Sign in to follow this  
des_eagle

KernExplorer64.sys Blue Screen

Recommended Posts

Occasionally (once a week or so) I get a BSOD with stop code 0x50 (page fault in nonpaged area) that references the file KernExplorer64.sys, which is the driver for Ad-Aware. I am using Ad-Aware Free, the newest version.

I don't seem to see any correlation with any programs. It has crashed on idle, during video games, and during regular usage, but I am never actively scanning or running Ad-Aware when it happens. Is this a 64-bit problem?

The error message suggests it is a memory problem, but I passed memtest86 and it ONLY happens with this specific file. I feel like my best option is uninstalling and waiting to see if it happens again, but I'd rather not lose the protection. Any thoughts? Thanks.

Share this post


Link to post
Share on other sites
There are a lot of reports of Ad-Aware crashing at various times - but so far Lavasoft seems to be addressing only the scan crashes. I don't recall seeing reports of BSOD here due to Ad-Aware. Maybe uninstall/reinstall will help in case that driver file is corrupt?

Share this post


Link to post
Share on other sites
[quote name='des_eagle' post='123291' date='Oct 20 2010, 01:55 AM']Occasionally (once a week or so) I get a BSOD with stop code 0x50 (page fault in nonpaged area) that references the file KernExplorer64.sys, which is the driver for Ad-Aware. I am using Ad-Aware Free, the newest version.

I don't seem to see any correlation with any programs. It has crashed on idle, during video games, and during regular usage, but I am never actively scanning or running Ad-Aware when it happens. Is this a 64-bit problem?

The error message suggests it is a memory problem, but I passed memtest86 and it ONLY happens with this specific file. I feel like my best option is uninstalling and waiting to see if it happens again, but I'd rather not lose the protection. Any thoughts? Thanks.[/quote]

Hi des_eagle,

It would be very valuable for me to have a look at that crash dump.
Depending on its size, maybe you could attach it to this post?

Thanks

-
Andreas - Developer

Share this post


Link to post
Share on other sites
[quote name='LS Andreas' post='123305' date='Oct 20 2010, 06:29 PM']It would be very valuable for me to have a look at that crash dump.
Depending on its size, maybe you could attach it to this post?

Thanks

-
Andreas - Developer[/quote]
I have the same problem... :angry:

Share this post


Link to post
Share on other sites
[quote name='SvenB' post='123331' date='Oct 22 2010, 04:19 PM']I have the same problem... :)[/quote]

Thanks for that crash dump!
I will post when I know when a fix for this issue will be released.

/Andreas - Developer

Share this post


Link to post
Share on other sites
I am also having similar problems (see [url="http://www.lavasoftsupport.com/index.php?showtopic=30267&st=0&p=123456&#entry123456"]this topic[/url]) - main difference is that it occurs [i]every[/i] time I start up Ad-Aware. I can't recall if it's caused by KernExplorer64.sys, though.

Attached is one of the crash minidumps, if needed.
[attachment=8381:crashdum...38516_01.zip] Edited by fp525

Share this post


Link to post
Share on other sites
Hello everyone

We have issued an update today that should resolve this issue for all of you... Please let us know if it does not.

To make sure you have the latest updates, check that the version number in the about box is: 8.3.5

Regards,
Jeff - Lavasoft

Share this post


Link to post
Share on other sites
[quote name='fp525' post='123500' date='Nov 3 2010, 07:30 AM']I am also having similar problems (see [url="http://www.lavasoftsupport.com/index.php?showtopic=30267&st=0&p=123456&#entry123456"]this topic[/url]) - main difference is that it occurs [i]every[/i] time I start up Ad-Aware. I can't recall if it's caused by KernExplorer64.sys, though.

Attached is one of the crash minidumps, if needed.
[attachment=8381:crashdum...38516_01.zip][/quote]

Hello fp525,

This crash is not the same as the previous one posted.
Could you provide me with some additional information? like the following :[list]
[*]List of security software (AV, Firewall etc) you have installed.
[*]List of applications creating volume drives (like G:, X: etc), for example TrueCrypt.
[*]And most important a log from the output of Handle.exe created by SysInternals. Download [url="http://download.sysinternals.com/Files/Handle.zip"]here[/url] and extract handle.exe. Start a command prompt (cmd.exe) and change to the directory where you have handle.exe and then type: [b]handle.exe -a >handles.log[/b] then please attach the file handles.log.
[/list]
Thanks
/Andreas - Developer

Share this post


Link to post
Share on other sites
[b]List of security software (AV, Firewall etc) you have installed[/b]
Antivirus: Avast! 5.0.677
Firewall: Online Armor 4.5.0.234
Antispyware: Malwarebytes, SUPERAntispyware (both are the free versions), Spybot S&D, Windows Defender

[b]List of applications creating volume drives (like G:, X: etc), for example TrueCrypt[/b]
TrueCrypt is installed.

