8 Replies Latest reply on Aug 12, 2010 5:28 PM by boyleb

    BSOD when running On Demand Virusscan 8.7

      At this moment we are testing AV8.7 with Spyware module on some machines. We find out that some of our machines crashes when we start an On-Demand scan. It gaves the following error on a Dell Latitude D830 with Windows XP sp3:

      STOP: 0x0000008E (0xC0000005, 0xA8E93C89, 0xA74632A0, 0X00000000)

      dxec01.sys - Address A8E93C89 base at A8E82000, DateStamp 454a39be



      During our self test we found out that the problem only exist when we running the Memory for Rootkits

      When other scans are running on the same machine, we have no problems. Hope that someone can fix this problem with SP1

      But if anyone knows an earlier solution?
        • 1. RE: BSOD when running On Demand Virusscan 8.7
          akl71
          We logged a case @ McAfee Support. They wanted us to test the machines with the Rootkit Detective (http://vil.nai.com/vil/averttools.aspx) and surprise ... Bluescreen, seems to be a problem with the rootkit scanning technology.
          • 2. RE: BSOD when running On Demand Virusscan 8.7
            akl71
            Answer from McAfee Support ...

            -------
            I inform you that we are aware of this problem of BSOD during OnDemandScan, this is caused when running On Demand Scan selecting the option "Memory for Rootkit".
            This only occurs with 8.7i due to having better root-kit detection, but the crash occurs if there's certain driver loaded in memory.
            We are investigating whether these 3rd party driver's issues can be worked around, else, the solution is to contact the vendor of the other driver for a fix.
            You reported that un-installing the audio driver Dell named "Knowles Acoustics IntelliSonic Speech Enhancement" in the version Version 2.1.37 A02, no bluescreen is getting detected, please report this problem to the company maunfacturer of the driver.

            The workaround at the moment is: do not scan memory for rootkits.
            This should be resolved in VSE 8.7 Patch 1, due to be released end of February 2009.
            • 3. RE: BSOD when running On Demand Virusscan 8.7
              Ok,
              I have 30 machine DELL lattitude and I have this phenomene for 40%.
              • 4. RE: BSOD when running On Demand Virusscan 8.7


                dear all,

                any updates on this? i've reported to mcafee but obviously they are going round in circles again....
                • 5. RE: BSOD when running On Demand Virusscan 8.7
                  no update, we need the patch 1
                  • 6. RE: BSOD when running On Demand Virusscan 8.7


                    It is now mid May, and as far as I know this issue has still not been resolved. Moreover, it's not just the BSOD that occurs. According to a McAfee tech support person who spent about an hour on the phone with me, the problem can also show up in McAfee's causing the system to spontaneously reboot when the user attempts to get McAfee to do an on-demand scan. This, according to the tech support person, is a "known issue," but it nonetheless took him an hour before he told me this. Moreover, apparently McAfee never notified the institution that supplies McAfee to its employees via a site license.

                    The tech support person told me that the patch would be ready in mid-May. I asked whether it would be delivered automatically. He replied that it would not. Thanks, McAfee. :mad:
                    • 7. Re: BSOD when running On Demand Virusscan 8.7

                      Just wanted to let you know that AVG Internet Security version 9 (actually 9.0.700 at my last update) has the same problem on my machine.  A rootkit search immediately goes to a blue screen (BSOD) complaining about driver dxec02.sys, which is part of Knowles Acoustics Intellisonic Speech Enhancement.  My machine is a Dell Inspiron 1520 laptop, running Windows XP Home Edition, Service Pack 3.

                       

                      I don't know about you, but the fact that both McAfee and AVG are having this problem makes me suspect that it has more to do with the driver than the anti-rootkit software.

                       

                      No new drivers were available (I have driver version 2.1.1.27 in package 2.1.37/A06), and after a couple of weeks of back and forth with AVG I gave up and decided on the following solution :

                       

                      I uninstalled the driver through Device Manager (Control Panel -> System -> Hardware -> Device Manager).  Expand Sound, video and game controllers, and double-click SigmaTel High Definition Audio Codec.  Click on the driver tab and click uninstall.  Click OK on the warning.  This uninstalls ALL the Sigmatel Drivers.  On my system most of these magically reappear on reboot - see below.  Then go to C:\WINDOWS\system32\drivers and rename dxec02.sys (or whatever your equivalent is) dxec02.old.  Then disable the system tray Intellisonic Icon using msconfig (Start -> Run -> type msconfig -> Startup Tab -> Uncheck KADxMain -> Click OK -> Confirm the Restart -> Click the "Don't Show..." box in the popup after restart -> Click OK).

                       

                      I found that on reboot the system reinstalled all the Sigmatel drivers (from my hard disk presumably - I did not insert a CD) except the problematic dxec02.sys.  If this doesn't happen for you then you might have to reinstall the drivers from your CD, or download them from support.dell.com, and you may be stuck with Intellisonic.  My sound card now works fine, both speakers, headphone jack, built in microphones and microphone jack.  Presumably I have lost the microphone array processing.

                       

                      Note that I did not uninstall Intellisonic from Add/Remove programs because I read a sorry tale on a forum by someone who had and had now lost all sound card functionality and did not seem to be able to get it back. I didn't want to take the risk.  If I click on the Intellisonic Icon in Control Panel it tells me it needs repairing and then that it needs reinstalling.  Note that if you didn't rename the driver file it will repair it, and then you'll have to start over.

                       

                      With these changes the rootkit search runs fine.


                      Posted here in the hope that it will help other people spend slightly less time on this problem than I did...

                      • 8. Re: BSOD when running On Demand Virusscan 8.7

                        hello there,

                         

                        just used your procedure and it worked a dream.

                         

                        certainly did save me time!

                         

                        the file I had a problem with was nipalk.sys.

                         

                        I renamed it as you say, and uninstalled and reinstalled my realtek sound card drivers and HEY PRESTO, worked again.

                         

                        I dont think any software is going nuts yet... nipalk is in some way related to nartional instruments drivers that I beloeve were installed by way of a microsoft update, because I certainly dont remember actually installing anything from them...

                         

                        that said, I did install skype, a new Jwin webcam recently...

                         

                        but, most relevantly, I ran rootkit in version 9.0 AVG for the first time one night there and that is what I think 'blew' my sound out of the water...

                         

                        anyway,

                         

                        thanks again.

                         

                        Brian, Galway, Ireland,