Jump to content
ZarathosNY

Superantispyware causes computer to reboot

Recommended Posts

Hi,

When Superantispyware starts scanning the registry, it reaches a certain point and it causes the computer to reboot.

I'm using windows xp service pack 3.

Thanks,

Chris

Share this post


Link to post
Share on other sites
Hi,

When Superantispyware starts scanning the registry, it reaches a certain point and it causes the computer to reboot.

I'm using windows xp service pack 3.

Thanks,

Chris

What other security software are you running?

Share this post


Link to post
Share on other sites
Hi,

When Superantispyware starts scanning the registry, it reaches a certain point and it causes the computer to reboot.

I'm using windows xp service pack 3.

Thanks,

Chris

What other security software are you running?

Symantic antivirus

Share this post


Link to post
Share on other sites

What version of Symantec AV? Did you originally have trouble installing SP3? There was a known issue with Symantec Internet Security Suite 2008 and MS SP3

Not that it is the issue but have you run a disk check on your system lately?

Might want to try that. From a DOS prompt. CHKDSK C: /F (then press Y to allow the disk check after reboot)

Then reboot and let the disk check run to see if it fixes anything. You can look in the Event viewer after restart under WINLOGON in the APPLICATION logs to see what was found or fixed by disk check.

Share this post


Link to post
Share on other sites

Please check out this link over at the Symantec User Forum. There is a fix for the corrupted registry items that can/might/will occur during the XP-SP3 upgrade on user systems with Norton Internet Security and NAV.

http://community.norton.com/norton/boar ... ing&page=1

and

http://solutions.symantec.com/sdccommon ... 16112507EN

Share this post


Link to post
Share on other sites
What version of Symantec AV? Did you originally have trouble installing SP3? There was a known issue with Symantec Internet Security Suite 2008 and MS SP3

Not that it is the issue but have you run a disk check on your system lately?

Might want to try that. From a DOS prompt. CHKDSK C: /F (then press Y to allow the disk check after reboot)

Then reboot and let the disk check run to see if it fixes anything. You can look in the Event viewer after restart under WINLOGON in the APPLICATION logs to see what was found or fixed by disk check.

This is a brand new computer. I've had it for about a week or so. i bought it with just DOS and had a friend install xp and software on it.

I did the chkdsk, but I don't know how to use the event viewer.

Share this post


Link to post
Share on other sites
Start menu, right click on My Computer, select manage, system tools, then Event viewer & select Application. Look for winlogon event .

How can I copy what is in the winlogon event so I can post it here?

Share this post


Link to post
Share on other sites

When you see an entry to winlogon event right click it and select properties.

You'll get a box showing the description of the event. You can highlight it by clicking the left mouse button at the beginning of the description meesage and dragging the mouse pointer across the text.

When the text in this box is highlighted press Ctrl + C on your keyboard and the text will be copied to the clipboard.

Open up Notepad and press Ctrl + V. This will paste the selected text into notepad, or you can start posting here then at the relevant point do a Ctrl + V and the text will be pasted into your post.

Share this post


Link to post
Share on other sites
When you see an entry to winlogon event right click it and select properties.

You'll get a box showing the description of the event. You can highlight it by clicking the left mouse button at the beginning of the description meesage and dragging the mouse pointer across the text.

When the text in this box is highlighted press Ctrl + C on your keyboard and the text will be copied to the clipboard.

Open up Notepad and press Ctrl + V. This will paste the selected text into notepad, or you can start posting here then at the relevant point do a Ctrl + V and the text will be pasted into your post.

Thanks! :)

Here's what I got:

Checking file system on C:

The type of the file system is NTFS.

A disk check has been scheduled.

Windows will now check the disk.

Cleaning up minor inconsistencies on the drive.

Cleaning up 698 unused index entries from index $SII of file 0x9.

Cleaning up 698 unused index entries from index $SDH of file 0x9.

Cleaning up 698 unused security descriptors.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

Windows has made corrections to the file system.

78140128 KB total disk space.

10979800 KB in 43576 files.

12780 KB in 3161 indexes.

0 KB in bad sectors.

116224 KB in use by the system.

65536 KB occupied by the log file.

67031324 KB available on disk.

4096 bytes in each allocation unit.

