Author Topic: Ashavast.exe - stalls as local user, causes multiple processes, runs CPU to 100%  (Read 28874 times)

0 Members and 1 Guest are viewing this topic.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
Sorry for the delay but I've been traveling.

Try to run ashQuick.exe "*STRT-MEM-SHORT" - does it work/finish?
When I try to "run" ashQuick.exe "*STRT-MEM-SHORT"  from a limited user profile, it opens two pop up windows but indicates 0 files scanned. It does NOT show any progress in running the memory test as it normally does when it is run as an administrator. So it does NOT seem to run.


One more thing you could try: in Task Manager, Performance page, open the View menu and check "Show kernel times". This will add a new red line to the chart, indicating the CPU time spent in the kernel mode. If you then simulate the problem, does the red line also go to 100%? (proving that the "fun" is taking place in kernel mode, instead of the ashServ.exe process itself).
I previously provided a screenshot showing that the kernel times are high, but not at 100%.


Unfortunately, the dump is of no use as the processing is taking place in kernel mode (which is not included in the dump).

The only way to properly analyze the problem is to create a full dump of the system when the problem is simulated. The procedure is described here: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71
Well, it's done, but not without creating its own issues (as I had suspected it would). I followed the procedure exactly as described, though your procedures ought to clearly mention, as is customary, to back up the registry before making ANY such modifications.

I saved the original registry key, then created the new DWord value, blue screened the machine and created the memory dump. I then rebooted, replaced the key with the original one and rebooted. And the Logon screen appeared but the trackpoint was frozen. I tried safe mode with command prompt but that too left me without any functionality. So I had no way to get back to the registry.

In the end, I booted from a clone of the drive from a week ago, and copied all the user files as well as the memory dump on the "stuck drive" to the clone. Then I re-cloned back to the original drive.

NOT exactly what I'd call fun, nor the kind of additional troubles I'd like to create when trying to analyze why a program isn't working properly. I will now upload the dump file with the name blue2memory.dmp, but I sure hope that after all this trouble, it was worth it and shows something of value.

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11666
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Hi blue2,

thanks for the dump.

Just to recap - is the problem taking place even with the avast self-defense module turned off?

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
Hello Vik,

Yes, thanks, but I'll try it once again to be sure: disabling it, rebooting under administrator, then switching to limited user profile and testing it again. (I've had a few instances where changes didn't take if the reboot wasn't done to the Admin profile first).

As you see, the dump was 650 MB, and I needed to find a 2 1/2 hour window to ftp this to you!

blue2



Offline blue2

  • Jr. Member
  • **
  • Posts: 76
Just tried it again, with self defense, memory scan and rootkit scan all turned off. It made no difference. The Ashavast.exe still stalls as a limited user every time.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67282
Blue2, sorry the thread is long now, but do you use a firewall? Which one? Do you have any other antivirus installed in your system?  Did you have in the past? Any other security programs that could interfere?
The best things in life are free.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
Yes, Tech, this machine has the following:

- Firewall Kerio 2.15 (rule based)
- Spybot Search & Destroy (with TeaTimer resident protection DISABLED)
- Spyware Blaster (which should not interfere)
- AdAware (on demand)
- There is NO other AV installed

The machine had KAV on it at one time, but it was removed, followed by the KAV removal tool, followed by CC Cleaner (to remove any traces that might have remained).

I would doubt the issue is caused by a previous AV install, since it works fine as Administrator, works for quick scans as a limited user, but stall as a limited user if the Ashavast.exe process is started. If, of course, I use "Run as" and run Ashavast.exe with administrator privileges while a limited user, it runs fine. That is what lead me to think that this is a permission related issue of some kind, and one would want to know what is requiring elevated permission before it runs correctly.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67282
followed by CC Cleaner (to remove any traces that might have remained).
Just to point out... this is a myth... CCleaner is a very superficial registry cleaner.

That is what lead me to think that this is a permission related issue of some kind, and one would want to know what is requiring elevated permission before it runs correctly.
Did you tweak the common user access rights?
If you create another, just temporary, user account, will it work there?

