started 12/18/2006, still a problem 2/11/2007
I am trying to rollout a new set of desktops. The image is win2k pro,
all current patches, plus MS Office 2003 Enterprise Edition (+
Business Contact Manager - inc sql server). We have ADNM with all
clients being NetClient Avast 4.7.599. Images are built direct from cd
behind firewall with no neighbors. Avast client install package from
1/2006 (built in local ADNM, carried on cd) then updated through firewall.
MS update run repeatedly until no patches remain to install.
I built the image off-network and it worked fine there. When I
connected it in the company network this first PC saturated the proc
as soon as I updated to current Avast Client (and rebooted). Task
manager shows aswserv.exe as the culprit 100% cpu (running at highest
priority class). System is Dell gx260 1.8ghz p4, 512mb mem, 20gb disk
(4.5gb in use). Disk active LED shows clusters of heavy activity
(which allow some probing around by causing i/o wait). No entries
seen in Antivirus log, system log, or security log.
I thought this might be an initial scan, but it failed to complete
after 1:30:00 cpu time. Unaffected siblings running w2k pro and
Open Office scan in 30-45 minutes.
Other computers of same model do not evoke this problem - but do not
have Office 2003 either. I have removed the initial offending computer
from service and kept the config unchanged so I can test it.
Isolation tests determined the looping occurs when MS update is running.
Disabling Standard Shield allows update to complete normally. Re-enabling
Standard shield returns the problem. Problem is same for auto-update
check or manual check. Shield shows hundreds of scans of \winnt\installer
*.msi and *.msp files. Only about 20+ files are accessed, but are
scanned repeatedly.
I updated to 4.7.652 client and still have the problem - but it is
less intense!?! Still very heavy cpu usage, program usage not possible,
at least the mouse tracks better now. Number of file scans increases more
slowly now. Problem pc now replicates its misbehavior behind my firewall
isolated from all other PCs on the build network. No errant firewall
traffic is in the logs.
Pc config available in html form if requested (all patches w/version,
all installed products w/version, detail enough to sleep by).
Our normal desktops using XP Pro and MS Office 2k do not have any
problem. Another image with MS Office 2003 Standard Edition and win 2k
pro has same problem.
I know MS is not my friend, but this seems a little extreme…