19535032 total allocation units on disk.

16757831 allocation units available on disk.

Internal Info:

70 b8 00 00 9b b6 00 00 5f ea 00 00 00 00 00 00 p......._.......

a5 00 00 00 00 00 00 00 14 05 00 00 00 00 00 00 ................

06 ff 6a 03 00 00 00 00 2a 26 1e 19 00 00 00 00 ..j.....*&......

da 06 c2 07 00 00 00 00 00 00 00 00 00 00 00 00 ................

00 00 00 00 00 00 00 00 86 62 5a 2b 00 00 00 00 .........bZ+....

20 a4 21 83 00 00 00 00 98 39 07 00 38 aa 00 00 .!......9..8...

00 00 00 00 00 60 27 9e 02 00 00 00 59 0c 00 00 .....`'.....Y...

Windows has finished checking your disk.

Please wait while your computer restarts.

Share this post


Link to post
Share on other sites

As far as I can see the log just shows the results of the CHKDSK and gives no info on what the cause of your SAS reboot problem is.

It sounds like you have your PC configured to restart automatically if a fatal error occurs. set it up so that it doesn't reboot on errors like this and you can possibly tell what the cause is (with the help of SUPERAntispy of course :))

To set this up right click on My Computer and select Properties. next select the Advanced tab and you will see three categories Performance, User Profiles and Startup and Recovery.

Click on the Settings button in the Startup and Recovery. There is a System Startup section and a System Failure section. In System Failure there are three check boxes. If the Automatically restart box has a tick in it then remove the tick.

Reboot your PC and then run SAS, if the programme causes an error then your PC should now not reboot but come up with a nice blue screen full of stuff that you won't understand but the devs here may do.

Forgot to mention that I have the other two boxes in System failure checked.

Share this post


Link to post
Share on other sites
As far as I can see the log just shows the results of the CHKDSK and gives no info on what the cause of your SAS reboot problem is.

It sounds like you have your PC configured to restart automatically if a fatal error occurs. set it up so that it doesn't reboot on errors like this and you can possibly tell what the cause is (with the help of SUPERAntispy of course :))

To set this up right click on My Computer and select Properties. next select the Advanced tab and you will see three categories Performance, User Profiles and Startup and Recovery.

Click on the Settings button in the Startup and Recovery. There is a System Startup section and a System Failure section. In System Failure there are three check boxes. If the Automatically restart box has a tick in it then remove the tick.

Reboot your PC and then run SAS, if the programme causes an error then your PC should now not reboot but come up with a nice blue screen full of stuff that you won't understand but the devs here may do.

Forgot to mention that I have the other two boxes in System failure checked.

I ran SAS in safe mode and it ran. It found some cookies.

The automatically reboot selection was checked, so I unchecked it and ran SAS again and got the blue screen. The error it listed was:

STOP: 0x0000008E (0x0000005, 0x806373F1, 0xAAB2B7F4, 0x00000000)

Share this post


Link to post
Share on other sites

I think we could do with a bit of input from SUPERAntispy here.

I've got a very limited knowledge of error codes like that but to me it looks like it could be caused by SAS trying to use an area of memory that is already in use by another application.

Share this post


Link to post
Share on other sites
I ran SAS in safe mode and it ran. It found some cookies.

The automatically reboot selection was checked, so I unchecked it and ran SAS again and got the blue screen. The error it listed was:

STOP: 0x0000008E (0x0000005, 0x806373F1, 0xAAB2B7F4, 0x00000000)

1) What version of SAS are you using?

2) Download a copy of memtest86+ from http://www.memtest.org/#downiso

Create a boot floppy or cdrom and boot from it, any red lines that appear on the screen indicate a problem with memory, cpu, or motherboard. Sometimes adjusting the memory timings or cpu core voltage could help. If all else fails try one memory module at a time.

2) Download, install, and run CCleaner. Now download and run Combofix in safe mode.

3) Now run a full scan with SAS.

Share this post


Link to post
Share on other sites
I ran SAS in safe mode and it ran. It found some cookies.

The automatically reboot selection was checked, so I unchecked it and ran SAS again and got the blue screen. The error it listed was:

STOP: 0x0000008E (0x0000005, 0x806373F1, 0xAAB2B7F4, 0x00000000)

1) What version of SAS are you using?

2) Download a copy of memtest86+ from http://www.memtest.org/#downiso

Create a boot floppy or cdrom and boot from it, any red lines that appear on the screen indicate a problem with memory, cpu, or motherboard. Sometimes adjusting the memory timings or cpu core voltage could help. If all else fails try one memory module at a time.

2) Download, install, and run CCleaner. Now download and run Combofix in safe mode.

3) Now run a full scan with SAS.

I couldn't get the boot floppy to work. I did run CCleaner, and trying to run combofix makes me a little nervous.

Share this post


Link to post
Share on other sites

ZarathosNY at this stage I think you should forget combofix until SUPERAntispy has checked out the contents of the mindump file.

Have a look in your Windows directory and there should be a directory called Minidump.

This directory should contain files which show the reason your system crashed. However this directory may be empty depending on the preferences you selected before running CCleaner.

See this link http://support.microsoft.com/kb/315263

Share this post


Link to post
Share on other sites
ZarathosNY at this stage I think you should forget combofix until SUPERAntispy has checked out the contents of the mindump file.

Have a look in your Windows directory and there should be a directory called Minidump.

This directory should contain files which show the reason your system crashed. However this directory may be empty depending on the preferences you selected before running CCleaner.

See this link http://support.microsoft.com/kb/315263

There is a file in that directory called mini070508-1.dmp

Share this post


Link to post
Share on other sites

Add me to the list of those getting BSOD's with SAS active. I started getting them about a month ago out of the blue after not having any in over a year of running Vista HP , now with SP1.

I thought at first it was my video driver, so it was updated and was running without 'extra' programs for awhile till I thought the system was stable. I started up SAS yesterday morning, updated and started a manual quick-scan and went to get a haircut. Came home to find BSOD.

Left if off for a few hours, then ran manual scans of registry and memory, all clean no crashes. I disabled the scheduled scan so it wouldn't run. Then, 4 hrs later while doing nothing on the PC it crashed to BSOD.

I'm still struggling with Vista, and looking through the event manager I'm not having any luck finding the dumps from the BSOD.

Any help would be great.

I'm running the latest version, and have a Lifetime subscription.

EDIT to add minidump:

kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)

This means a trap occurred in kernel mode, and it's a trap of a kind

that the kernel isn't allowed to have/catch (bound trap) or that

is always instant death (double fault). The first number in the

bugcheck params is the number of the trap (8 = double fault, etc)

Consult an Intel x86 family manual to learn more about what these

traps are. Here is a *portion* of those codes:

If kv shows a taskGate

use .tss on the part before the colon, then kv.

Else if kv shows a trapframe

use .trap on that value

Else

.trap on the appropriate frame will show where the trap was taken

(on x86, this will be the ebp that goes with the procedure KiTrap)

Endif

kb will then show the corrected stack.

Arguments:

Arg1: 00000008, EXCEPTION_DOUBLE_FAULT

Arg2: 8013c000

Arg3: 00000000

Arg4: 00000000

Debugging Details:

------------------

BUGCHECK_STR: 0x7f_8

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: SUPERANTISPYWAR

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from 00000000 to 90d4d90a

STACK_TEXT:

81772ce8 00000000 fecaa1f8 0000000e 00000000 win32k!EngBitBlt+0x21e1

STACK_COMMAND: kb

FOLLOWUP_IP:

win32k!EngBitBlt+21e1

90d4d90a 53 push ebx

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: win32k!EngBitBlt+21e1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: win32k

IMAGE_NAME: win32k.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 47c78851

FAILURE_BUCKET_ID: 0x7f_8_win32k!EngBitBlt+21e1

BUCKET_ID: 0x7f_8_win32k!EngBitBlt+21e1

Followup: MachineOwner

---------

Share this post


Link to post
Share on other sites

Grrr, OK, thanks... back to the drawing board.

Funny thing is only seems to crash with SAS running. I have rolled back to an older build 4.0.1154, will see what happens.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×