Author Topic: avast4 collide with ext2ifs  (Read 22943 times)

0 Members and 1 Guest are viewing this topic.

shell909090

  • Guest
avast4 collide with ext2ifs
« on: July 31, 2008, 03:38:41 AM »
Affected Product:
    Avast4 home edition
    ext2ifs 1.10c
    ext2ifs 1.11
Description:
    avast4 home edition is a free anti-virus tools. In 2008-07-30 it update some files, include some file called 'aswSP.sys'. According infomation in autoruns, it's avast self protection module.
[Here is info from autoruns.]
aswSPavast! self protection module    ALWIL Software    c:\windows\system32\drivers\aswsp.sys
[Here is info from update-log]
2008-7-30 7:36:14    file        Direct move of file: C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys
2008-7-30 7:36:14    file        Installed file:C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys
2008-7-30 7:36:14    file        Direct move of file: C:\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys
2008-7-30 7:36:59    system        Reboot set by changed resident C:\WINDOWS\system32\drivers\aswSP.sys
2008-7-30 7:36:59    system        Driver file copied: C:\WINDOWS\system32\drivers\aswSP.sys
    If u use ext2ifs in system for share date with linux, it'll cause system crash with code BAD_POOL_CALLER. There is not evidence show it has connections with ext2ifs, but the crash always happen when I try to access data in a disk use ext2ifs. When I copy data to ntfs disk, it'll be all right. Here is dump analyze.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

BAD_POOL_CALLER (c2)
The current thread is making a bad pool request.  Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 04030401, Memory contents of the pool block
Arg4: e13a7258, Address of the block of pool being deallocated

Debugging Details:
------------------


POOL_ADDRESS:  e13a7258

FREED_POOL_TAG:  pSsA

BUGCHECK_STR:  0xc2_7_pSsA

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  _uninst.exe

LAST_CONTROL_TRANSFER:  from 80544e86 to 804f9aef

STACK_TEXT:
eb364b68 80544e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
eb364bb8 ee072a0a e13a7258 00000000 8055a584 nt!ExFreePoolWithTag+0x2a0
WARNING: Stack unwind information not available. Following frames may be wrong.
eb364be4 805c5e1c 00000730 0000016c eb364cdc aswSP+0x5a0a
eb364c04 80639346 e3986008 0000016c eb364cdc nt!PsCallImageNotifyRoutines+0x36
eb364d08 805c5bcd 7c810665 00000000 00000000 nt!DbgkCreateThread+0xa2
eb364d50 805421c2 00000000 7c810665 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


STACK_COMMAND:  kb

FOLLOWUP_IP:
aswSP+5a0a
ee072a0a ??              ???

SYMBOL_STACK_INDEX:  2

SYMBOL_NAME:  aswSP+5a0a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswSP

IMAGE_NAME:  aswSP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4881fba3

FAILURE_BUCKET_ID:  0xc2_7_pSsA_aswSP+5a0a

BUCKET_ID:  0xc2_7_pSsA_aswSP+5a0a

Followup: MachineOwner

    The crash happened in aswSP+5a0a.

Resolve solution:
    There is not solution to resolve now. Uninstall avast, or uninstall ext2ifs.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: avast4 collide with ext2ifs
« Reply #1 on: July 31, 2008, 02:28:39 PM »
Can you send the dump(s) to Vlk's e-mail, please? (with a link to this thread)

Thanks.

shell909090

  • Guest
Re: avast4 collide with ext2ifs
« Reply #2 on: August 04, 2008, 09:27:20 AM »
I sended, but still not any anwser.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: avast4 collide with ext2ifs
« Reply #3 on: August 04, 2008, 09:32:17 AM »
Vlk is currently in US, and I'm not sure how often he checks the e-mails.
Please give him a few days :).
Thanks.

Mr_Bumpy

  • Guest
Re: avast4 collide with ext2ifs
« Reply #4 on: August 06, 2008, 10:32:41 PM »
I don't have a dump, since I have since removed Avast! from my computer, but the same problem related to ext2ifs also occurs when using a similar driver, Ext2Fsd (http://sourceforge.net/projects/ext2fsd).  Both ext2ifs and Ext2Fsd allow usage of EXT2 and EXT3 file formats within Windows.  I've tried both drivers on my system, and both cause the BSOD.  I've discovered that running an executable file from the EXT3 volume on my system will create the BSOD instantly.

caulkins

  • Guest
Re: avast4 collide with ext2ifs
« Reply #5 on: August 07, 2008, 02:37:04 AM »
I've been having the same problem.  I run a dual-boot system with Ubuntu, so eliminating access to ext3 volumes really isn't an option; I was forced to uninstall Avast!

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: avast4 collide with ext2ifs
« Reply #6 on: August 08, 2008, 07:56:23 PM »
Just a short update on this: so far (from the minidumps I have seen to date) it seems that this is a problem that will need to be solved by the ext2ifs driver author. If this turns out to be the case, I'll get in touch with him and discuss the next steps.

In any case, I'll be testing the issue in more detail early next week in Redmond (MS labs) and let you know as soon as I know more.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: avast4 collide with ext2ifs
« Reply #7 on: August 15, 2008, 03:05:19 AM »
Here's an update: the issue has been identified, and will be fixed in the next avast program update.

Thanks for reporting this by the way. It turned out to be a bug in avast code after all... :-\

Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast4 collide with ext2ifs
« Reply #8 on: August 15, 2008, 03:13:41 AM »
next avast program update
Any schedule?
The best things in life are free.

xdcdx

  • Guest
Re: avast4 collide with ext2ifs
« Reply #9 on: August 19, 2008, 04:06:01 PM »
Any workaround until the new version ir released without having to uninstall Avast? Disabling all the providers won't help, and this issue is quite inconvenient.

nvb

  • Guest
Re: avast4 collide with ext2ifs
« Reply #10 on: August 20, 2008, 11:37:52 PM »
A Work-around would help massively indeed.

pdedecker

  • Guest
Re: avast4 collide with ext2ifs
« Reply #11 on: August 21, 2008, 10:16:39 AM »
I was experiencing this Ext2IFS issue too, so I uninstalled it. Any word on when the update will be released?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast4 collide with ext2ifs
« Reply #12 on: August 21, 2008, 04:41:24 PM »
I was experiencing this Ext2IFS issue too, so I uninstalled it. Any word on when the update will be released?
Edited: Next program update... we even enter a beta phase (yet)... Sorry... maybe a month or more...
Alwil team is always faster  ;D
« Last Edit: August 21, 2008, 05:14:53 PM by Tech »
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: avast4 collide with ext2ifs
« Reply #13 on: August 21, 2008, 04:46:58 PM »
Here's a preliminary fix that should resolve the issue.

To install it, please follow these steps:

1. disable the avast self-protection module (right click avast tray icon, select Program Settings, go to the Troubleshooting page and check the disable self defense box)

2. download the fixed driver:

32-bit Windows: http://public.avast.com/~vlk/aswsp-ext2fsd-fix/i386/aswSP.sys
64-bit Windows: http://public.avast.com/~vlk/aswsp-ext2fsd-fix/x64/aswSP.sys

and place it to the \windows\system32\drivers folder (overwrite existing)

3. re-enable avast self defense (disabled in step 1)

4. reboot the system.


Hope this helps,
Vlk
If at first you don't succeed, then skydiving's not for you.

xdcdx

  • Guest
Re: avast4 collide with ext2ifs
« Reply #14 on: August 21, 2008, 06:45:42 PM »
Works like a charm. Keep up the good work guys!  ;)