Jump to content
righthere

BSOD from new Malwarebytes?

Recommended Posts

1 hour ago, dcollins said:

I would start by upgrading your network driver. We've seen a few cases so far where old network drivers seem to trip this up.

If that doesn't help, providing the memory dump would be extremely beneficial

Could you  be more specific about which network drivers need to be updated and how one goes about doing that?  I'm running Windows 7 Pro which I keep up to date with all critical updates.  The machine was purchased in 2017 and Windows was installed by Dell so I would think all the drivers would be up-to-date.  I'm  running Firefox 60.0.2, the latest version.  

I have NOT reverted to 3.4.5 - I'm just not running it at all.  I had been running 3.5.1 with Real TIme Protection disabled for several days with no incident but got another BSOD yesterday afternoon so I decided to turn it off.  The only anti-virus I'm running is Avast Free.

 

Share this post


Link to post
Share on other sites

I believe this is the driver you need: https://downloadcenter.intel.com/download/18713/Intel-Network-Adapter-Driver-for-Windows-7-?product=82185

Download the x64 one and install it. The driver you have installed is from 2015 and the new one is from just last month

 

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-10-06] (Intel Corporation)

 

Share this post


Link to post
Share on other sites
11 minutes ago, mwcrumjr said:

Could you  be more specific about which network drivers need to be updated and how one goes about doing that?  I'm running Windows 7 Pro which I keep up to date with all critical updates.  The machine was purchased in 2017 and Windows was installed by Dell so I would think all the drivers would be up-to-date.  I'm  running Firefox 60.0.2, the latest version.  

I have NOT reverted to 3.4.5 - I'm just not running it at all.  I had been running 3.5.1 with Real TIme Protection disabled for several days with no incident but got another BSOD yesterday afternoon so I decided to turn it off.  The only anti-virus I'm running is Avast Free.

 

 

Share this post


Link to post
Share on other sites
1 hour ago, dcollins said:

I would start by upgrading your network driver. We've seen a few cases so far where old network drivers seem to trip this up.

If that doesn't help, providing the memory dump would be extremely beneficial

Ironically the drivers page for my motherboard will only open in Chrome for some reason. I have downgraded to 3.4.5 and rebooted and so far no more BSODs, though I'm not sure which change (MBAM, ASUS or IDM in my previous post) actually helped. Also, since the BSOD's were a little unpredictable (except that they only seemed to happen with Chrome) I can't be certain the issue has gone. I was able to check the network driver on Chrome afterwards and they haven't updated it since 2015 which is the one I currently have installed.

I disabled memory dumps some while back as I have a lot of memory installed and the dumps added a lot of extra time to the reboot and took up a lot of space, so unfortunately I only have minidumps. Also, the Firefox stability might have been due to my running NoScript and uBlock Origin, I don't have any extensions on Chrome (apart from the now disabled IDM one).

Share this post


Link to post
Share on other sites

@Sfrush while Windows 7 can search online for updated drivers, it's lookup functionality is not as good as Windows 10. I always recommend going to the manufacturer website to get the latest driver.

@box if possible, can you use the Malwarebytes Support Tool to grab a set of logs, even though you're on 3.4.5?

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and then click Advanced Options on the main page
  3. Click Gather Logs and wait for the process to finish
  4. Once completed, upload the mst-grab-results.zip from your desktop

Share this post


Link to post
Share on other sites
10 minutes ago, dcollins said:

I believe this is the driver you need: https://downloadcenter.intel.com/download/18713/Intel-Network-Adapter-Driver-for-Windows-7-?product=82185

Download the x64 one and install it. The driver you have installed is from 2015 and the new one is from just last month

 


R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-10-06] (Intel Corporation)

 

Are you positive?  Just so we're on the same page:  I've already had a Dell tech conduct a thorough hardware check on the machine and they also had me run sfc /scannow and I had absolutely no hardware or Windows integrity errors.  Also, I tried to restore to a previous restore point but that failed - got into a really scary scenario where the machine failed to reboot but I managed to recover from that.  It could have been due to the fact that Windows did the following critical updates on 6/13/2018:  Microsoft (HIDClass) 06/21/2006 6.1.7601.24145 and Security Update for Package_for_RolupFIx (KB4284826).  

I just want to make sure updating this driver won't screw up my machine even worse. 

