Avast 6.0 behavior shield causes Windows XP SP3 to lock up.

It took some time, but I’ve isolated a problem I’ve been having for the last few days. Whenever I try to modify/create/delete a file on my secondary internal hard drive, Windows would proceed to freeze. In fact, if the system didn’t immediately freeze, I would notice that any attempts to delete files would fail completely and upon reboot the files would still be present. Finally figured out that it was behavior shield that was causing the problem, as with behavior shield off, everything works fine. It appears to be causing an error in behavior shield, as attempting to delete a file then immediately shutting behavior shield off would only cause avast to crash and the system to lock up. Also, Behavior shield’s statistics do not note the event nor do I receive any error/warning message prior to the freeze, nor does it show up after reboot. For now, I’ve disabled behavior shield.

I have this issue on one computer in the house, out of four.

The difference on this particular machine, is VMWare workstation is running, and Trillian. Neither of these applications conflicted with Avast version 5.0.594, but it is only on this machine where version 6.0.1 is causing the system to lockup after the desktop and clock display (the other three machines have version 6.0.1 running without issue).

I can successfully boot into safe mode without it locking up, and, while in safemode, I can successfully uninstall Avast 6.0.1 and then reboot the computer normally without issue.

At the moment, my solution was to uninstall version 6.0.1 and install Avast version 5.0.594. It is currently rebooting without issue on the previous version of the program.

Is there any data I can provide to help the company with this issue?

ArthurG, your problem seems very similar to http://forum.avast.com/index.php?topic=72158.msg602031 , which many other users have reported. http://forum.avast.com/index.php?topic=72158.msg608390#msg608390 . I’m not sure it’s the same problem as Tourach’s, since in his/her description, the system appears to boot normally, but then malfunction later. Still, it seems that the behavior shield is involved in both.

The similarities are there, but my machine locks up just after I see the desktop and the clock appears (when the startup apps would normally load), and I have no opportunity to even click the start button before everything is frozen.

I do have ZoneAlarm on all 4 machines, as well as WinPatrol, and SuperAntiSpyware (and 6.0.1 is still working just fine on the other three machines).

After reading through the other threads, I did attempt to reinstall 6.0.1 using custom install and just unchecked the Behavior Shield, and the WebRep. But even without those two opotions, the computer still locked up on reboot. I had to boot to safe mode to uninstall 6.0.1, reboot normally and then reloaded 5.0.594.

Are there parts of the behavior shield in 6.0.1 that installs, even if you custom install without the option?

@ ArthurG and Tourach,

To help resolve your problem, please produce a mini-dump file for Avast to analyze your problems. You will have to enable the Behavior Shield and/or problem to do the dump file.

Here is additional information on how to invoke a memory dump file: http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=71.

Please, zip and upload the C:\Windows\Memory.dmp file to this anonymous ftp server and name it uniquely: ftp.avast.com/incoming. Avast will analyze it and respond back to you in this thread or to your email.

Please respond in this thread the name of the file and when you send it to Avast, but do NOT attach or cut and paste the file in this thread. Thank you.

I was walking through the “how to invoke a memory dump file” instructions, but when I got to:
“Control Panel → System → Advanced → Startup and Recovery settings, and make sure the machine is set to generate COMPLETE memory dump (in the Write Debugging Information section)”

My options in the dropdown are “None”, “Small memory dump (64KB)”, and “Kernel memory dump”

Is there a way to add an additional option in the dropdown box? Or did you want the Kernel memory dump over the small?

Since your options are None, Small dump, and Kernel, why don’t you start with the Small. If there is a way to also save the Kernel somewhere in case it is needed, that would be great. I do not know if Avast will need this additional information or not based on the analysis of the small dump file, but you can start from there. Thank you.

I can’t get the dump to start, the screen is frozen solid and the keyboard doesn’t work.

Is there a way to automatically log the dump on the bootup to see where it “stops” ?

Don’t hijack Tourach’s thread…!
Thanks,
asyn

@ Asyn,

ArthurG has been posting and being assisted in this thread already; he/she is following up on my post.

@ ArthurG,

  1. Please disable the Avast Behavior Shield and run a Quick Scan, then a Boot-time scan.

  2. After this, please run an MBAM (Malwarebytes) scan free http://www.malwarebytes.org/. Make sure you update the MBAM definitions prior to scanning. Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab. Copy & Paste the entire report in your next reply (the log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM). I just want to be sure we are not missing any malware as a source of your problems.

@ Tourach,

I realize you have disabled the Behavior Shield to temporarily resolve your problems. But to fix it, you are advised to submit a mini-dump. Have you considered doing this as suggested in my previous post? Thank you.

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6337

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/11/2011 6:17:57 PM
mbam-log-2011-04-11 (18-17-57).txt

Scan type: Full scan (C:|M:|)
Objects scanned: 365481
Time elapsed: 57 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

@ ArthurG,

Your MBAM log is clean. I’m assuming that your Avast scans also came out clean???

Do you find that your problem is any better by disabling the Behavior Shield? Is there any change in the way your machine is acting now?

My Avast scans are clean too.

And no, disabling the Behavior Shield doesn’t stop the computer from locking up on reboot after install. I’ve even tried custom install for 6.0.1 and just not installed the behavior shield, but to no success. It still locks the computer during reboot, when it reaches the desktop screen (even though the 6.0.1 scan shows the computer is clean).

I have to safe boot and uninstall to prevent the desktop from freezing, and reinstall 5.0.594 (and set to not update program), and it allows me to reboot without issue or incident.

Did you have a problem running v.5.0.889? That was the more recent version prior to v.6.0x. The version you installed now is an older version. You can download it from filehippo.com.

You can also submit a technical ticket with Avast and reference this thread http://www.avast.com/contact-form.php?loadStyles if you wish.

Do you have a link to find v5.0.889 on filehippo? I only see version 6 on that site.

I used 5.0.594 only because that was the version I had on a local hard drive prior to 6.0.1. If I had 5.0.889, I would have tried using that.

http://www.filehippo.com/download_avast_antivirus/6635/

Try this link instead http://www.filehippo.com/download_avast_antivirus/9090/ for v. 5.1.889

Just to post an update,

6.0.1091 does work on the computer that would lock up rebooting from the 6.0.1 install (I just had to try it and see if the new version made a difference, and it did).

Thanks for all the help.

You’re welcome ArthurG. I’m glad your issue is now resolved. :slight_smile: