Author Topic: Ashavast.exe - stalls as local user, causes multiple processes, runs CPU to 100%  (Read 36656 times)

0 Members and 1 Guest are viewing this topic.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Well, as I said in Reply #25, the only "scientific" method to understand what's going on would be to have a full dump.

Do you think you could try getting us one?

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

blue2

  • Guest
Yes, I did read over that procedure, but since it involved modifying someone else's registry and then intentionally blue-screening their machine, I wanted to do a little digging first before going that route. (Am I correct in assuming that this key could be added and then removed without ill effect?)

I've gone through quite a number of steps already (removal, system cleaning, installation of new build, checking event viewer, checking Avast FAQs, providing a dump of the stalled process, etc.) as they've been suggested, and they lead no closer to figuring about what might be happening. I initially was told that Ashavast requires admin privileges to run, and that was later corrected. So I'd still like to have some idea about:

- What does the Ashavast executable require to run?

- When the process is stalled, I have to kill Active Skin Helper to shut down. Is this an outcome of the stalled process or the problem?

- When I check the security settings of the actual Avast.exe file, it indicates Read as well as Read and Execute for ALL USERS. Is that correct and is there any other file whose privileges I should be checking?

- Why would running functions as a local user via the System Tray work but the same functions not work via Ashavast.exe? Logic says it's not the function causing the issue, but something else.

- Are there any known conflicts with other applications?

Any answers your technical team would have would be appreciated. I have the sneaking suspicion that even when a full system dump is created, there won't be a definitive answer...

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Since I am a user of WinXP Pro as well I thought I would see if I can reproduce the problem too.

I created a limited user account.   I logged on as that limited user account. 

I created a shortcut for ashAvast.exe on the desktop.

I start avast from the shorcut on the desktop, avast starts immediately, completes a memory scan and the simple user interface opens, I can run scans, change the avast skin etc.  I can also perform all those tasks by right clicking the systray icon and starting avast from the menu.   

When I logoff it shuts down the limited user session normally.

Is there some condition I have missed?     

blue2

  • Guest
No, Alanrf, I don't think you've missed anything, and thanks for trying this.

I installed this on a friend's machine, so I don't have continual access. As administrator, I can run everything in Avast without problem (both the previous build and the current release). As a limited user, I can run everything from the system tray EXCEPT "Start Avast! Antivirus". That simply starts the process Ashavast.exe, which remains constant at 100% CPU. When I try, I cannot terminate the process. So I have no choice but reboot.

When I click on the Avast desktop icon as a limited user (The program installs it by default as a desktop icon for all users which lead me to believe that limited users should have privileges to run it.), it opens the Ashavst.exe process which stalls exactly as when run from the system tray.

If I use "Run as" administrator while on the limited user account, it runs perfectly. So this suggests to me that it is "simply" a permission issue of some kind, NOT a functional issue. It will run but only if it has admin privileges.


Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
I understand that you are away from the system but can you recall if you have avast set to perform the memory scan on starting avast or have you turned that off? 

In other words is it the memory scan that appears to stall or the opening of the avast simple user interface? 

My reason for asking is that I did (some time back) encounter a condition where the memory scan would complete and the opening of the simple user interface would stall.   


blue2

  • Guest
Good thought. I had initially set it with memory scan on startup, but tried it with memory scan turned off as well. It made no difference. When I click the desktop icon, it simply doesn't open. It just starts the Ashavast.exe process which is clearly stalled.

If I then try to terminate that process in task manager, I then get a "Unable to Terminate Process. Access is Denied" message. I find that odd, since if I started the process as a limited user and it did not run, why would I be denied access to terminate it? That again leads me to think this is a privilege related issue of some kind.

It's running under XP Pro SP2, with Kerio 2.15 firewall, Spybot Search & Destroy (NO Resident Teatimer enabled), and Spyware Blaster. There aren't a lot of startup process running aside from various Thinkpad related ones and Acronis True Image.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
The process termination "access denied" is almost certainly coming from the new self-protection feature of avast 4.8.

About the only difference in configuration between me and the problem system is that I just run with the Windows XP firewall.

One oddity I notice in the skins management makes suggest that next time you have access to this system it might be worth un-checking "Enable skins for Simple User Interface" in the avast Program Settings before logging on the limited user and seeing if that makes any difference.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Well, blue2 previously sent me a dump of the stuck ashAvast.exe process, and it was clear that it was dumped during a normal request to read a registry value. I reckon it must be blocked (or, 'spinned', as CPU usage is high) from the other side of the mirror, i.e. from the kernel mode. That's why I said I'd need a full dump to analyse the problem.

One more thing you could try: in Task Manager, Performance page, open the View menu and check "Show kernel times". This will add a new red line to the chart, indicating the CPU time spent in the kernel mode. If you then simulate the problem, does the red line also go to 100%? (proving that the "fun" is taking place in kernel mode, instead of the ashServ.exe process itself).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

blue2

  • Guest
I've been able to access the system again. As one of the first tests I did, I un-checked "Enable skins for Simple User Interface", as well as the memory startup test, the Explorer skin setting, etc. It made no difference.

While Ashavast.exe seems to keep CPU at 100% (a straight green line), the Kernel process (red line) is high, but not at 100%:

blue2

  • Guest
As there are a good 5 or 6 threads on the top page of this forum from people reporting issues with the latest Avast build causing 100% CPU usage, is it possible that this new build is not as stable as reported, at least for some users? I realize that these may all be different issues, but I've rarely encountered stalled AV processes before (usually activation, conflicts or slow scanning issues, all of which Avast seems to do well).

I personally use a different AV and have experience with several others. Is it possible that the self defense module or the completeness of the product (e.g. rootkit scanning) is creating unreliability on some systems?

I will try to get access to the machine again tonight and create a complete dump. But I hope that after doing so, some answers and a solution will result, as I've invested more time on this than on any other installation.

blue2

  • Guest
It would be most appreciated if the Avast technical team could provide some brief explanations to a few unanswered questions to get a little closer to resolving this issue:

-- What does the Ashavast executable require to run?
-- When the process is stalled, I have to kill Active Skin Helper to shut down. Is this an outcome of the stalled process or the problem?
-- When I check the security settings of the actual Avast.exe file, it indicates Read as well as Read and Execute for ALL USERS. Is that correct and is there any other file whose privileges I should be checking?
-- Why would all functions from the System Tray run except for the Avast function that lanches Ashavast.exe?
-- Are there any known conflicts with other applications? (e.g. Spybot Search & Destroy (with Teatimer disabled), SpywareBlaster, Kerio 2.15, etc.)
-- While Ashavast.exe seems to keep CPU at 100% (a straight green line), the Kernel process (red line) is high, but not at 100%. It seems to increase and decrease cyclically. Does that suggest anything?

Any insights that could be provided would be helpful. As previously indicated, since others report different issues with a similar symptom (100% CPU usage), is this related to an errant module or setting? Thank you.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
-- What does the Ashavast executable require to run?

Nothing special... don't know what exactly you mean.

-- When the process is stalled, I have to kill Active Skin Helper to shut down. Is this an outcome of the stalled process or the problem?

Unknown.

-- When I check the security settings of the actual Avast.exe file, it indicates Read as well as Read and Execute for ALL USERS. Is that correct and is there any other file whose privileges I should be checking?

Yes, it's correct... and I somehow don't think the problem is connected to privileges for avast! files (though I may be wrong, of course)

-- Why would all functions from the System Tray run except for the Avast function that lanches Ashavast.exe?

Must be somehow connected with the Ashavast.exe itself, but what's so special about it - is unknown.
Try to run
ashQuick.exe "*STRT-MEM-SHORT"
- does it work/finish?

-- Are there any known conflicts with other applications? (e.g. Spybot Search & Destroy (with Teatimer disabled), SpywareBlaster, Kerio 2.15, etc.)

No.

As previously indicated, since others report different issues with a similar symptom (100% CPU usage), is this related to an errant module or setting?

Don't think so - but until the cause is fully understood, it's really hard to say.

blue2

  • Guest
Thanks for the reply Igor.

What I was asking is if the Ashavast.exe executable requires specific DLLS to run different than other Avast executables, and which may require elevated priviledges to run. For example, one CANNOT run ImgBurn as a limited user, because you receive the error "'You need Administrative privileges to use SPTI'". Then there is a workaround to change the privileges on SPTI if necessary.

By try to "run" ashQuick.exe "*STRT-MEM-SHORT" - does it work/finish?" do you mean type that line as written at the run command or something else?

What is this "Active Skin Helper" process that has to be shut down to close the Ashavast process in order to reboot when the machine is stalled? I don't find anything with this name on my system and a google search reveals only three occurences of this phrase, with mine being the only one spelled exactly this way. So is this an underlying process of Ashavast.exe because I'd like to understand where this comes from if I have to shut it down manually?

Thanks.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Ashavast.exe executable requires specific DLLS to run different than other Avast executables, and which may require elevated priviledges to run.
Yes, it needs.

By try to "run" ashQuick.exe "*STRT-MEM-SHORT" - does it work/finish?" do you mean type that line as written at the run command or something else?
Yes, you've got it. You need to open a cmd window and go (browse) to the avast folder and run the command from there. Or run:
"path of the ashquick file\ashquick.exe" "*STRT-MEM-SHORT"
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
What I was asking is if the Ashavast.exe executable requires specific DLLS to run different than other Avast executables, and which may require elevated priviledges to run.

No, there's nothing special about Ashavast.exe (at least I'm not aware of anything); it uses the same DLLs as other avast! executables.

By try to "run" ashQuick.exe "*STRT-MEM-SHORT" - does it work/finish?" do you mean type that line as written at the run command?

Yes.

What is this "Active Skin Helper" process that has to be shut down to close the Ashavast process in order to reboot when the machine is stalled? I don't find anything with this name on my system and a google search reveals only three occurences of this phrase, with mine being the only one spelled exactly this way. So is this an underlying process of Ashavast.exe because I'd like to understand where this comes from if I have to shut it down manually?

Honestly, I have no idea what it is - it's not avast!'s own process.
ActiveSkin is the 3rd party skinning library used by avast! GUI. It is possible that it needs to spawn a special process sometimes to do something... but I must say I've never heard of it (it's not running under normal circumstances - at least not for longer periods) - so I don't have any more info on that.
« Last Edit: May 19, 2008, 12:47:02 PM by igor »