Share this post


Link to post
Share on other sites
10 minutes ago, mwcrumjr said:

Are you positive?  Just so we're on the same page:  I've already had a Dell tech conduct a thorough hardware check on the machine and they also had me run sfc /scannow and I had absolutely no hardware or Windows integrity errors.  Also, I tried to restore to a previous restore point but that failed - got into a really scary scenario where the machine failed to reboot but I managed to recover from that.  It could have been due to the fact that Windows did the following critical updates on 6/13/2018:  Microsoft (HIDClass) 06/21/2006 6.1.7601.24145 and Security Update for Package_for_RolupFIx (KB4284826).  

I just want to make sure updating this driver won't screw up my machine even worse. 

Errors on your PC and having outdated drivers are two different things though.

Share this post


Link to post
Share on other sites
20 minutes ago, dcollins said:

if possible, can you use the Malwarebytes Support Tool to grab a set of logs, even though you're on 3.4.5?

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and then click Advanced Options on the main page
  3. Click Gather Logs and wait for the process to finish
  4. Once completed, upload the mst-grab-results.zip from your desktop

Not intending to be specifically unhelpful but I'm not one for uploading logs after a bad experience with a reputable company (not MalwareBytes) collecting some very personal content with logs collected using their log-collecting software. I know Malwarebytes aren't guilty of this but I feel safer not uploading anything.

I did manage to update my ethernet drivers using Sfrush's method, although there were no updates for my Atheros Wifi dongle.

Also, I'm wondering if it's worth merging the 2 threads on this topic?

Share this post


Link to post
Share on other sites
4 hours ago, hopper15 said:

Errors on your PC and having outdated drivers are two different things though.

Yes I know, however when I checked the Intel driver download site I found the following warning:

About Intel® drivers

The driver or software for your Intel® component might have been changed or replaced by the computer manufacturer. We recommend you work with your computer manufacturer before installing our driver so you don’t lose features or customizations.

I'm checking with Dell right now to see if updating these drivers (and it appears to be more than just one) would cause any problems with my specific configuration.   I should have been clearer in previous message. 

Share this post


Link to post
Share on other sites

Update:  I contacted Dell Tech Support.  They used the Dell Command | Update utility to check out the status of my BIOS and device drivers.  The utility discovered that the BIOS, 6 drivers and 2 applications were out-of-date so it updated all of them.  The Dell tech suggested I try Malwarebytes again to see if any of these updates corrected the problem.

The Dell tech was not willing to use the Intel site to update the Network Adapter Drivers and also was not sure this would correct the problem or not.  

I'm going to restart Malwarebytes and turn on Real Time Protection.  I'll keep you posted on results.

Share this post


Link to post
Share on other sites
12 hours ago, dcollins said:

@Sfrush while Windows 7 can search online for updated drivers, it's lookup functionality is not as good as Windows 10. I always recommend going to the manufacturer website to get the latest driver.

@box if possible, can you use the Malwarebytes Support Tool to grab a set of logs, even though you're on 3.4.5?

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and then click Advanced Options on the main page
  3. Click Gather Logs and wait for the process to finish
  4. Once completed, upload the mst-grab-results.zip from your desktop

No arguments there. But if he goes that route the safer bet would be updating his drivers through Dell.com/Drivers instead of through Intel.

Share this post


Link to post
Share on other sites

As long as Dell is keeping their older system/model drivers up-to-date, certainly.  Unfortunately I've often found that after a year or two most manufacturers stop publishing new driver packages with the most recent drivers from hardware vendors (like Intel) so eventually if you wish to reap any of the benefits of a new driver such as bugfixes, stability improvements and security/vulnerability updates, you end up having to go straight to the source, the hardware component manufacturer's website; in this case, Intel.

