RDP rdpdr.sys causes Win XP BSOD on accessing shared drive

This case is VERY similar to mine, but it occurs in Win Server 2003; I’m running Win XP: http://forum.avast.com/index.php?topic=113581.msg887363#msg887363

[ol]- If Avast Antivirus is installed, although the RDP session initiates OK, and I’m OK doing things that don’t involve copy/paste, as soon as I attempt to access a shared (i.e, RDP client) drive, immediate BSOD on the Win XP server. Bluescreen minidmp file indicates rdpdr.sys as the culprit. 100% reproducible.

  • After completely uninstalling Avast & rebooting, the problem goes away, i.e., I can RDP into the Win XP server, and copy & paste files or text or whatever back & forth, without any issues.[/ol]

XP clean install, SP3, all updates. I cannot follow the recommended Win Server 2003 solution:


Please check the KB article in the link provided below: http://support.microsoft.com/kb/960652 The issue is confirmed by Microsoft as theirs. Just install the patch and everything will be okay.
because those versions of rdpdr.sys are for Win Server 2003, not XP. (If anyone knows whether they [i]can[/i] be used in XP, please let me know!) My current (XP) rdpdr.sys is dated 4-SEP-2009, 12:43:46, version 5.1.2600.5875 (xpsp_sp3_qfe.090904-1906).

Is there a fix for Win XP? I’ve been tearing my hair out over this for a month, have reinstalled XP, and nothing works. I don’t not want to use Avast, but several people have said it’s a problem with Avast, and I should be using AVG (which I found to be slow).

Please help!
Thanks

Please upload your minidump(s) here: ftp://ftp.avast.com/incoming/

Uploaded two representative dmp files:
borhani_Mini041213-01.dmp
borhani_Mini041213-02.dmp

Other have reported that, like me, uninstalling Avast! and installing AVG works—no BSOD’s. See thany1’s second post here: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/97c547a7-b234-4e1d-b089-0e7876c3a55b

I like Avast! much better than AVG. I really hope the excellent coders at Avast! and in the Avast! community can figure out what is wrong here!

Thanks

Also, my slow reply is not because I am not interested in sorting this out — I really want to get it fixed! I just didn’t realize I had to turn on “notify”, so I didn’t see your upload request.
Thanks

Same problem here: Windows Vista → Windows XP SP3. Remote Windows XP crashes on copy when clipboard is shared (if you have this and drive sharing turned off in the RDP terminal client settings you are OK).

Not sure if it’s possible to just install the Windows Server 2003 Hotfix on Windows XP? Would be a shame to blow up the machine with such an attempt. Has anyone been brave enough to try?

I too like AVAST over AVG (though haven’t tried AVG in a while), but if there is no solution I might just go for the light-weight WSE.

What a weird problem huh!? Took 1 day + a morning to get to the root of this problem (after fixing some driver issues, which I understood to be a possible culprit - should have persisted with a more direct root!). Thank you borhani and Peresmeshnik for identifying the cause: 1 day + a morning doesn’t seem so bad compared to what you went through, but still a royal waste of time. Still these things happen.

Hi Avast! developers,

Could you please try to sort out what is wrong here? Could it be a program update that occurred sometime around April 7, 2013?? I had run Avast! & RDP for ~1 year prior to this April, without any issues; it suddenly went bad on April 7 ---- worked on night of April 6, failed on morning of April 7!

Thanks!

Hi,
we change one part in filesystem driver which queries for file paths. Unfortunately, in RDP session (under XP/2003) it can lead to BSOD if you mapped harddisk drives and you access them. This bug is in XP and it was fixed in Vista+. I would suggest you to apply that KB fix (http://support.microsoft.com/kb/960652). It should work on XP as well (please confirm it, so we can use it as official answer until we release new program version).

Thanks,
Petr

Hi PK,

Thank you for getting back to us. I read somewhere else also that XP and Windows Server 2003 are close cousins, but is it safe to assume that applying this hotfix won’t corrupt the system (I rely on it quite a bit)?

Thank you.

