Author Topic: BUG? : Avast crashes on inserting a CD  (Read 6833 times)

0 Members and 1 Guest are viewing this topic.

eccentra

  • Guest
BUG? : Avast crashes on inserting a CD
« on: October 18, 2007, 06:39:11 PM »
Help!

I'm using Avast Home 4.7.1043 on Windows XP SP2.
If I insert a CD-R/DVD-R, either blank or not, my system blue-screens and restarts instantly.

I'm pretty sure this didn't start happening until recently. And, if I stop Avast On-Access Protection, everything's fine.

Does anyone have any ideas what's going on? And, more importantly, any ideas how I can fix it?

I can provide minidump files/more information if need be.

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88739
  • No support PMs thanks
Re: BUG? : Avast crashes on inserting a CD
« Reply #1 on: October 18, 2007, 07:32:30 PM »
What is the sensitivity of the Standard Shield, I'm assuming that it must be on high as there is no activity if I put in a bland CD or one that has files on it.

I started by monitoring the Standard Shield (Normal sensitivity) detailed view with a scanned count of 293.
I put in a blank CD, no change in the scanned count.
I put in a second CD and that scanned count leapt to 294 an increase of one and the file scanned wasn't one on the CD but another program relating to winfax pro, WfxSeh32.dll (why I haven't got a clue, I will worry about that later).
I ejected and put the same CD in again and no change in the scanned count it remained on 294.

So avast on Normal doesn't appear to be scanning anything, so perhaps there is another tool monitoring your Optical drives and because of this avast 'is' getting involved.

Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?

What other security based software do you have that might have an effect, e.g. anti-spyware applications, etc. ?

What are the stop error codes e.g. 0x00000001, etc. what other predomenant wording is on the BSOD ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

eccentra

  • Guest
Re: BUG? : Avast crashes on inserting a CD
« Reply #2 on: October 18, 2007, 09:11:10 PM »
Standard shield is on normal.
MS Error reporting claims "Although we have not determined the specific cause of this problem, we know the problem was caused by antivirus software."

CD AutoPlay Notification is disabled anyway, but I went into TweakUI to check it was still off, and while I was at it I unregistered *all* the third-party autoplay handlers, just in case. No luck.

I did have Norton AV installed, but got rid of it two months ago. And I ran the SymClean utility, just to make absolutely sure that it really was gone, before I installed Avast.

The only other security software that was actually running was Windows Defender and Zone Alarm.

Stop code was 8E. I know nothing about windbg, but here's as much information as I could tease out of the crash dump:

Loading Dump File [C:\WINDOWS\Minidump\Mini101807-03.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.070227-2254
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805533a0
Debug session time: Thu Oct 18 19:30:15.691 2007 (GMT+1)
System Uptime: 0 days 1:17:01.541
Loading Kernel Symbols
...
Loading unloaded module list
............
Loading User Symbols
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 806d0753, b4b300a8, 0}

*** WARNING: Unable to verify timestamp for aswMon2.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswMon2.SYS
Unable to load image vsdatant.sys, Win32 error 2
*** WARNING: Unable to verify timestamp for vsdatant.sys
*** ERROR: Module load completed but symbols could not be loaded for vsdatant.sys
Probably caused by : fltmgr.sys ( fltmgr!FltpGetStreamListCtrl+5a )

Followup: MachineOwner
---------

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 806d0753, The address that the exception occurred at
Arg3: b4b300a8, Trap Frame
Arg4: 00000000

Debugging Details:
------------------


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
hal!ExAcquireFastMutex+f
806d0753 ff09             dec     dword ptr [ecx]

TRAP_FRAME:  b4b300a8 -- (.trap ffffffffb4b300a8)
ErrCode = 00000002
eax=00000000 ebx=882abc20 ecx=00000001 edx=80010031 esi=882aec38 edi=8914f468
eip=806d0753 esp=b4b3011c ebp=b4b3012c iopl=0         nv up ei pl nz ac pe cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010213
hal!ExAcquireFastMutex+0xf:
806d0753 ff09             dec     dword ptr [ecx]   ds:0023:00000001=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  3

DEFAULT_BUCKET_ID:  DRIVER_FAULT

BUGCHECK_STR:  0x8E

LAST_CONTROL_TRANSFER:  from 804ec6a4 to 806d0753

STACK_TEXT: 
b4b30118 804ec6a4 8914f468 00000000 882abc20 hal!ExAcquireFastMutex+0xf
b4b3012c b9eacbf8 882aec38 882abc20 00000000 nt!FsRtlLookupPerStreamContextInternal+0x14
b4b30190 b9ebaba7 882abc20 8914f468 00000001 fltmgr!FltpGetStreamListCtrl+0x5a
b4b301cc b9ea9eef 8911af00 00000000 882d7b48 fltmgr!FltpCacheCreateNames+0x2d
b4b301f4 b9eb6448 b4b30214 00000000 00000000 fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x25f
b4b30230 804edfe3 8830d020 882d7b48 00000000 fltmgr!FltpCreate+0x26a
b4b30240 b5bcda1e 882d7b58 8abb68b0 8914f468 nt!IopfCallDriver+0x31
WARNING: Stack unwind information not available. Following frames may be wrong.
b4b30264 b5bc783c 892652c8 002d7b48 804edfe3 aswMon2+0x6a1e
b4b30360 805b390a 8ad45030 00000000 891534a8 aswMon2+0x83c
b4b303e8 805afdeb 00000000 b4b30428 00000040 nt!ObpLookupObjectName+0x56a
b4b3043c 8056a3b1 00000000 00000000 00000401 nt!ObOpenObjectByName+0xeb
b4b304b8 8056ad28 0013f170 80100080 0013f110 nt!IopCreateFile+0x407
b4b30514 8056d3fa 0013f170 80100080 0013f110 nt!IoCreateFile+0x8e
b4b30554 b6593996 0013f170 80100080 0013f110 nt!NtCreateFile+0x30
b4b305e0 8053ca28 0013f170 80100080 0013f110 vsdatant+0x2f996
b4b305e0 7c90eb94 0013f170 80100080 0013f110 nt!KiFastCallEntry+0xf8
0013f168 00000000 00000000 00000000 00000000 0x7c90eb94


FOLLOWUP_IP:
fltmgr!FltpGetStreamListCtrl+5a
b9eacbf8 eb02             jmp    fltmgr!FltpGetStreamListCtrl+0x5e (b9eacbfc)

SYMBOL_STACK_INDEX:  2

FOLLOWUP_NAME:  MachineOwner

SYMBOL_NAME:  fltmgr!FltpGetStreamListCtrl+5a

MODULE_NAME:  fltmgr

IMAGE_NAME:  fltmgr.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  44e97991

STACK_COMMAND:  .trap ffffffffb4b300a8 ; kb

FAILURE_BUCKET_ID:  0x8E_fltmgr!FltpGetStreamListCtrl+5a

BUCKET_ID:  0x8E_fltmgr!FltpGetStreamListCtrl+5a

Followup: MachineOwner
---------

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11848
    • AVAST Software
Re: BUG? : Avast crashes on inserting a CD
« Reply #3 on: October 18, 2007, 09:55:53 PM »
Please try to send the minidump file to Vlk's e-mail.
Thanks.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11657
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: BUG? : Avast crashes on inserting a CD
« Reply #4 on: October 18, 2007, 10:09:01 PM »
Excellent. This is actually the TOP issue we've seen with our Vista driver so far. We have even consulted it with MS developers for a number of times - but it's still a mystery!

I'm quite excited we've found someone who has this problem reproducible. Eccentra, sincere thanks for coming in. Hopefully, this will lead to a solution quickly (it has always been quite a hassle to analyse the dumps submitted via WER [Windows Error Reporting] as there's no context attached to them [i.e. noone tells you something like "it crashed while inserting a CD"] :)).

And it's even nicer to see that there are still people who know how to use a debugger. :)

Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11657
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: BUG? : Avast crashes on inserting a CD
« Reply #5 on: October 18, 2007, 10:16:43 PM »
I'd suggest proceeding as follows: turn on Driver Verifier on all non-Microsoft drivers in the system (or, "unsigned" drivers).
Enable Special pool, Pool tracking and I/O Verification.

Now, I'm not sure if you know how to do that (I reckon you have some skills in this field, given you posted the kd analysis) - but if you don't, don't hesitate to tell us and I'll give you step-by-step instructions what to do.

Hopefully, the Verifier will catch whoever's responsible for this before the problem happens (I'd say it's a pool corruption).