The only reason one might not want to always go straight to the source for drivers would be if their manufacturer (in this case, Dell) has modified any aspects of the driver to enable, disable or modify the functionality of any of the hardware's advanced features, such as tuning for improved power usage/battery life, but either way, a reference driver straight from Intel will still work with the hardware, it just might not have the same non-standard settings that Dell may have rolled out in their own version so you may not get the same benefits Dell had intended.  Additionally, since more often than not, manufacturer drivers, especially for laptops, are only ever modified to potentially increase battery life, if that's not a concern for you, then I'd skip Dell altogether and always stick with Intel's drivers (I always use my laptop plugged in and have no concern for battery life, so any energy saving features are useless for me, and I deliberately tune/tweak my system, drivers and power settings to get the best performance, sacrificing battery life in the tradeoff).  The only other alteration a manufacturer might make would be to tune the performance, such as for overclocking etc., however unless you purchased a high-end gaming rig, that will not be the case (i.e., an Alienware PC if purchased from Dell for example) and there are plenty of utilities from the direct hardware vendors (Intel, AMD/ATI, NVIDIA etc.) that will allow you to tweak/overclock the hardware if desired (like Intel's XTU for its processors that interfaces with the motherboard BIOS to tune CPU clock/voltage etc. and RAM performance along with other controllable components).

You have to remember that most system manufacturers expect people to replace their computers every 2~4 years, 5 at the absolute most, so keeping drivers for older systems up-to-date isn't exactly high on their list of priorities.  To be frank, they'd much rather convince you that you should buy a new PC than try to solve some bug in an older driver for a system that's 5+ years old.  Hardware vendors like Intel on the other hand will continue to support individual hardware components for longer because they know that other manufacturers might still be using some of their older parts/components/kits etc. in their current model offerings (especially for budget system manufacturers) so they update the drivers for their older components right along with their newer ones and usually will implement their hardware firmware, software/drivers and driver packages to be compatible across multiple generations of hardware for the same type of component (which is why you'll find that you're downloading the same driver/installer for two different generations of a type of component such as a wireless card, CPU or chipset even though they might have been produced/released years apart from one another).

Edited by exile360

Share this post


Link to post
Share on other sites

@exile360

 

I'm sure you are correct in that assessment, however my machine is less than 2 years old.  Also, I purchased a Dell Small Business machine thinking it would be more robust than a Home device but I'm not sure if that actually makes a difference or not.  However, the updates that were applied by Dell Tech support were quite recent - 6 of them were dated within the last 6 months.  

But even after Dell had updated the driver, I was still concerned that I had all the correct drivers. None of the updates that Dell had applied were called "Intel Ethernet Controller (2) 1219-LM", which is what @dcollins had recommended (PROWinx64Legacy.exe).  I then found an Intel website called "Intel Driver & Support Assistant (Intel DSA)" at the following URL and ran it   It said that all of my drivers were up to date. 

https://www.intel.com/content/www/us/en/support/detect.html

Then I noticed something really strange.  Dell had applied an update called "Intel 12xx / 825xx Gigabit Ethernet Network Controller Driver" version 22.3.108.0, A03, dated 1/08/2018.  But the Intel DSA utility said I had the following  Networking & I/O driver set:  "Intel Ethernet Connection (2) 1219-LM", Version 12.15.25.6, dated 3/21/2017. 

So I went back to the Intel driver update page and read the Release Notes for PROWinx64Legacy.exe - the one that @dcollins recommended.  I found the following:

Intel PROSet for Windows Device Manager on older operating systems
------------------------------------------------------------------
On systems running Microsoft Windows 7 and Microsoft Windows Server 2008 R2, 
you must install the legacy version of Intel PROSet for Windows Device Manager. 
Note that the legacy version of the software will not change on 
every release.
All of this is way beyond me so for the time being I've concluded that I have the correct set of drivers for my system and that I do not need to run PROWinx64Legacy.exe. 
 
I've still not turned on Malwarebytes Real Time Protection but intend to do that later today.  So far, running with RTP off has worked for 2 days - no more BSODs.
 

 

Share this post


Link to post
Share on other sites

As long as the driver Dell gave you is the same one in the legacy package dcollins linked to then you should be fine.  Intel is still updating drivers for 7, but it looks like they aren't updating the controller software as frequently (PROSet which is a group of utilities that allow you to modify various advanced settings for the device and connection; frankly most people never use any of those features anyway so the most important thing is really just the driver).

Share this post


Link to post
Share on other sites

@exile360  Thanks for getting back to me on this.  It helps explain things a bit.

Meanwhile, I turned on Malwarebytes last evening with Real Time Protection ON.  The system was fine for the evening.  But when I booted up this morning, I got another BSOD from netios.sys!!  So I've turned off Malwarebytes again.