It depends, we also use one driver for XP/2003/Vista+ OSes. There’re small changes between XP/2k3, but I think it should be ok. Please backup your original Rdpdr.sys file (\windows\system32\drivers). If KB refuses to install, let me know and I’ll send you rdpdr.sys from this KB package (so you can update it manually). Thanks.

Hi again,

I was getting muddled up with the different hotfixes I have been reading about and didn’t realise this one is just for the rdp driver, so I guess it should be pretty safe to try, i.e. at worst remote desktop would stop working.

I will try it tonight as I am not near that computer right now (hence my need for rdp :wink: and I guess I should be near it when I try this.

Thank you again for your invaluable help!

PK, just to confirm: the change made to Avast!, around the April 7 timeframe, made Avast! cause this BSOD even though it previously did not cause it?

I ask because the KB article is from 2009, and I’ve only been running Avast! since 2011. And, I’ve been mapping drives the entire time (until April 7!!).

I’ll try the hotfix tonight as well. I had read this KB article, but held off on applying the fix for the same reason as lm713: I don’t want to brick by system, or have to do some sort of serious back-tracking. Also, I had googled for an “official” XP version of this rdpdr.sys file without luck. I guess it is possible that MS created the fix only for Server 2003 (but that seems odd, given the date).

PK, Long story short: I need the rdpdr.sys file — not the hotfix zip file — from you. The hotfix doesn’t work. Thanks!

Details

The 2003 Server hotfix file “368918_ENU_i386_zip.exe” unzips to “WindowsServer2003-KB960652-x86-ENU.exe”, which then refuses to run on WinXP (Pro, 32-bit), giving the following error:

KB960652 Setup Error

The version of Windows you have installed does not match the update you are trying to install.

Interestingly, however…

I mistakenly downloaded the hotfix earlier today, at work (Win7 x64). The hotfixer downloader was “smart” enough to give me the x64 version (without complaining that it’s not for Win7); my old eyes missed the “x64” in the file name. Here’s the crazy part: “368938_ENU_x64_zip.exe” unzips to “WindowsServer2003.WindowsXP-KB960652-x64-ENU.exe”!!

But of course, this file doesn’t run on XP 32-bit, but gives instead a rather cryptic error:

Extraction Failed

update\update.exe is not a valid Win32 application.

WindowsServer2003.WindowsXP-KB960652-x64

Server2003 and XP 64-bit has the same kernel version, i.e. they’re both identical inside

Downloaded links for rdpdr.sys:
x86: http://public.avast.com/~kurtin/patches/rdpdr/x86/SP2QFE/rdpdr.sys
x64: http://public.avast.com/~kurtin/patches/rdpdr/x64/SP2QFE/rdpdr.sys

Please let me know if it works for you, thanks.

Thanks, will give a try tonight

:smiley: :smiley: IT WORKS!!! ;D ;D

I had to disable the Windows System File Protector, setting it to ignore (only) rdpdr.sys, so that I could slip in the Win 2003 Server version of rdpdr.sys that pk supplied. Instructions on how to do this are here: http://bitsum.com/aboutwfp.asp Skip right to:


Mod Method 5: Disable WFP permanently for specific files via patching the protected file list
More simple than patching executable code is simply patching the list of files contained in SFCFILES.DLL. First, copy
SFCFILES.DLL to a temporary file. Using a hex editor (i.e. UltraEdit), search for files to disable protection on inside
the temporary file. Once found, replacing the first character of the file name with 0 (that is: value 0 NOT ascii ‘0’
character). After completing the modifications, correct the checksum using our PEChkSum utility and set the temporary
file to replace the original at boot-time using our MoveLatr utility. Reboot the computer to finish the process.

I used HxD to edit C:\WINDOWS\system32\SFCFILES.DLL; there were ~5 instances of “r◊d◊p◊d◊r◊.◊s◊y◊s” (“◊” = null, hex 0x0). I changed them all to “◊◊d◊p◊d◊r◊.◊s◊y◊s”; fixed the checksum (Chksum.exe sfcfiles.bak); set up the file replacement (MoveLatr.exe sfcfiles.bak sfcfiles.dll); and rebooted. Worked fine (as evidenced by a quick peek at the new SFCFILES.DLL).
The needed utilities Jeremy Collake mentions are here: http://bitsum.com/other/ WORKED LIKE A CHARM (Thanks Jeremy!)

