Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Reboots during S&D, Defrag and Anit-virus scans.

  1. #11
    In Memoriam -Always in our heart CalamityJane's Avatar
    Join Date
    Oct 2005
    Location
    Central Florida, USA
    Posts
    651

    Default

    WDMARK,

    I don't think we have a malware problem here. I've asked one of our Adviser Team members (Bitman) to post his thoughts here for you to see if he could help with what he thinks might be the problem.

    I'm going to move this post to the Spybot S&D forum for now, so Bitman can assist you with this.
    Last edited by CalamityJane; 2006-04-07 at 04:31.
    Microsoft MVP 2003-2009
    Windows-Security

  2. #12
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    WDMARK,

    I'd been watching your thread, but didn't want to jump in until CalamityJane was sure it wasn't malware. Though your issue is slightly different, we've seen quite a few systems shut down or reboot during Spybot S&D scans, and many have been due to processor overheat. The reason for this is the high processor utilization created by Spybot during its scans.

    However, in your case you seem to believe the issue is related to a specific disk partition, so we need to determine if that's really true. If you have specific reasons to believe this, please let us know. Otherwise, please try a couple simple tests to confirm where the issue really lies.

    Please try running some scans that would normally cause the problem where you can select which drive letters to scan. Since Spybot can't do this, try one of the antivirus programs or a drive defrag. Simply deselect the drive that you suspect and see if the reboot still occurs or not. If it doesn't then try scanning only that partition to see what happens.

    I'm guessing you may have already done this with defrag or antivirus, so fill me in if so. Based on this, I'll try to help you either way.

  3. #13
    Junior Member
    Join Date
    Mar 2006
    Posts
    10

    Default

    Thank you Bitman. Yes I had tried some individual scans with the on line AV that allow and again tonight with Norton Antivirus (From within my Norton System Works Premier 2005). The reboots occurred on G and I was narrowing it down to specific folder(s) and got to the G://Program Files/Newsoft folder and had reboots. The situation then worsened as when I left the machine unattended for an emergency call during a Scan I cam back to constant reboots and could not boot in to Safe Mode. Below is what I typed off line about the current state of things and I'll probably leave well enough alone until I wake up early tomorrow. I'll try and wait for your post....but may be inclined to do the bios thing and possibly open up the case and check connections. I had not installed any new hardware or software.

    Following now appears on Blue Screen with constant reboots. I was unable to boot into Safe Mode. Could see but not catch the text of Blue Screen before reboot would occur. After disabling auto restart after shutdown in Bios: The text below does come up and stay on a Blue Screen. I have not yet tried any of the BIOS suggestions within the text.

    A problem has been detected windows has been shut down to prevent damage
    to your computer.

    DRIVER_IRQL_NOT_LESS_OR EQUAL

    If this is the first time you’ve seen this Stop error screen,
    Restart your computer. If this screen appears again, follow
    these steps:

    Check to make sure any new hardware or software is properly installed.
    If this is a new installation, ask your hardware or software manufacturer
    for any windows updates you might need.

    If problems continue, disable or remove any newly installed hardware
    or software. Disable BIOS memory options such as caching or shadowing.
    If you need to use Same Mode to remove or disable components, restart
    Your computer, press F8 to select Advanced Startup Options, and then select Same Mode.

    Technical information:

    ***STOP: 0x000000D1 (0x00000034, 0x00000002, 0x00000000, 0xF77B9B74)

    *** IdeChnDr.sys – Address F77B9B74 base at F77B4000, DateStamp 3d99eac3

  4. #14
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    Well, glad you did the tests and discovered this issue. It appears the IdeChnDr.sys is your problem and has quite a history of BSoD errors and/or reboot symptoms. These often occur when scanning with antivirus, defrag or other tools, sounds familiar doesn't it?