So far the only advice I've received from Malwarebytes Support is to add Malwarebytes Exclusions to Avast, which I've done.  I have not turned Malwarebytes ON since I'm not sure this has anything to do with a BSOD from netio.sys.  Any suggestions?

Share this post


Link to post
Share on other sites

You're welcome.

Honestly, at this point, assuming you've already provided them with the crash dumps/memory dumps and logs etc., then for now I'd probably recommend just disabling Web Protection (assuming this eliminates the issue as it's the most likely culprit) and just live without it for now.  It's not the most ideal solution, but until this gets fixed by Malwarebytes, it's a lot better than having constant BSODs.

In the meantime, you can supplement what you're missing with Web Protection disabled by downloading the Malwarebytes browser extension for Chrome or Firefox (depending on the browser you use, assuming it's one of those two or one based on either of their source code like SRWare Iron etc.) and it should help keep you safe, at least for web browsing (which is the primary protection defense provided by Web Protection anyway under normal conditions):

Malwarebytes for Chrome (Beta)
Malwarebytes for Firefox (Beta)

While the browser extension doesn't necessarily block all that the Web Protection component does, it is actually capable of blocking many malicious and undesirable sites/servers that the Web Protection component isn't, including behaviorally blocking common threats like tech support scam sites which are quite prevalent right now (it needs no signatures for this as it blocks them based on how they look and behave, not based on their IP or URL the way the Web Protection would) and it also blocks phishing sites, malvertisements, PUP pages as well as many ads/ad servers and tracking servers (items that the Web Protection component in Malwarebytes doesn't actually block).  When used alongside Web Protection, it will leverage the Web Protection component's databases, but I do believe Web Protection needs to be active for that, so you will still lose out on some aspects of protection, but it still blocks a ton of the bad stuff so you'll be far from unprotected when using it alone.  Also, you can check in the beta forum where those links reside that I posted above to see if it will use the Malwarebytes 3 Web Protection databases when Web Protection is disabled as it is possible, and if so then you won't be losing out on much at all in having Web Protection disabled (just remember that the browser extensions can only shield your browser from visiting malicious sites, not any of your other programs or the system itself from incoming connections the way Web Protection would, though a software or hardware firewall would render that last aspect pretty much moot anyway).

Edited by exile360

Share this post


Link to post
Share on other sites

@exile360  Actually, Malwarebytes Support has not asked me for crash dumps / memory dumps, etc.  When I opened the ticket I attached the results from the Malwarebytes Support Tool.  I'm not sure if that provided them everything they need but they haven't asked me for anything else.  The only request I've received from them so far was to add MWB Exclusions to Avast,  which I've done.  But as I mentioned before, I'm not at all sure this has anything to do with the netio.sys BSOD.

Regarding your suggestion that I disable Web Protection, I had run it that way for several days but still got a netios.sys BSOD.  But that happened before I updated the drivers.  After I updated them, I did run with Web Protection disabled and that seemed to work.  It was only after I enabled Web Protection that I got the fault again so I'll give that another try.  At least I'll have some protection.

Thanks very much for suggesting Malwarebytes for Firefox, which is what I use.  I'll look into that.  It could be a good temporary solution until Malwarebytes Support (or someone else) figures out what's really going on.

  . 

 

Share this post


Link to post
Share on other sites

You're welcome :)

That browser plugin was actually one of the last projects I was involved in before leaving the company and I'm quite proud of it.  The Developer I worked with was able to accomplish pretty much all that I asked for and more (and I wasn't even certain what I was asking for was possible, so I was quite pleased when he not only delivered on virtually all of the specs/requirements I laid out for him, but actually extended it beyond them to make it even more effective).  When you combine it with a good ad blocker like Adblock Plus or uBlock Origin and maybe an anti-tracking extension like Ghostery and/or Disconnect and throw in HTTPS Everywhere, it pretty much covers all your bases for staying safe on the web (even more so if you also use NoScript if it's not too much of a hassle for you; I don't use it myself, but mainly because I use SRWare Iron most of the time, not so much Firefox and most sites require javascript for basic functionality).

Share this post


Link to post
Share on other sites

@exile360  I'm really impressed!  Based on what you've said, we seem to have been in the same line of work.  I was a business systems analyst working in the investment banking industry.   I wrote the business systems requirements for new or enhanced functionality, basically translating business needs into detailed business requirements that developers would use to define their tech specs and then write the code.  I did that for about 20 years. 