THEN, I was able to copy the new rdpdr.sys (having saved a copy of the old one!) to C:\WINDOWS\system32\drivers & :\WINDOWS\system32\dllcache (for good measure), without the WinXP WFP “nanny” replacing the file!!

Tested RDP from Win7 client to the now-stably-modified WinXP sever: it worked fine; c

Reinstalled Avast! (ver. 8, free version). OK

And the Acid Test: RDP from Win7 into WinXP — with Avast! running — IT WORKED! copy/paste, with drives mapped, worked in both directions.

Thanks so very much, pk!

Great work borhani!

I’m sorry I was useless! The first night I didn’t have time to try and the second (last night) I forgot to bring my laptop so I would have been unable to test!

Anyway, thank you pk and borhani. I’m sure there will be many more very grateful people to find this thread.

Here are some more keywords to help the search: Windows XP restarts automatically (or Blue Screen / stop error beginning “0x0000007E (0xC0000005, 0x00000000”) on copy or cut of files when logged in via Remote Desktop (RDP) and the Local Resources clipboard or drives are shared in the session and the operation involves accessing one of these. Note that if Clipboard sharing is enabled, cutting or copying any file on the remote desktop will trigger the error (regardless of whether you are moving/copying it to a local drive) - presumably the driver is used to make a note of the location of the data in case you want to paste it onto your local desktop, and this triggers the error.

Note: this error does not appear to depend on the OS of the client (the computer logging into the windows XP computer) and is not exclusive to systems running AVAST, but the bug in rdpdr.sys is the same and so is the solution, courtesy of pk and borhani.

Would be nice if MS just allowed XP on the Hotfix (since it works for XP).

Thanks again!

I have posted feedback on the KB article to ask MS to release the Hotfix for WinXP. Worth a shot.

I think MS is trying really hard to ignore XP. They want it to go away. It’s a shame, because each new OS version brings very little gain, and often a lot of useless junk, IMHO.

As I mentioned, I use Vista (on the laptop I remote desktop into XP) and it is a nightmare. I practically do nothing on it other than rd and browse the web, yet it’s managed to get completely clogged up (running out of drive space on C), and even more annoyingly the hdd goes crazy every now and again, the system grinding to a halt - forget about even streaming anything. The HDD itself is fine. It’s usually some svchost.exe process or similar, apparently deciding to defrag the hard drive or something at random!

Automatic Updates on XP used to cause me a similar headache when it would periodically evaluate the system for updates, causing the system to halt for a few minutes. The only solution was to disable the Automatic Updates service and run it on my time. (Fully automatic updating, which apparently runs at a time specified by you, e.g. 3 am, was not an option for me because it would download and install updates for Office components I don’t even have installed - yes that is MS logic for you.) At least on XP you can easily delete the update uninstallers and download backups (I’m not sure why it doesn’t at least remove these itself). My conspiracy theory is that MS clogs up systems on purpose so that users feel they need to upgrade. But I was able to watch video fine in 2004, and before, so why not now? I’m not playing the latest computer games or anything like that.

Apologies for my ranting.

I think I will eventually upgrade to Win7. I’ve heard it’s much better than Vista. 8 apparently is not being recommended to businesses by the big IT consultancy firms (not worth the effort they say).

I have Win7 at work. It “looks” cuter than XP, but it’s not better, and in some ways worse. As Steve Jobs said, “They just don’t get it.” MS tries to add cute features without fixing underlying bugs & annoyances (such as overall sluggishness, file explorer doesn’t update automatically, “Recent Places” often doesn’t show the most obvious things (like that file I was just editing).

One thing that I found helped a lot was to get a non-MS disk defragmenter. I picked Auslogic’s (free) program: very, very easy to use, fast, and does (AFAI can tell) a great job. One option is to “optimize” the disk, i.e. placing key system files in the most quickly accessed parts of the disk. Lastly, fix the swap file at a fixed, reasonable size. Mine is currently fixed at 4 GB (I have only 2 GB of RAM, the most my motherboard can take). Unless you’re doing something like editing video, 2+4 should be much more than enough. Hope this helps!