SBS 2000 Crashing every 4 to 5 days

My SBS 2000 server has been crashing every 4 to 5 days since installation of avast. My other servers are not having any issues.

Here is the contents of the Memory.dmp file (I have 4 different files from each crash all are the same).

Debugging Details:

*** ERROR: Module load completed but symbols could not be loaded for aswMon.SYS
*** ERROR: Symbol file could not be found. Defaulted to export symbols for aswCmnB.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for aswEngin.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Aavm4.dll -




*** Your debugger is not using the correct symbols ***


*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***


*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***


*** Type referenced: kernel32!pNlsUserInfo ***






*** Your debugger is not using the correct symbols ***


*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***


*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***


*** Type referenced: kernel32!pNlsUserInfo ***



EXCEPTION_RECORD: be6e4828 – (.exr 0xffffffffbe6e4828)
ExceptionAddress: bee30fa3 (exifs!ExifsSetFileInfomationInCache+0x00000027)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000

CONTEXT: be6e4480 – (.cxr 0xffffffffbe6e4480)
eax=00000000 ebx=e411b1c0 ecx=00000000 edx=e411b008 esi=87f2e768 edi=873faae8
eip=bee30fa3 esp=be6e48f0 ebp=be6e4904 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
exifs!ExifsSetFileInfomationInCache+0x27:
bee30fa3 ff30 push dword ptr [eax] ds:0023:00000000=???
Resetting default scope

DEFAULT_BUCKET_ID: NULL_DEREFERENCE

PROCESS_NAME: aswServ.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

READ_ADDRESS: 00000000

BUGCHECK_STR: 0x27

LAST_CONTROL_TRANSFER: from bee31b51 to bee30fa3

STACK_TEXT:
be6e4904 bee31b51 873faae8 00000000 873fab68 exifs!ExifsSetFileInfomationInCache+0x27
be6e4938 bee3ea78 e3fae2b8 e411b008 bee4fbc0 exifs!MRxIfsSetFileInformation+0x1c5
be6e4944 bee4fbc0 873faae8 00000004 e411b008 exifs!RxpSetInfoMiniRdr+0x5a
be6e498c bee5101b 873faae8 bee50dd4 873faae8 exifs!RxSetBasicInfo+0x54
be6e49dc bee3e077 873faae8 87f6b988 bee462e0 exifs!RxCommonSetInformation+0x247
be6e4a70 bee4cfcb bee462e0 87537e06 87537f58 exifs!RxFsdCommonDispatch+0x2de
be6e4a9c bee31fea 889a8028 87537e06 872e10a8 exifs!RxFsdDispatch+0x93
be6e4ab8 8041eecb 889a8028 00537ee8 87537f7c exifs!MRxIfsFsdDispatch+0x56
be6e4acc bea22c09 87de0940 87537ee8 87537ee8 nt!IopfCallDriver+0x35
WARNING: Stack unwind information not available. Following frames may be wrong.
be6e4ba0 bea1d538 87de0940 87537ee8 8041eecb aswMon+0x5c09
be6e4ccc bea1ff27 00000630 08e5a22c 08e5a204 aswMon+0x538
be6e4d48 80468389 00000630 08e5a22c 08e5a204 aswMon+0x2f27
be6e4d48 77f88c97 00000630 08e5a22c 08e5a204 nt!KiSystemService+0xc9
08e5a1e4 7c5869b7 00000630 08e5a22c 08e5a204 ntdll!NtSetInformationFile+0xb
08e5a234 64084cae 00000630 00000000 08e5a258 KERNEL32!SetFileTime+0x70
08e5a264 64084ce4 04c21e80 08e5a2b0 64081475 aswCmnB!CGenericFile::RestoreFileTime+0x66
08e5a28c 642a863d 04c21e80 04c21e88 08e5a401 aswCmnB!CGenericFile::_Close+0x2b
08e5a368 642a876f 04c21e80 08e5a3b4 00000000 aswEngin!avfilesScanReal+0x32c4
08e5a418 642a0fdb 04c21e80 08e5a444 00000000 aswEngin!avfilesScanReal+0x33f6
08e5a474 65012ea2 04c21e80 001581c4 08e5b94c aswEngin!avfilesScanRealW+0xc3
08e5b984 65013191 00000008 001581c4 001589d4 Aavm4!AavmSetDataRefreshRate+0xf9b
08e5b9b0 6500fd3e 80000008 001581c4 001589d4 Aavm4!AavmSetDataRefreshRate+0x128a
08e5ba24 65012348 80000008 001581c4 001589d4 Aavm4!AavmFormatExResName+0xc4e
08e5c4e8 650052eb 001581b0 08e5f6ec 001589d4 Aavm4!AavmSetDataRefreshRate+0x441
08e5ffb4 7c57b3bc 00158198 77f86754 77f8670c Aavm4!AavmWhsRemoveNotification+0x4c8
08e5ffec 00000000 65004faa 00158198 00000000 KERNEL32!BaseThreadStart+0x52

FOLLOWUP_IP:
exifs!ExifsSetFileInfomationInCache+27
bee30fa3 ff30 push dword ptr [eax]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: exifs!ExifsSetFileInfomationInCache+27

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: exifs

IMAGE_NAME: exifs.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 40ca6e2f

STACK_COMMAND: .cxr 0xffffffffbe6e4480 ; kb

FAILURE_BUCKET_ID: 0x27_exifs!ExifsSetFileInfomationInCache+27

BUCKET_ID: 0x27_exifs!ExifsSetFileInfomationInCache+27

Followup: MachineOwner

Hello, please ZIP one of your memory.dmp file and upload it to ftp://ftp.avast.com/incoming (note that you won’t have READ access to the ftp erver, just write - so you won’t even be able to see what you’ve just uploaded). You don’t need to login… thanks!

I’ve uploaded the file. MEMORY-10-24-2008.zip

Any input on what is causing this issue. It rebooted 3 times on me today. The only option I have currently is to disable avast. Please help

I am having the same trouble with my Windows 2003 SBS Server - Avast version 4.7 since it was installed the server hangs and checking the event log shows the System log is logging a number of error log events - event id 7011 (Service Control Manager) - Message: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

It does not matter on time of day or tasks anyone is doing - it just seems to lock up every 5 - 10 days requiring reboot, frustration from users on losing their documents they were working on at the time and me scratching my head! :slight_smile: Please help in this matter and I would be happy to help with any info that is required.

I have disabled all of the real time providers down to only the Standard Shield Provider with no luck. I have also gone to Advanced on the Standard scanner to stop it scanning the Exchange folders and certain EXEs relating to Exchange. Scanning is set to Normal.