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88739
  • No support PMs thanks
Re: BUG? : Avast crashes on inserting a CD
« Reply #6 on: October 18, 2007, 11:31:29 PM »
Excellent. This is actually the TOP issue we've seen with our Vista driver so far. We have even consulted it with MS developers for a number of times - but it's still a mystery!

Vlk,
Eccentra states in the first post that the OS is XP SP2 so it seems a bit strange if this were a vista driver issue, or is it a modified driver that is also for XP ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11657
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: BUG? : Avast crashes on inserting a CD
« Reply #7 on: October 18, 2007, 11:41:29 PM »
It is the top issue we're seeing on Vista (according to the stack trace posted). One of the possibilities is that it's a subtle bug in the Windows filter manager (fltmgr.sys) but we never had enough data to prove it (or reject it).

Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.

eccentra

  • Guest
Re: BUG? : Avast crashes on inserting a CD
« Reply #8 on: October 19, 2007, 02:04:28 AM »
I've emailed a couple more crash dumps, and then turned verifier off again (it was crashing even more often than before).

I really don't use windbg (or verifier) at all -- .net is my thing, so BSOD crashdumps are well outside my comfort zone -- but my reading is that vobid.sys is the culprit. Which makes some kind of sense, given that the main symptom was crashing on CD-insert...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11657
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: BUG? : Avast crashes on inserting a CD
« Reply #9 on: October 19, 2007, 06:14:54 PM »
Hi,

thanks for the update.
I have a question: which Driver Verifier options did you turn on? Only the three that I suggested, or also some other?
The thing is, while vobid.sys seems to contain a bug that Driver Verifier catches, I doubt that this bug was actually the reason why the system was crashing (without driver verifier turned on).

Please try enabling only Special pool and Pool tracking, and try once more.

BTW bluescreen is how the Verifier works: whenever it detects something suspicious, it just throws a bugcheck. This is because it's primarily meant to be run with a kernel debugger attached (and a bugcheck with a debugger attached actually triggers a trap into the debugger).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

eccentra

  • Guest
Re: BUG? : Avast crashes on inserting a CD
« Reply #10 on: October 19, 2007, 09:49:48 PM »
Two more crashdumps with the suggested verifier settings are in the mail...

Disabling VOBID InstantDrive seems to have fixed the immediate problem, though.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11657
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: BUG? : Avast crashes on inserting a CD
« Reply #11 on: October 19, 2007, 10:14:31 PM »
Well, in this case, it all ready points to vobid.sys -- even though the two dump files from today  don't provide any more information than the original dump.

Anyway, the build date of vobid.sys Aug 01, 2003 (i.e. it's more than 4 years old) -- isn't there an updated version somewhere?

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

eccentra

  • Guest
Re: BUG? : Avast crashes on inserting a CD
« Reply #12 on: October 19, 2007, 10:32:43 PM »
...and I immediately got another crash right after posting that (and after disabling the VOBID thingy) so there's another dump in the mail...

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2084
Re: BUG? : Avast crashes on inserting a CD
« Reply #13 on: December 13, 2008, 12:27:00 AM »
Hello, have you successfully solved the problem? If yes, how? It seems, VOBID driver (vobi?.sys) is not installed alone, but it comes (or other CD/DVD related software you have in your system) with one of these drivers:

b6d7e000 b6d875a0 drvnddm  drvnddm.sys  Sat Aug 14 00:35:49 2004 (411D4245)
b6f7d000 b6fb0000 vobiw    vobiw.SYS    Wed Sep 01 14:50:00 2004 (4135C578)
b9fa6000 b9fba000 Cdrdrv   Cdrdrv.sys   Tue Aug 03 11:10:33 2004 (410F5689)
ba6c4000 ba6d8c00 drvmcdb  drvmcdb.sys  Thu Aug 05 01:01:36 2004 (41116AD0)
bac58000 bac5dbc0 ssrtln   ssrtln.sys   Wed Jul 14 20:28:48 2004 (40F57B60)
badb8000 badb95c0 sscdbhk5 sscdbhk5.sys Wed Jul 14 20:29:02 2004 (40F57B6E)


EDITED: I've analyzed another similar dump and after a little conversation with the user, the problem disasppeared when he uninstalled Pinnacle product ???.
« Last Edit: December 13, 2008, 02:18:22 AM by pk »