit: October 13, 2023, 05:18:39 PM by Myroslav Sidorov »

Offline nrpardee

  • Newbie
  • *
  • Posts: 2
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #7 on: February 13, 2024, 04:38:12 AM »
The procedure posted by Myroslav Sidorov worked for me. It was tough slogging because I'm not used to using Event Viewer and process explorer. The place I got hung up was in searching event viewer- it identified an entry, but what was displayed didn't have what I searched for. But if I clicked to the Details tab, it showed.

Thanks to Myroslav!

Offline HnyBear

  • Newbie
  • *
  • Posts: 8
Re: Avast One Blocked a vulnerable drive - on every reboot
« Reply #8 on: March 02, 2024, 07:58:51 PM »
/bump still looking for help with this. I have run every AV and AM scanner on the planet and nothing in my system is infected or has any issues yet this continues to happen on every single reboot.