aswRdr.sys and BSoD

Avast Free Antivirus / Premium Security
1

When I launch StarCraft 2 it launches Blizzard downloader to update patches. At that very moment, I get a BSoD, and debugger identifies aswRdr.sys (from MEMORY.dmp) or aswTdi.sys (from minidump) as culprit.
Also I checked netstat with -no options and TCPView, they also crash the system.
Any ideas?

2

I PM PK and “i think” he will come ::slight_smile:

3

vanB, I’d love to see both files (memory.dmp + minidump). Could you please compress those files and upload them to our ftp site?
instructions are here: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=18

Thanks!

4

OK, sent the dumps under vanB_dmp.rar

5

@ superhacker, The OP cannot PM since they are a newbie per anti-spam on the forum until they reach 20 posts. But pk was keeping an eye on things. :wink:

6

I know and i wrote:I PM PK which mean me superhacker pm the member PK and i cant see any thing mean"OP PLEASE PM PK" ???
You should read carefully :wink:

7

vanB, it looks like you have a network rootkit in your system; could you please download & run GMER (http://www.gmer.net/#files), press “Scan” button and “Save” the log file? Please send me it to kurtin@avast.com, thanks.

8

The first time I ran gmer, it crashed into BSoD code F7 (A driver has overrun a stack-based buffer) while scanning, after reboot it did so again (at lauching this time), also system informed me there is no room on C: . Unfortunatelly I do not have the first dump, only the second, I too hastily rebooted laptop myself.
Surprisingly, after that reboot (I also disabled my net connection) gmer runs with no problem and avast detected a rootkit and suggested immediate removal, which advice I followed. I did not catch file name, though.
I’ll send gmer’s report promptly(only disk C:, other disks are not default, I pressed scan without noticing it).

9

Gmer log sent.

10

Thanks, it looks clean now.

11

Hmm, StarCraft, netstat and TCPView continue to crash the system, and avast yet again found a rootkit in asc3550p.sys. Either the rootkit is nasty or it is a driver issue. Any ideas?

12

maybe this will help you: http://forum.avast.com/index.php?topic=54310.0

13

Thanks! In what you linked I found advice to run old good God-given ComboFix and it did the job ;D!

Best Regards
vanB

14

I apologize…I guess I only had one eye open when I was reading it. I’ll try to keep both eyes open from now on. :slight_smile: