Jump to content

Recommended Posts

Still getting the BSOD after a clean reinstall of W10 Threshold 2 X64.

Just reinstall W10 x64, update all driver. Install Bitdefender TS 2016, Install MBAM Premium (last version) > On Firefox/Chrome/Edge when manipulating tabs : BSOD BAD POOL CALLER or sometimes HEADER > ndis.sys, netio.sys or tcpip.sys just crashed. It's an internal incompatibilty between BD2016 and the new MBAM, vice versa. It's easy to reproduce the bug. I had it on multiple computers. This bug can occurs BIOS crash. Only way to recover : Clear CMOS and reflash last BIOS. What the hell ?! 1 month, no update, no solution... Thanks Mbam !

Link to post
Share on other sites

This BSOD from MBAM can crash the BIOS UEFI. It's an emergency to reproduce it and correct it quickly.

To reproduce it on Gigabyte or Asus motherboards (Z77, Z87, Z97, Z107 - tested here). Just reinstall properly W10 X64, update all drivers. Install BD2016 (IS or Total Sec.), install the last MBAM version. Install Firefox or Chrome, manipulate tabs and the BSOD should appear randomly : BAD POOL CALLER/HEADER : mwac.sys, ndis.sys, netio.sys, tcpip.sys (crashed).

If the BIOS crashed, clear CMOS, eject CMOS, eject RAM, reinsert RAM and if the BIOS is corrupted, reflash it to recever the boot sequence.

Link to post
Share on other sites

10 hours ago, Kaiwen said:

This BSOD from MBAM can crash the BIOS UEFI. It's an emergency to reproduce it and correct it quickly....To reproduce it on Gigabyte or Asus motherboards (Z77, Z87, Z97, Z107 - tested here)

Hi Kaiwen:

Since you've declined to post the diagnostic logs requested by Maurice Naggar in your own thread <here> in the Malware Removal Help board, you might be interested in reading the November 2015 ESET support article Blue screen error (BSOD) on systems with ASUS/Gigabyte motherboards with chipsets H87/Z87 and H97/Z97:

"AI Suite (ASUS) and APP Center (Gigabyte) applications use drivers that create memory-mapped I/O to access hardware ports in a non-standard way. If the memory is subsequently read by another process utilizing a Windows API function (for example, during a memory scan by ESET), it may have unpredictable results on the system and the system may crash...ESET is working closely with ASUS and Gigabyte to make sure this issue get resolved as quickly as possible."

This support article specifically mentions the Z87 and Z97 chipsets but I wouldn't be surprised if drivers used by the applications that come with other Gigabyte/ASUS motherboards also have a similar issue.  You should also read Phoenix365's thread Norton Security Blue Screen from Background Tasks, where analysis of dump files showed that BSODs on a computer with a Gigabyte GA-Z170X-UD5 "F4" BIOS were caused by a conflict with a Gigabyte utility called the EasyTuneEngine.  Uninstalling the EasyTuneEngine utility solved the BSODs.
-------------
32-bit Vista Home Premium SP2 * Firefox v45.0.2 * NIS v.21.7.0.11 * MBAM Premium 2.2.1

Link to post
Share on other sites

Thanks for the answer but without Mbam there is no problem on Z87, Z97 or Z170 GA or Asus motherboard, same thing on old P55. I have not installed Asus or Gigabyte apps. Only fresh w10, bitdef, mbam premium, firefox to get bsod. Many of m'y customers who use Mbam and Bitdefender encounter this issue. About the crash bios, it's not systematic.

Link to post
Share on other sites

Thanks for the info!  IME the Gigabyte boards are bit prone to BSOD's, and the EasySaver, EasyTune, and On/Off Charger software are usually a problem in BSOD's
The Asus AISuite stuff usually doesn't cause problem - but there are utilities within it that were known to cause BSOD's (most common was the AI Charger app)

Link to post
Share on other sites

It's not a question of refund and It's too easy to reject the fault on Gigabyte or Asus. I repeat, I never installed Gigabyte or Asus' apps on computers and It's not a H/Z87/97's problem. On older motherboard (for example the computer that I use to write this message is a Asus P7P55D-EVO), it's exactly the same thing, BAD POOL CALLER/HEADER when Mbam and Bitdefender co-exist and when I am manipulating tabs on Firefox or Chrome. First, I thought about a plugin problem like Flash Player. I already tried to uninstall it and to use Chrome without Flash or any plugin. Result : BAD POOL CALLER (ndis.sys, netio or tcpip.sys). So, I just uninstall Mbam and all is going ok, no BSOD anymore.

On another computer, I tried to change the motherboard Gigabyte GA-Z87X-D3H to a Asus Z97-PRO GAMER, I've "clean reinstalled" W10x 64 after the motherboard switch. I've just up to dated all drivers properly, installed Bitdefender first, Mbam after, Firefox without any plugin and tried to navigate... BSOD BAD POOL. I tried to uninstall Mbam, no BSOD.

All RAM are OK without Memtest and Memtest86+ and all motherboard's BIOS were updated. I tried without PCI GPU, just with Intel GMA (BSOD too).

And, sometimes, when a BSOD comes : "Sorry your computer... :) BAD POOL CALLER (0%)" > big freeze. Must stop the computer with I/O button and the BIOS doesn't want to boot anymore. The only way is to force the backup BIOS to start if a clear CMOS can't reboot the motherboard properly and reflash BIOS.

Cool BSOD !

Link to post
Share on other sites

First off - BSOD's are actually fairly rare events.  When they're happening to you they don't seem that way - but I've been doing this for many years and can state categorically that the are rare.  And, despite all the fancy talk with technical terms, we still have to resort to trial and error to see if we can fix them (Even Norton and Eset suggest that)

If you'll note, both of the systems have problems with the AI Charger/On-Off Charger - which implies difficulties with the USB controller
These are both Intel chipset based boards, so it's possible that there is an inherent weakness in the USB controller drivers that causes problems when other drivers are overlaid on top of them.  But, at the user/owner level we can't modify the drivers ourselves, so we have to resort to trial and error to fix things (along with a good measure of luck).

BTW - this may also be the problem between BItDefender and MBAM (and maybe other antivirus/internet security products).

IMO, there's also another problem - as your board should not normally refuse to boot without clearing the CMOS.  I would suspect that this wasn't the fault of BitDefender/MBAM, but am not certain how the systems allow interaction between the OS and the BIOS/UEFI on those motherboards.

 

As things are developed, systems become much more complicated - and the problems become more complicated also.  In the XP days, BSOD's were much easier to work on - as there were less things that the system could do. 

And, working on BSOD's for users/owners of systems is much different from working on BSOD's for partcilar software programs, and that's much different from working upon BSOD's for different levels of other software - up to and including the OS itself.

Finally, coding is an imperfect art.  That's why there's errors, updates, and system advisories.  These are all attempts to make a certain piece of software or hardware play nicely with all other software/hardware out there.  This is a formidable task, and is very difficult to accomplish.

 

BUT, the very complexity of the system(s) can be made to work to your advantage.  In the case of MalwareBytes and BitDefender, they are devoting lot's of resources to figuring this problem out.

And, you have numerous choices on how to deal with this (presuming that the only problem is the BitDefender/MBAM one - which I doubt)
- you can uninstall one of them
- you can stop MBAM from loading with Windows (and only do manual scans)
- you can revert to BitDefender 2015
- you can disable the problem features in each program (I'm not real familiar with this, but tend to think that disabling the BitDefender firewall filters may help)
- and other things that others have brought up in the forums here.
 

Edited by usasma
Link to post
Share on other sites

It's just a conflict between Bitdefender 2016 and last Mbam. I tried to uninstall Bitdefender, just use Mbam (with Windows Defender) : no BSOD. I tried to install Avira : no BSOD. I reinstalled Bitdefender 2016 : BSOD BAD POOL CALLER ndis.sys on Firefox (on Asus M2N68-AM plus, no Intel chipset, no BIOS UEFI !)

Now, I don't want to know if the faulty code is in Mbam or Bitdefender. Maybe it's a Bitdefender problem but, the fact is when Mbam is not present with Bitdefender : no BSOD anymore. I am not here to play beta tester. You have some volontaries to do that and I think you can work with Bitdefender's devs to word on the problem.

I just wanted to report this actual incompatibility on many computers/motherboards and this serious BSOD who can do a crash BIOS UEFI. 20 years that I am working on computer repair, chasing BSOD, I never saw a BSOD like this.

Link to post
Share on other sites

The issue may happen on some systems that happen to have both.  But not all of them.  As I have attempted to remark, I have both running on my system without issue.   But more than that, I have worked on several customer cases and have managed to get theirs squared away.   We simply cannot just say that all systems that have both software suites will always have a crash issue.

Link to post
Share on other sites

Thanks for reporting it.  I like discussing BSOD stuff, as that's what I do on the web.
Your description was excellent and it will help in the research of these problems.

Actually, the ASUS ATK0110 ACPI driver BSOD was the most unusual (ASACPI.sys dating from 2006 and earlier).
And the assumption that STOP 0x124 errors were only hardware was also unusual (and very frustrating)
The longest standing BSOD issues are with the Daemon Tools/Alcohol % drivers which still continue to this day
There are other common BSOD's.  I list the most common driver causes here:  http://www.carrona.org/drivers/bsod_drivers.php
FWIW - I haven't added the BitDefender/MBAM issues to this table yet - I've got to get off my duff and do it!  Thanks!

Link to post
Share on other sites

Stopping the service is known to be one way out.  But that is not the desired outcome.   This is where one needs to slow down, and go methodically.

One of the things I am urging is the placement of Trusted application settings   ( but that is just one item in a small list).

