MS16-001: Security update for IE11 (KB3124275) -> BSOD | Kaspersky hell

S

spitfireCH

Contributor
Joined
Jul 22, 2015
Posts
33
Dear Sysnatives

As mentioned in https://www.sysnative.com/forums/wi...1-kb3124275-failed-bluescreen.html#post148108, I can't install said update. Often, but not always, my attempts to do so result in BSOD.

I tried to follow the BSOD posting instructions and run system file collection app, but "good" old Kaspersky greatly sabotaged this attempt. The application control module would pop up every fraction of a section and ask me to grant permission or block a another process called by the system file collection app. I could not cancel it nor would the "remember" checkbox in getting Kaspersky to remember anything at all. After hundreds of clicks, I finally force restarted my system and disabled Kaspersky entirely.

Now, I could run the app without those hyper annoying popups. But: it does not get past "Waiting for SystemInfo", it just keeps repeating this message for more than 30 min, now. I fear I may accidentally have clicked block instead of allow every once in a while (not each of the hundreds of clicks was precise), and I can't figure out how to unblock it again - or rather, I don't know what to unblock.

Do you have any hints what I could try to get the collection app to run completely? Exiting Kaspersky does not help, unfortunately.

Thanks very much for any help!

Best regards
- spitfire

P.S. maybe you should mention in the BSOD posting instructions that the Kaspersky Application Control must be disabled at any cost before starting the collection app.
 
Hi spitfireCH,

If the SysnativeFileCollectionApp is getting stuck, you might still be able to cancel the process and upload the files manually. In your documents folder there should now be a directory called "SysnativeFileCollectionApp". If there are files in it, just zip that entire directory and attach it here. Kaspersky shouldn't be able to 'block' anything if its real-time protection has been disabled. As far as I know, typically if it gets stuck on "Waiting for SystemInfo" it has to do with your WERCON, but since you already waited 30 minutes, you should be fine to just zip and upload the directory.

Edit: Also, I realize due to your issues with steps 1-4 you didn't get there yet, but please complete step 5 and provide answers (to the best of your ability) for the following questions:

· OS - Windows 10, 8.1, 8, 7, Vista ?
· x86 (32-bit) or x64 ?
· What was original installed OS on system?
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)?
· Age of system (hardware)
· Age of OS installation - have you re-installed the OS?

· CPU
· Video Card
· MotherBoard - (if NOT a laptop)
· Power Supply - brand & wattage (if laptop, skip this one)

· System Manufacturer
· Exact model number (if laptop, check label on bottom)

· Laptop or Desktop?
Click to expand...
 
Last edited:
Hi Xer

Thank you very much for your quick reply. Unfortunately, I can't find any Sysnative folder, even not in %appdata%. I will try to run the tool a again once the backup job is completed.<br><br>In the meantime, I try to answer the questions regarding my system:

· OS - Windows 10, 8.1, 8, 7, Vista ?
--> Windows 7 Ultimate
· x86 (32-bit) or x64 ?
--> x64
· What was original installed OS on system?
--> Windows XP, but I did a clean install of Windows 7
· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)?
--> full retail
· Age of system (hardware)
--> motherboard and CPU are from 2009, RAM from 2012, GPU I don't remember, maybe also 2012, SDD from 2012, HDD from 2014
· Age of OS installation - have you re-installed the OS?
--> yes, I replaced XP with 7 in 2012 (from scratch)

· CPU
--> Core i7 920/2666 QuadCore
· Video Card
--> ASUS GTX-560 TI, 1GB
· Sound Card
--> Auzentech X-Fi Prelude 7.1
· MotherBoard - (if NOT a laptop)
--> ASUS P6T DELUXE LGA1366
· RAM
--> Kingston Memory DDR 12GB Kit of 3 PC3-10666
· Power Supply - brand & wattage (if laptop, skip this one)
--> Enermax Pro82+, EPR625AWT, 625W

· System Manufacturer
--> assembled at a local electronics shop
· Exact model number (if laptop, check label on bottom)
--> don't know

· Laptop or Desktop?
--> Desktop
 
Did you look in Documents folder for the SysnativeFileCollectionApp folder?

Try this command from an Admin CMD prompt -
Code: 
dir "%userprofile%\documents\SysnativeFileCollectionApp" >0 & start notepad 0

A Notepad will open. Please paste the contents into your next post.

Regards. . .

jcgriff2

EDIT: The problem with the app "waiting for systeminfo" is caused by excessive WERCON entries in Microsoft's msinfo32 executable. This occurs in <1% of all cases.

If the Sysnative app runs for more than 15 minutes, kill it with Task Manager or Process Explorer. The SysnativeFileCollectionApp directory in Documents survives with all of the other system files + dumps. msinfo32.nfo should be the only file missing in the output (25+ files total).
 
Last edited:
Hi jcgriff2

All right, that helped. I didn't find it at first as MyDocuments live on drive F: (which is where I looked). However, there is another documents folder on drive C: containing 4 folders, only, including the SysnativeFileCollectionApp folder :) Thanks for the hint! Well, I guess that's the drawback of customizing folder paths ...

Anyway, I uploaded the zip file.

Thx very much for your help!

Best regards
spitfire

Edit: should I worry about the excessive WERCON entries in Microsoft's msinfo32 executable?
 
4 dumps point to AnyDVD.sys, so the simple thing to do first would be uninstall AnyDVD.

This is a common refrain from the minidumps' stack text:
Code: 
fffff880`08f16c38 fffff880`05c480b1 : fffff880`08f16df0 fffff880`01e31705 fffff8a0`06b56010 00000000`00000000 : nt!wcsrchr+0x6
fffff880`08f16c40 fffff880`08f16df0 : fffff880`01e31705 fffff8a0`06b56010 00000000`00000000 00000000`00000000 : [COLOR=#ff0000]AnyDVD[/COLOR]+0x20b1
fffff880`08f16c48 fffff880`01e31705 : fffff8a0`06b56010 00000000`00000000 00000000`00000000 fffffa80`00000001 : 0xfffff880`08f16df0
fffff880`08f16c50 fffff8a0`06b56010 : 00000000`00000000 00000000`00000000 fffffa80`00000001 ffffffff`800033ac : [COLOR=#ff0000]klif[/COLOR]+0x31705
fffff880`08f16c58 00000000`00000000 : 00000000`00000000 fffffa80`00000001 ffffffff`800033ac 00000000`00002950 : 0xfffff8a0`06b56010


For the sake of clarity, klif.sys is a part of Kaspersky. The 011216-23805-01.dmp file blames ntkrnlmp.exe, and 010416-44195-01.dmp blames dxgmms1.sys, but I'm assuming those were before you started trying to install the update. The four dumps from February all blame AnyDVD.sys, the most recent one from the 24th still mentions klif.sys in the stack. So, to start: Uninstall AnyDVD, reboot if needed, and then try to run the update.
 
Last edited:
Thx for the hint! I uninstalled AnyDVD (ironically a couple of days after Slysoft got closed) and restarted my PC. Unfortunately, the update still won't install (Error Code 80070643). It didn't cause a BSOD, though.

Edit: I also tried exiting Kaspersky and then starting the update again, but to no avail, still gives me Error Code 80070643.
 
Last edited:
That's great! I could throw out suggestions for getting it to go through, but there are people on this site who are way better at handling issues with Windows updates than I am. If you post back in your original thread, I think Aura should be able to help you now. If you start getting crashes again, feel free to post back here. Best of luck!
 
Ok, thanks very much for your help, I'll head back to the original thread :)

Edit: and have a great weekend, of course!
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top