Anyway, I've been looking for advice on how best to protect my online privacy.  Currently, I'm only using Disconnect, which I like a lot (love their Visualize page view).  I've also set Firefox's Privacy settings to "Send websites a 'Do Not Track' signal" = Always and "Use Tracking Protection to block known trackers" = Always.  I use the "Disconnect.me.basic" block list.

I've read about Adblock Plus, uBlock, Ghostery, HTTPS Everywhere, etc. but was reluctant to try any of them.  I wasn't sure about conflicts, performance issues, etc.  Any suggestions or advice would be greatly appreciated! 

Share this post


Link to post
Share on other sites

Yep, I always set the "Do Not Track" but to enabled as well and I block most cookies too.  Unfortunately, the Do Not Track function only asks sites not to track you so unless a site is specifically written to honor that setting rather than just ignoring it, you'll still be tracked by many of the sites you visit and the sites connected to/embedded in those pages.  It's too bad that setting isn't more of an enforced function in web code rather than what is essentially just an "honor system".

I highly recommend Adblock Plus and I personally use all the others I mentioned along with Malwarebytes (except NoScript, only because I never got familiar with it and haven't really seen the need, especially with most of the ads and nasty stuff blocked already) and I haven't had any performance issues, though I do have a pretty powerful system so that might be a factor.  You can try them out one-by-one and see how it goes and toggle each one on/off to see how the performance is with/without it alongside Malwarebytes and your other plugins just to make sure that everything runs OK and isn't too bogged down.

Edited by exile360

Share this post


Link to post
Share on other sites
19 hours ago, exile360 said:

This looks really useful! Many thanks for posting this here.

 

14 hours ago, exile360 said:

That browser plugin was actually one of the last projects I was involved in before leaving the company and I'm quite proud of it.

I bet Malwarebytes really miss you, with you working on things like this!

Share this post


Link to post
Share on other sites

@exile360   Thanks for all the information on safer web browsing.  I didn't realize the Do Not Track function was based on an "honor system", not enforced through code.  I'm not sure that helps much but I'll still keep that enabled.  My greatest concern with adding extensions like Adblock Plus is not performance but conflicts that cause web pages to not function properly.  

I'll check out the extensions you suggested later on.  Right now I'm still mainly focused on the BSOD problem.  I downloaded and installed the Malwarebytes Browser Extension BETA 1.0.24 that you suggested.  I'm also running Malwarebytes with Web Protection OFF.  So far everything is running smoothly but I'm being very careful with my browsing so I haven't encountered any sites that activated the protection or caused a BSOD, but I do feel somewhat safer now.  

Switching to a slightly different topic, have you ever heard of conflicts between Malwarebytes and Avast Free Antivirus - especially any that would cause a netio.sys BSOD?

 

Share this post


Link to post
Share on other sites

You're welcome :)

Most of the time if a page has issues caused by your ad blocker they'll let you know, usually with some kind of overlay message stating as much and requesting that you turn off the ad blocker.  When this occurs, if you need to view the page without the ad blocker, just switch it off in the extensions manager temporarily then refresh the page and it should load correctly.

I haven't heard of any issues with Avast! recently though there have been some minor performance conflicts in the past occasionally (but that was a long time ago, and there are many users still running this combination today so if there were a common problem, especially something as significant as frequent BSODs I'm certain we'd know about it).  It's likely that there's either a conflict with a particular hardware component, driver or a combination of things, like maybe Malwarebytes Web Protection driver+Avast!+some specific network component/hardware driver on your particular model/system and that's what's causing it.  If that's the case then tracking it down could take a while as the QA team will need to isolate what the exact cause is to replicate it and inform the Developers so that they can find the root cause of the conflict on our end and get it fixed.  That's all just speculation though, as there are any number of other potential causes including specific configuration settings, driver versions, software versions, Windows Updates and any number of other potential variables in the equation.  That's why they usually request memory dumps because it can help them to find the root cause, at least sometimes.  But if they aren't asking for them then that means they probably already know the cause and are working on a fix.  I hope that's the case because that makes things much easier, rather than having to do so much digging and trial and error to figure this out.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.