Affected Product:
Avast4 home edition
ext2ifs 1.10c
ext2ifs 1.11
Description:
avast4 home edition is a free anti-virus tools. In 2008-07-30 it update some files, include some file called ‘aswSP.sys’. According infomation in autoruns, it’s avast self protection module.
[Here is info from autoruns.]
aswSPavast! self protection module ALWIL Software c:\windows\system32\drivers\aswsp.sys
[Here is info from update-log]
2008-7-30 7:36:14 file Direct move of file: C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys
2008-7-30 7:36:14 file Installed file:C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswSP.sys
2008-7-30 7:36:14 file Direct move of file: C:\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys
2008-7-30 7:36:59 system Reboot set by changed resident C:\WINDOWS\system32\drivers\aswSP.sys
2008-7-30 7:36:59 system Driver file copied: C:\WINDOWS\system32\drivers\aswSP.sys
If u use ext2ifs in system for share date with linux, it’ll cause system crash with code BAD_POOL_CALLER. There is not evidence show it has connections with ext2ifs, but the crash always happen when I try to access data in a disk use ext2ifs. When I copy data to ntfs disk, it’ll be all right. Here is dump analyze.
-
*
-
Bugcheck Analysis *
-
*
BAD_POOL_CALLER (c2)
The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
Arguments:
Arg1: 00000007, Attempt to free pool which was already freed
Arg2: 00000cd4, (reserved)
Arg3: 04030401, Memory contents of the pool block
Arg4: e13a7258, Address of the block of pool being deallocated
Debugging Details:
POOL_ADDRESS: e13a7258
FREED_POOL_TAG: pSsA
BUGCHECK_STR: 0xc2_7_pSsA
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT
PROCESS_NAME: _uninst.exe
LAST_CONTROL_TRANSFER: from 80544e86 to 804f9aef
STACK_TEXT:
eb364b68 80544e86 000000c2 00000007 00000cd4 nt!KeBugCheckEx+0x1b
eb364bb8 ee072a0a e13a7258 00000000 8055a584 nt!ExFreePoolWithTag+0x2a0
WARNING: Stack unwind information not available. Following frames may be wrong.
eb364be4 805c5e1c 00000730 0000016c eb364cdc aswSP+0x5a0a
eb364c04 80639346 e3986008 0000016c eb364cdc nt!PsCallImageNotifyRoutines+0x36
eb364d08 805c5bcd 7c810665 00000000 00000000 nt!DbgkCreateThread+0xa2
eb364d50 805421c2 00000000 7c810665 00000001 nt!PspUserThreadStartup+0x9d
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
aswSP+5a0a
ee072a0a ?? ???
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: aswSP+5a0a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: aswSP
IMAGE_NAME: aswSP.SYS
DEBUG_FLR_IMAGE_TIMESTAMP: 4881fba3
FAILURE_BUCKET_ID: 0xc2_7_pSsA_aswSP+5a0a
BUCKET_ID: 0xc2_7_pSsA_aswSP+5a0a
Followup: MachineOwner
The crash happened in aswSP+5a0a.
Resolve solution:
There is not solution to resolve now. Uninstall avast, or uninstall ext2ifs.