    This file is part of the Intel® Application Accelerator, which was a hard disk performance enhancing driver for certain Intel chipsets. It appears it hasn't been updated since late 2002, and has had known issues with the Windows XP Service Pack 2 update which released two years later. The problems may also be related to bad sectiors on the disk, which could explain the specific location of your problem, though this is probably just another symptom of the problem with an out of date driver.

    It appears the only dependable way to fix the problem is to switch back to the default Windows drivers, which in some cases reduces performance, but makes the system stable again. This is done by removing the Intel® Application Accelerator in Add/Remove Programs per the instructions below.

    I'd recommend removing the program since it's so out of date and known to create these problems. The risks and trouble aren't worth any slight performance improvement you may be seeing, if there even is any. Only one person reported that fixing bad disk clusters solved their problem with others reporting it didn't help.

    It's also recommended that you run a chkdsk on the problem drive after removing the driver to repair any remaining problems.

    Let us know if this fixes the problems for you.

    Bitman

    ************************************************************
    * 8. UNINSTALLING THE SOFTWARE
    ************************************************************

    NOTE: This procedure assumes that the above installation
    process was successful. This un-installation procedure
    is specific only to the version of the software and
    installation file included in this package.

    1. Click on the Start button. Open the Settings menu.
    Click on the Control Panel icon to open the Control
    Panel window.

    2. Click on the Add/Remove programs icon.

    3. Select Intel(R) Application Accelerator and click OK.

    4. Click on Yes when the script prompts for confirmation.

    5. The uninstall script will prompt you to restart the
    system.

  5. #15
    Junior Member
    Join Date
    Mar 2006
    Posts
    10

    Default

    Quote Originally Posted by bitman
    Well, glad you did the tests and discovered this issue. It appears the IdeChnDr.sys is your problem and has quite a history of BSoD errors and/or reboot symptoms. These often occur when scanning with antivirus, defrag or other tools, sounds familiar doesn't it?
    Thanks again....awake again I read your post. My MB is Intel 845 Chipset and I have the accelerator.

    Problem on uninstall is that as yet I can't even get in to SAFE MODE to uninstall per instructions. Note too that I'd had reboots occur before during Disk Doctor or chkdsk routines. Is there a BIOS change I might make (e.g. to an IDE Controller?) that might get me in to Windows?

    For now I am am googling the file, visiting other sites. Interesting that I ame across this:

    "Important: Some malware camouflage themselves as IdeChnDr.sys, particularly if they are located in c:\windows or c:\windows\system32 folder" [.....reference to a recommended, NON Spybot tool removed..]

    Would appreciate any more help you can offer. WDMARK

    P.S. I now recall too having reboots during gaming awhile back that I never did resolve. That app was on my G drive.

  6. #16
    Junior Member
    Join Date
    Mar 2006
    Posts
    10

    Default HOLD UP YOUR EFFORTS PLEASE---Pending Report Back

    Hi Bitman: Through some gyrations (risky perhaps), that I won't detail here now, I was able to boot back in to Windows. Before uninstall or any risk of not being able to get back in I'm copying off some key data files that I need for taxes etc. These are files that I routinely back-up to my second unpartitioned drive I: I did not want to have to remove that hard drive to get to the data!

    I also did not want to run PCBACKUP (Aloha Bob) as I feared a reboot during the routine.

    At any rate. Once accomplished I'll uninstall the Intel App Accelerator and report back. Thanks again for your help. Thank God I recently purchased a new laptop with 100 G drive and wireless.....as with my vintage 1999 Compaq I had little room left on its drive and it did not have a writer beyond a floppy! WDMARK

  7. #17
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    Quote Originally Posted by WDMARK
    For now I am am googling the file, visiting other sites. Interesting that I ame across this:

    "Important: Some malware camouflage themselves as IdeChnDr.sys, particularly if they are located in c:\windows or c:\windows\system32 folder" [.....reference to a recommended, NON Spybot tool removed..]
    I saw that reference to malware too, but since you have the application installed and based on the specific symptoms you're having, I suspect it's simply the known issue with the Accelerator itself.