How to configure *Bitdefender*  to exclude Malwarebytes files -
Step 1. Open *Bitdefender*
Step 2. Click on "Modules"  near the bottom of the window so that you see a white screen
Step 3. You should see a Protection tab with  white background

Step 4. click on the "Trusted applications" line in black, on the left side
Step 5. You should see a new window BitDefender Trusted Applications

Step 6. Click "Add" button (blue color)
Use the navigation tree to get to the C drive and its sub-folders

Step 7. Click on the + sign on the line Windows C drive

Step 8. Navigate to 'C:\Program Files (x86)\Malwarebytes Anti-Malware' , select desired folder and click "OK"

You will need to select each EXE file - one by one

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamdor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbampt.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

Step 9. Make sure that the option "Both" is checked and select "Add"

Do also the same for C:\Program Files (x86)\Malwarebytes Anti-Exploit

Step 10. Click "OK"
 
 
How to add your Bitdefender  folder to Malwarebytes "Malware Exclusions" list -
Step 1. Open the Malwarebytes application
Step 2. Click on "Settings"
Step 3. Click "Malware Exclusions" in the left column
Step 4. Click on "Add Folder"
Step 5. Navigate to 'C:\Program Files\Bitdefender\Bitdefender 2016'
Step 6. Click once on "C:\Program Files\Bitdefender\Bitdefender 2016" folder to highlight it
Step 7. Click on "Select Folder"

also do the same for the folder  C:\Program Files\Bitdefender Agent

Step 8. Close Malwarebytes
Step 9. Reboot your computer <--Very Important!

Link to post
Share on other sites

5 hours ago, Kaiwen said:

Thanks for the answer but without Mbam there is no problem on Z87, Z97 or Z170 GA or Asus motherboard, same thing on old P55. I have not installed Asus or Gigabyte apps. Only fresh w10, bitdef, mbam premium, firefox to get bsod. Many of m'y customers who use Mbam and Bitdefender encounter this issue. About the crash bios, it's not systematic.

Hi Kaiwen et al:

Just a bit more info to clarify my last post <here> about BSODs reported in the Norton forum by users with Gigabyte motherboards.  BSODs would only occur when the Norton AV was running a scan or performing a background idletime task.  BSODs stopped when Norton was removed from their system.  In most cases BlueScreenView or WhoCrashed would show a crash caused by Microsoft files ntoskrnl.exe (Windows NT Operating System Kernel) or hal.dll (Hardware Abstraction Layer), and not a Norton driver.

Utilities like BlueScreenView and WhoCrashed are usefull tools but will only show the last driver loaded into memory before the crash.  BlueScreenView would show that the Gigabyte driver gdrv.sys used by multiple Gigabyte utilities such as Fast Boot, EasyTune, Smart Backup, etc. was loaded into memory at the time of the crashes but did not indicate that any Gigabyte driver was involved in the crash.  It required a full analysis of the crash dumps with the Windows Debugger Tool WinDbg to show that crashes were in fact caused by the EasyTuneEngine driver, and once the EasyTune utility was uninstalled and Norton was reinstalled the crashes stopped.  The output from one of these WinDbg analyses is shown <here>.

There are several BitDefender users posting WhoCrashed output in the BSOD, Crashes, Kernel Debugging board that show that mwac.sys (Malwarebytes Web Access Control) was the last driver to load before a BAD_POOL_CALLER BSODs.  It certainly points to a mwac.sys conflict with BitDefender as the probable cause of the crashes but a proper analysis of your diagnostic logs and dump files might be required to isolate the exact cause of your crashes.

Hopefully Maurice Naggar's above suggestion to create mutual file exclusions in BitDefender and MBAM will provide an easy workaround.
-------------
32-bit Vista Home Premium SP2 * Firefox v45.0.2 * NIS v.21.7.0.11 * MBAM Premium 2.2.1

Link to post
Share on other sites

Points well taken.  Especially about Windbg !   Too often some have only stopped digging deeper.

As to your last point, the file exclusions are not the sole method for resolution.  There are cases where a true clean methodical removal & reinstall of the 2 suites is what is needed.

Then you follow up one more time and put in the Trusted application exclusions.   I would simply urge everyone to have patience; not rush ; and use a planned approach.

Cheers.

Link to post
Share on other sites

Just to add to the confusion, several years ago Nir Sofer and I exchanged a number of emails on the accuracy of BlueScreenView.
In short, he was concerned that (if I recall the details correctly) the randomization of memory in 64 bit systems might hamper the identification of drivers by Blue Screen View.

Although I can't find the emails, I did find this reference in one that I sent from January of 2010 - with a quote from Nir Sofer

Quote

The documentation of BlueScreenView explicitly says that you should not trust the 'Caused By Driver' value and you should also look in the list of modules found in the stack. Unfortunately, BlueScreenView  cannot replace the human brain.

So, I went to his web page ( http://www.nirsoft.net/utils/blue_screen_view.html ), and there it is (underline is mine):

Quote

Caused By Driver: The driver that probably caused this crash. BlueScreenView tries to locate the right driver or module that caused the blue screen by looking inside the crash stack. However, be aware that the driver detection mechanism is not 100% accurate, and you should also look in the lower pane, that display all drivers/modules found in the stack. These drivers/modules are marked in pink color.

 

Link to post
Share on other sites

Nir's tools are a great thing.  I have been using them myself for a very long time.  Now, those along with SysInternals (aka the old Winternals) that I use through WSCC.  My guess is that it has probably gotten even harder to be 100% accurate because of the security included in newer versions of Windows as well.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.