[b]log from the output of Handle.exe[/b]
[attachment=8384:handles.log]

Share this post


Link to post
Share on other sites
[b]FWIW [i]page fault in nonpaged area[/i][/b] causes the swap file to fragment. It is recommended that you verify that your swap file is contiguous. While this most likely will only concern those having configured a fixed size swap file, its plausible this issue could cause fragmentation of the swap files having only minimum size defined. In either case, fragmented swap file will never heal automatically.

If the swap file IS fragmented you will have to manually recreate the swap file to ensure it is contiguous. That will entail removing the swap file, rebooting and then re-establishing the swap file with the requied parameters. It MAY be necessary to defrag the drive so as to ensure sufficient free space available for a contiguous swap file to be created; if insuficient free space is available for a contiguous swap file a fragmented swap file of specified size will be created instead.

SECONDLY, any BSOD necessitates running CHKDSK with the /x option of boot, system (and those containing any swap files) drives; don't rely on the dirty-bit being set for autochk to run. After any BSOD you will always find NTFS inconsistancies that while they may be minor are only avenues for other problems to manifest themselves. Its recommended that you boot into safe mode and run chkdsk from command prompt on the first reboot after a BSOD.

NTFS is a very robust file system in that the journaling that it does is minimize [i]data[/i] corruption (eliminating the horror of lost clusters and X-linked file FAT32 was so prone to). But what it doesn't do is resolve the internal inconsistancies of NTFS itself. I'm just saying, if you've ever had a BSOD it would behoove one to run CHKDSK manually. Edited by raygun

Share this post


Link to post
Share on other sites
[quote name='fp525' post='123545' date='Nov 5 2010, 10:42 AM'][b]List of security software (AV, Firewall etc) you have installed[/b]
Antivirus: Avast! 5.0.677
Firewall: Online Armor 4.5.0.234
Antispyware: Malwarebytes, SUPERAntispyware (both are the free versions), Spybot S&D, Windows Defender

[b]List of applications creating volume drives (like G:, X: etc), for example TrueCrypt[/b]
TrueCrypt is installed.

[b]log from the output of Handle.exe[/b]
[attachment=8384:handles.log][/quote]


Hello fp525,

Thanks for the information. I could reproduce your crash on my test machine.
At the first indication it seems this crash is related to Online Armor's driver, I could crash my test system even without installing/using Ad-Aware by doing the following ([b]Warning, your computer will most likely crash[/b]):
[list]
[*]Install Online Armor unless its already is installed
[*]"Install" [url="http://download.sysinternals.com/Files/ProcessExplorer.zip"]Process Explorer[/url] (Latest version 12.04)
[*]Start Process Explorer with [b]Administrator rights[/b]
[*]Press [b]Control + H[/b] to enable handle view
[*]Find a process named '[b]System[/b]' (should have PID 4) and click it. This causes my test system to crash.
[/list]
However, I'm investigating this issue further and will contact Online Armor if it ends up being a problem with their driver.

Thanks.

/Andreas - Developer

Share this post


Link to post
Share on other sites
Thanks for testing.

The Blue Screen occurs using the Process Explorer method for me too. I have also updated Online Armor to the latest version as well (4.5.1.431), where it still occurs.

Share this post


Link to post
Share on other sites
[quote name='fp525' post='123599' date='Nov 9 2010, 06:07 AM']Thanks for testing.

The Blue Screen occurs using the Process Explorer method for me too. I have also updated Online Armor to the latest version as well (4.5.1.431), where it still occurs.[/quote]

Thanks for the verification.

I have found what I believe is the cause of this crash and notified Online Armor (emsisoft) about it.
(Edit: [b]Online Armor have released a software update that fixes this issue[/b])

Regards,
Andreas

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this