Kaspersky thought to be issue for BSOD but absolved.

[stephanpark]

Hey all, in a bit of a mess right now. New X61s has been a problem and I've owned nothing but ThinkPads so obviously a bit heart wrenching to be have a brand new machine stuffed like this. But as the Mod requested, I'll start it up here again and leave all the fuming pile back at the other locked thread. Oh, thanks for being a good Mod.

Fellow padders you'll all understand if some of below is a bit copy-pastie.

I've summed up and cleaned up the language a bit.

***Brief***
The problem:
BSOD on reboot after attempt at chkdsk. R&R was removed so should work. BSOD note is "A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine."

Many things may be the cause. List below.
1. Lenovo Camera driver explicitly requested allowance of detected Trojan type virus detected by latest Kaspersky IS. See document MIGR-66973 on Lenovo site. It is suspected to have started all the problems.
2. R&R backup did not go smoothly but in the end it did complete.
System rebuild also stumbled but completed. Possible mass corruption concern.
3. TDI.sys hangs on Safe Boot, Google finds possible vector for encryption release type Trojan targeting netcom PE files.
4. Kaspersky (eliminated as suspect) latest v325 is believed to cause errors with latest Intel Wifi drivers.
Currently I am at a loss so I'll be waiting for my 2ND set of recover discs and hope it was that Webcam driver botching install with Kaspersky security paused.

Now, I needed to eliminate a suspect so I rebuilt, but this time without Kaspersky...and it doesn't look like Kaspersky is the problem, though it looked a lot like the same symptoms as found on other forums.

System tested with rebuild from last R&R (may contain Camera driver suspected of Virus pathway).
* R&R removed.
* Acronis 10 installed, backup made forced partition and removal of SERVICE partition completed. All is well.
* chkdsk verifies new D: drive is perfect, SERVICE partition is gone and reboot for chkdsk of C: goes apparently well (didn't notice error).

All this took about 5-6 reboots, coincidentally exactly the same rough number of times as previous rebuild attempt until BSOD.

Sequence recalled below:
1. Wifi cannot connect to router. Uh-oh.
2. Manual download of latest Wifi driver from Lenovo installed to remedy try to fix possible corruption. Repair mode selected and software proceeds to reinstall, then in middle of installation I get the BSOD. As with all the other times, it states "A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine."
3. Reboots to Safe Mode screen, don't know what I could possibly do at this point so enter Windows Normally. BSOD again.
4. Try last known good config. Reboots fine.
Error notification on reboot. Details are in dump file but I forgot how to read this stuff with MS Debugging Tools.

While waiting for 2nd set of Recovery CDs I'll see if I can get refreshed. Kaspersky is absolved so far, but system is still fragile and cannot be trusted. Will post results as they come.

Signing out.

[stephanpark]

Just updating here to keep all notes in one place. Intel PRO AGN Wifi driver seems to be causing the BSOD.

After system rebooted from "last known good". I immediately installed Kaspersky. On a subsequent reboot, Kaspersky detected a change to svchost.exe.

Wifi still unable to connect to router, I attempt to "repair". BSOD.
Auto reboot results in another BSOD right afterwords. Then it goes into Safe Mode screen. "Last known good" is selected and XP starts up again.

This time I try to install that clean download of latest Wifi driver direct from Lenovo. During installation I again get BSOD. Same as last, another BSOD on reboot, then Safe Mode. "Last known..." selected.

OK, maybe I'll try to install driver in Safe Mode, not sure if this is even possible but shut down gets stuck. Now going on an hour, no HD movement but both mouse & numlock buttons respond. Forcing hard reboot. Restart loads XP fine.

Kaspersky detects that Explorer tried to access it. Self-Defence blocked it? Is this normal? Running full system scan but last time this was done, K found nothing. It's a long scan so signing off.

[akhavan]

Hi,

I use Kaspersky Internet Security 2009 with no problem. I think for your problem you better go on Kaspersky Lab Forum and ask for help.

http://forum.kaspersky.com/

Sepehr

[stephanpark]

I'll check them out too. If what I find is Lenovo issue. I'll report here but it is not looking good so far for Lenovo.

P.S. you mean KIS 7.0.1.325 or so? Kaspersky doesn't sell a IS 2009 in the US. So maybe its the same thing?

[stephanpark]

Wo who!
So it is DEFINITELY the Lenovo version of Intel WiFi 4965AGN driver that was causing all this misery.

I can't recall the post but I had read here at Thinkpads.com that Intel had released a newer version of the WiFi card driver than Lenovo but didn't recall if there was evidence of testing. I can say definitively that the Intel driver works perfectly so far.

For Intel Wireless LAN WiFi Link 4965AGN:
Lenovo's version is 11.5.0.36 issued on Dec 12, 2007
Intel themselves is 11.5.1.15 issued on Apr 11, 2008

"Intel recommends that you obtain and use the software provided via your laptop manufacturer." Which is absolutely true because Access Connections can't see the card at all it seems, nor can it access any of its features. BUT Windows Wireless Networks can just fine Thank You.

No bugs, fictitious viri or BSOD so far. Not enough cause to return my X61s now but WOW, what a complete hash of a driver from Lenovo, huh?

[sinanju009]

I have applied 11.5.1.15 from Intel 4-5 days ago. It is still causing BSODs. You simply need to put some loads/heavy traffic through it. I had to go back to a wired setup in order to xfer several large ISOs (~20GB).

The problem is not yet fixed unfortunately.

Michel

[stephanpark]

Dangit! OK, I'm a light surfer so now I'm regretting the AGN vs. the more reliable Atheros card on my T60p.

Maybe there is a way to switch out the cards. If the antenne connects are the same...it may end up being our only way out, save for returning the machine.

Sorry to hear friend.

[Harryc]

It is a simple swap, and the connections are identical.

[stephanpark]

Wondering if this card is available yet. I've called Lenovo and looked up accessories as well for X61s and No-Go for Atheros/Thinpad AGN wifi card. Maybe no such thing?

[sinanju009]

I am having the same problem with the Intel 4569agn driver on Vista x64. Put enough traffic through it and it BSODs. Have applied the very latest Intel driver (12.0.0.82) and it is not fixed yet. Any news on this? Is Intel even working on this issue? Am trying to do a search of the knowledgebase for a bug id without success.

Thanks,

Michel