Powtarzające się błędy STOP,przyczyna AV AOL


(Lammermoor) #1

Parę dni temu pisałam o tym problemie,przeinstalowałam AV i był spokój do dziś kiedy cała historia powtórzyła się.Nie wiem co się nagle stało systemowi,że wyraźnie mu ten antywirus nie pasuje.Chyba pozostaje deinstalacja i wybór jakiegoś innego.Załączam minidump i proszę o pomoc.

Microsoft (R) Windows Debugger Version 6.6.0007.5

Copyright (c) Microsoft Corporation. All rights reserved.



Loading Dump File [C]

Mini Kernel Dump File: Only registers and stack trace are available


Symbol search path is: ***Invalid***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path. *

* Use .symfix to have the debugger choose a symbol path. *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is: 

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055a620

Debug session time: Thu Mar 15 21:50:34.484 2007 (GMT+1)

System Uptime: 0 days 0:00:33.046

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

* *

* The Symbol Path can be set by: *

* using the _NT_SYMBOL_PATH environment variable. *

* using the -y argument when starting the debugger. *

* using .sympath and .sympath+ *

*********************************************************************

Unable to load image ntoskrnl.exe, Win32 error 2

*** WARNING: Unable to verify timestamp for ntoskrnl.exe

*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

Loading Kernel Symbols

..................................................................................................................................

Loading User Symbols

Loading unloaded module list

..

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck C2, {40, 0, 80000000, 0}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


*** WARNING: Unable to verify timestamp for klif.sys

*** ERROR: Module load completed but symbols could not be loaded for klif.sys

Probably caused by : klif.sys ( klif+1acdc )


Followup: MachineOwner

---------


kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************


BAD_POOL_CALLER (c2)

The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.

Arguments:

Arg1: 00000040, Attempt to free usermode address to kernel pool

Arg2: 00000000, Starting address

Arg3: 80000000, Start of system address space

Arg4: 00000000, 0


Debugging Details:

------------------


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


***** Kernel symbols are WRONG. Please fix symbols to do analysis.



MODULE_NAME: klif


FAULTING_MODULE: 804d7000 nt


DEBUG_FLR_IMAGE_TIMESTAMP: 44d9b0b4


BUGCHECK_STR: 0xc2_40


CUSTOMER_CRASH_COUNT: 1


DEFAULT_BUCKET_ID: WRONG_SYMBOLS


LAST_CONTROL_TRANSFER: from 8054a0a8 to 8053354e


STACK_TEXT:  

WARNING: Stack unwind information not available. Following frames may be wrong.

b275ebbc 8054a0a8 000000c2 00000040 00000000 nt+0x5c54e

b275ebf8 8054ad8b 00000000 00000005 e1073c68 nt+0x730a8

b275ec38 8058b877 00000000 00000000 e1073c68 nt+0x73d8b

b275ec54 8058d211 e1073c68 e1073c68 e19cf7a8 nt+0xb4877

b275ec68 80594b83 e1073c68 b275ec80 80567ced nt+0xb6211

b275ec74 80567ced e1073c68 b275ec98 8056b83a nt+0xbdb83

b275ec80 8056b83a e1073c68 00000000 e2a2c2a8 nt+0x90ced

b275ec98 80563af7 e2a2c2c0 e2a2c2a8 00000000 nt+0x9483a

b275ecb4 804e36d5 e2a2c2c0 00000000 00000114 nt+0x8caf7

b275ecd8 80566cb3 81adeda0 e29b5428 81ae1340 nt+0xc6d5

b275ecf0 80566d1c e29b5428 e2a2c2c0 00000114 nt+0x8fcb3

b275ed38 80566d66 00000114 00000001 00000000 nt+0x8fd1c

b275ed4c b2d55cdc 00000114 0012efcc 804de7ec nt+0x8fd66

b275ed64 7c90eb94 badb0d00 0012efc8 00000000 klif+0x1acdc

b275ed68 badb0d00 0012efc8 00000000 00000000 0x7c90eb94

b275ed6c 0012efc8 00000000 00000000 00000000 0xbadb0d00

b275ed70 00000000 00000000 00000000 00000000 0x12efc8



STACK_COMMAND: kb


FOLLOWUP_IP: 

klif+1acdc

b2d55cdc ?? ???


SYMBOL_STACK_INDEX: d


FOLLOWUP_NAME: MachineOwner


IMAGE_NAME: klif.sys


SYMBOL_NAME: klif+1acdc


BUCKET_ID: WRONG_SYMBOLS


Followup: MachineOwner

---------

(Jjoasz) #2

tu masz odpowiedz:

''Kaspersky Anti-Virus, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to missing validation of pointers supplied by user-space programs before they are used by custom system services installed by "klif.sys" to access memory. This can be exploited to cause the system to reboot due to invalid memory access.

The vulnerability has been confirmed in Kaspersky Anti-Virus 6.0.0.300 and Kaspersky Internet Security 6.0.0.300. Other versions may also be affected.

Solution:

A fix was issued on 2006-06-30 via regular database update.''

update AV zrob,powinno pomoc