ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY - fltmgr.sys - Windows 7 x64

C

Chris2005

Member
Joined
Dec 10, 2014
Posts
5
I think it might have been due to my computer rendering and while I was trying to watch something at the same time, as this is the first time this has happened...

Windows 7 x64 OEM System Builder.

Most of the hardware is less than a year old (CPU, RAM and motherboard). Video card is a couple years old, but no issues with it.

OS was install on 5/8/2014, after I upgraded my motherboard, etc.

This copy of Windows 7 x64 OEM was installed on my system prior to that as well.

CPU - AMD FX-8320 8-core at 3.5 GHz (stock values)
Video Card - eVGA Nvidia GTX 550 Ti 1GB (stock values)
Motherboard - Gigabyte GA-990FXA-UD3 (Rev. 4.0)
Power Supply - Silverstone Strider ST75F 750w Modular Power Supply - 80-Plus Silver

System Manufacturer - Custom Build

Desktop.
 

Attachments

Hi,

ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (FC)

This indicates that an attempt was made to execute non-executable memory.

Code: 
2: kd> k
Child-SP          RetAddr           Call Site
fffff880`0756de68 fffff800`033558b8 nt!KeBugCheckEx
fffff880`0756de70 fffff800`032d5cee nt! ?? ::FNODOBFM::`string'+0x44dfc
fffff880`0756dfd0 fffff880`01163c20 nt!KiPageFault+0x16e
fffff880`0756e168 fffff880`01165d15 fltmgr!__PchSym_ <PERF> (fltmgr+0x21c20)
fffff880`0756e170 fffff880`01166f81 fltmgr!FltpExpandShortNames+0x365
fffff880`0756e1d0 fffff880`01166e1e fltmgr!FltpGetNormalizedFileNameWorker+0xc1
fffff880`0756e210 fffff880`01152b9d fltmgr!FltpCreateFileNameInformation+0xee
fffff880`0756e270 fffff880`0114cbf6 fltmgr!HandleStreamListNotSupported+0x15d
fffff880`0756e2b0 fffff880`01153b44 fltmgr! ?? ::FNODOBFM::`string'+0x30f3
fffff880`0756e330 fffff880`03e664a9 fltmgr!FltGetFileNameInformation+0x184
fffff880`0756e3c0 fffffa80`09bb0010 [COLOR=#ff0000]aswSP+0x664a9[/COLOR]
fffff880`0756e3c8 fffffa80`0abd12b0 0xfffffa80`09bb0010
fffff880`0756e3d0 00000000`00000001 0xfffffa80`0abd12b0
fffff880`0756e3d8 fffff880`0756e420 0x1
fffff880`0756e3e0 fffffa80`0a79ac00 0xfffff880`0756e420
fffff880`0756e3e8 00000000`00000000 0xfffffa80`0a79ac00

To absolutely no surprise, avast! attempted to execute memory that wasn't executable.

Code: 
2: kd> .thread
Implicit thread is now fffffa80`08917450

Code: 
2: kd> .cxr

Code: 
2: kd> kv
Child-SP          RetAddr           : Args to Child                                                           : Call Site
fffff880`0756de68 fffff800`033558b8 : 00000000`000000fc fffff880`01163c20 80000000`03fa4121 fffff880`0756dfd0 : nt!KeBugCheckEx
fffff880`0756de70 fffff800`032d5cee : 00000000`00000008 fffff880`01163c20 00000000`00000000 00000000`0000001f : nt! ?? ::FNODOBFM::`string'+0x44dfc
fffff880`0756dfd0 fffff880`01163c20 : fffff880`01165d15 00000000`0000fffe fffffa80`09bb0010 00000000`00000000 : nt!KiPageFault+0x16e ([COLOR=#ff0000]TrapFrame @ fffff880`0756dfd0[/COLOR])
fffff880`0756e168 fffff880`01165d15 : 00000000`0000fffe fffffa80`09bb0010 00000000`00000000 00000000`00000000 : fltmgr!__PchSym_ <PERF> (fltmgr+0x21c20)

Code: 
2: kd> .trap fffff880`0756dfd0
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=[COLOR=#ff0000]0000000000000040 [/COLOR]rbx=0000000000000000 rcx=0000000000000001
rdx=0000000000000400 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001163c20 rsp=fffff8800756e168 rbp=0000000000000017
 r8=000000006e664d46  r9=0000000000000000 r10=0000000000000023
r11=fffffa8008f037a0 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
[COLOR=#0000ff]fltmgr!__PchSym_ <PERF> (fltmgr+0x21c20)[/COLOR]:
fffff880`01163c20 0000            add     byte ptr [[COLOR=#ff0000]rax[/COLOR]],al ds:00000000`00000040=??

Remove and replace avast! with Microsoft Security Essentials:

avast! removal - Avast Uninstall Utility | Download aswClear for Avast Removal

MSE - Microsoft Security Essentials - Microsoft Windows

Regards,

Patrick
 
Thanks. That's 3 who have confirmed it was Avast!.

Which is odd, since Avast! hasn't given me any trouble since I've started using it, I've used it for months now without problem.

I've heard and read that MSE isn't as comprehensive as Avast!... which is why I haven't used MSE in years.
 
I see. I've used AVG and Avast!.

AVG wouldn't respect my exceptions, but Avast! did. I'm not sure who to use next that has very comprehensive security but also free.
 
Most free AV's are crap. If you're looking for a permanent solution, I'd check out ESET or something similar.
 
Unfortunately, that's the price you have to pay [bad pun]...
I use Malwarebytes as a scanner and Microsoft Security Essentials; as long as you're careful, I don't find the need for an expensive anti virus program.
ESET is the best paid AV I've seen, it's one of the only ones I'd buy.
 
In reality all anyone needs is some proper education on how to avoid getting infected with malware in the first place, and then the need to pay a subscription for an expensive antivirus on your non-business system falls to a grand total of $0. I don't do anything on my system but use Windows Defender and keep it fully updated/patched.
 
Windows 8/8.1 is different in that Windows Defender is MSE, Windows 7's Windows Defender is terrible, you need MSE with it.
I agree, I've known people with no anti virus programs, they don't get infected as they know what they're doing.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top