Which is the path where you've installed avast?
The best things in life are free.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
Yes, I realize that CC Cleaner is not very aggressive as a registry cleaner, but removal of KAV, followed by their removal tool, followed by CC Cleaner should remove it. And if it did not, I don't think it would just affect limited users but all profiles.

I have not touched user access rights and I also installed Avast in its default location. I tried removing it,  using the Avast cleaning tool, and then manually installing the newer 4.8.1195 build, but that also did nothing.

So I hope the 650MB memory dump provides some clues...
« Last Edit: May 29, 2008, 04:57:11 PM by blue2 »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67282
I tried removing it,  using the Avast cleaning tool
You need to use the Control Panel before...

and then manually installing the newer 4.8.1195 build
The latest is 4.8.1201.
The best things in life are free.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
"I tried removing it, using the Avast cleaning tool" are two separate steps indicated by the "," in between them. To spell it out further:
- I removed it via Add/Remove. Rebooted.
- Then used the Avast cleaning tool. Rebooted.
- Then deleted the program folder. Then used CC Cleaner to remove any traces found.
- Then installed the newer build. Rebooted.
And nothing changed.

After trying to fix this with two Avast builds, what makes you think the third build will do the trick?

I would have thought that there was a point to creating the 650MB dump file, modifying the registry, crashing the computer, creating several hours of work to re-install the computer back to where it was, and tying up the computer for 2 1/2 hours ftping the dump file. If the answer would be as simple as to install the latest build, I surely would have started there!

Perhaps the new build will create other problems, which is why I don't like "testing" products, but don't install them until I know that they are stable and reliable.



Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67282
After trying to fix this with two Avast builds, what makes you think the third build will do the trick?
From one build to another, they try to solve problems... don't they? ???

Vlk explains how to create a dump file here: http://forum.avast.com/index.php?topic=22636.msg187340#msg187340 and here: http://forum.avast.com/index.php?topic=23283.msg193594#msg193594  ;)

Also, check the folder <avast>\data\log
Are there any files called unpXXXX there  (where XXXX is a random number)?
If so, send them to vlk (at) avast.com
They may contain more information about the problem (maybe a link to this thread).
The best things in life are free.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
Haphazardly trying newer Avast builds in the hopes that one of them will solve a problem that the new build isn't designed to address is not worth the trouble or risks it may create. Plenty of newer builds bring with them newer problems. I've seen this with NAV, I've seen this with KAV, I've seen this with MS, and I don't think it would be any different with Avast.

I already followed the precise instructions to the letter to create the dump file. It caused me several hours of work after the registry modification prevented the machine from rebooting. That is why I hesitated to do it in the first place.

I will check to see if there are any log files, but again I would hope that the 650MB dump file provides the answer.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
There are four unpxxx minidump files in the log folder, but they are all of 0kb, so not much to be learned here I'm afraid.

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11666
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
1. there's no need for new dump files, I was just asking if the problem is solved by disabling the self defense or not.

2. please try the following: log on using the non-admin account that has the problem, disable avast self defense, run Regedit, navigate to HKEY_CURRENT_USER\Software\ALWIL Software\Avast\4.0 and create a new string value called "CurrentSkin" (without the quotation marks). Make the value data "silver panel.asws" (again, without the quotation marks). Re-enable the self defense module, and see if it resolves the problem.


Thanks
Vlk
   
If at first you don't succeed, then skydiving's not for you.

Offline blue2

  • Jr. Member
  • **
  • Posts: 76
Vik, I just tried what you suggested.

Since I can't get into Avast settings from limited user, I had to sign on as Admin to disable self-defense.

Then signed off and signed on as local user to change the Avast\4.0 key you indicated. And it gave me an "Error Opening Key" message. I can navigate to the "Avast" level of that branch, but NOT to "4.0".

Just in case, I rebooted and tried it again, but no luck.

So, does this suggest some type of privilege issue?