    I see from your follow up that you've gotten some control. The sudden apparent flare-up of the problem may be due to hidden problems beginning on the drive which are aggravating the existing problem, so making backups is a good idea. I hope the removal of the Intel Accelerator improves the situation, but I'd be prepared since it sounds like an older system.

    Bitman

  8. #18
    Junior Member
    Join Date
    Mar 2006
    Posts
    10

    Default Mission Accomplished

    Yes! Thanks to Calmity and you Bitman for your help and support. Virtually All is good now...I have been able to virus scan G drive without reboot and found no viruses. I've been able to defrag, though it turned out it didn't need it. I hope this thread helps someone else someday...as I'm not the only one with Intel products/software. BTW my system is a Pentium 2.26 with Intel Motherboard....not new///not ancient. I'm pretty sure now that the reboots that occured while gaming probably game from the same source.

    Note One Chkdsk session showed 4 bad sectors on G, but I've not been able to reproduce that.

    I also do have one missing file in the Newsoft/Page Manager folder that showed up in Chkdsk and in Norton Win Doctor and One Step Check-ups. It is a DLL for Presto Page Manager app. No worries there. On a low priority, I'll reinstall that infrequently used software at a later date!

  9. #19
    Junior Member
    Join Date
    May 2006
    Posts
    1

    Default Can't boot into Windows at all

    Quote Originally Posted by WDMARK
    Hi Bitman: Through some gyrations (risky perhaps), that I won't detail here now, I was able to boot back in to Windows.
    (I know this post is a couple months old, but I thought I would check anyway). WDMARK, how did you manage to boot into Windows? I am experiencing the same exact STOP error / blue screen. I cannot boot into Safe or Normal Mode. Last Known Good Configuration does not work. The STOP error occurs after the Windows XP progress bar is shown for 10 seconds or so.

    I saw on another forum that someone disabled the secondary IDE channel and could then boot. This did not work for me. I've tried using the XP Recovery Console to rename IdeChnDr.sys to IdeChnDr.old in the hopes that Windows would not load it. This just yields a 0x7B STOP error blue screen. I also saw on another forum (possibly an Intel site? can't remember) that this problem may be related to an Iomega Zip Drive incompatibility. The computer I'm working on has a Zip 250 drive but I've unplugged that as well.

    I was also thinking I could manually uninstall Intel Application Accelerator (this is a client's computer that I've never worked on before so I'm not even sure it has that loaded onto it), but I haven't come across any documentation that would guide me in that direction.

    Anyone have any suggestions?

  10. #20
    Junior Member
    Join Date
    Jun 2006
    Posts
    1

    Default

    Tonedef,

    I tried what you said, renamed idechndr.sys to idechndr.old. I would advise no one else try this. It took me most of the day yesterday to be able to get back into the system to rename it back. If you rename it, the computer will continue to run until you reboot, because it is still in memory. When WD scanned the computer and found it in memory, AP shut down the computer as it had been doing. Then I couldn't even boot into the operating system. After much searching, I found a free utility that allowed me to rename the file from DOS (NTFS4DOS). It will then boot into the system. If you uninstall WD before it does a real time scan, you will be in business. If you prefer to remove Intel Accelerator, you would be better off by uninstalling Windows Defender first. Then if you want it back, you can reinstall it.

    My final determination is that it was not the update that caused the problem. I was able to accept the update without the shutdown, but it was the new definition that causes XP to shut down. I was able to continue without a shutdown after I updated, but when I did a scan with WD and it sees idechndr.sys in memory, it somehow causes XP to shutdown. I don't want an antispyware program to have that much control, so I will not use WD unless they put it back to the way it operated when it was Microsoft Antispyware. I was able to see many instances when MA blocked access attempts, but I haven't seen any blocked instances with WD running in real time, except for my Intel Accelerator, which has always been there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •