PC Help Please .... Laptop Crashing
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
PC Help Please .... Laptop Crashing
For some random reason my laptop crashed into the BSOD. Upon restart, it seemed to load fine, then after a couple minutes .... BSOD.
About the 3rd restart, I booted it into Safe Mode and did a normal shutdown. On restart, everything seemed to load fine, then after a couple minutes .... BSOD.
Let it restart on it's own and did not touch anything. Starts .... loads .... Ok for a minute or so .... BSOD .... Restart.
First time it crashed I was browsing AZ and watching a Youtube vid. I was closing a couple IE windows. The window for Marketplace hung, then BSOD.
No changes to anything .... settings, new programs, etc. .... in at least a week, probably more.
Running Windows 7 on a Dell Latitude 64xx. I've had it for about 3 weeks and no problems till now.
Last restart, went into Safe Mode and chose a restore point for about 3 days ago. Not sure if it will stay running or not (just restarted).
Any ideas or suggestions?
(PS - I'm posting from a different computer.)
About the 3rd restart, I booted it into Safe Mode and did a normal shutdown. On restart, everything seemed to load fine, then after a couple minutes .... BSOD.
Let it restart on it's own and did not touch anything. Starts .... loads .... Ok for a minute or so .... BSOD .... Restart.
First time it crashed I was browsing AZ and watching a Youtube vid. I was closing a couple IE windows. The window for Marketplace hung, then BSOD.
No changes to anything .... settings, new programs, etc. .... in at least a week, probably more.
Running Windows 7 on a Dell Latitude 64xx. I've had it for about 3 weeks and no problems till now.
Last restart, went into Safe Mode and chose a restore point for about 3 days ago. Not sure if it will stay running or not (just restarted).
Any ideas or suggestions?
(PS - I'm posting from a different computer.)
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
Sanest Florida Man
Joined: Aug 2007
Posts: 45,986
Likes: 11,772
From: Florida
failing memory? bad hard drive? what's the error code? It'll be like 0x0000007e PAGE_FAULT_IN_NON_PAGED_AREA
Also if you hit f8 while booting up you can disable automatic restart on blue screens so you can look at it. Then to shut it down hold down the power button
Also if you hit f8 while booting up you can disable automatic restart on blue screens so you can look at it. Then to shut it down hold down the power button
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
Hope it's not memory or HD, it's only a few weeks old.
Last reboot, I put it into Safe Mode and am running Malwarebytes. Found 1 object so far (still running, so I'm not sure what it is yet).
Sanest Florida Man
Joined: Aug 2007
Posts: 45,986
Likes: 11,772
From: Florida
Check for a rootkit using this, it's very quick
http://support.kaspersky.com/downloa...tdsskiller.exe
otherwise it maybe a shitty driver, windows update may have installed a driver that's fuckin up your world
http://support.kaspersky.com/downloa...tdsskiller.exe
otherwise it maybe a shitty driver, windows update may have installed a driver that's fuckin up your world
Sanest Florida Man
Joined: Aug 2007
Posts: 45,986
Likes: 11,772
From: Florida
Trending Topics
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
Check for a rootkit using this, it's very quick
http://support.kaspersky.com/downloa...tdsskiller.exe
otherwise it maybe a shitty driver, windows update may have installed a driver that's fuckin up your world
http://support.kaspersky.com/downloa...tdsskiller.exe
otherwise it maybe a shitty driver, windows update may have installed a driver that's fuckin up your world
Fixed .... I think
.The rootkit tool found a rootkit and Malwarebytes found a trojan.
Both cleaned. Seems OK now ....
.Thanks for the tools.
Sanest Florida Man
Joined: Aug 2007
Posts: 45,986
Likes: 11,772
From: Florida
It's like I do this shit for a living......
How the fuck do you get a rootkit a couple weeks after getting a new PC? What kinda shit are you doing.
Also wild, guess are you using Firefox?
How the fuck do you get a rootkit a couple weeks after getting a new PC? What kinda shit are you doing.
Also wild, guess are you using Firefox?
Last edited by #1 STUNNA; Nov 4, 2012 at 12:16 AM.
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
I've been on the straight and narrow with this machine. It's corporate and I don't trust the corp spyware or know the capabilities for Windows 7 to track use.
Not Firefox. IE9.
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
We use TrendMicro ....
.I added MS Security Essentials; and it is up-to-date.
Sanest Florida Man
Joined: Aug 2007
Posts: 45,986
Likes: 11,772
From: Florida
Yikes, Uninstalll Trend micro! Never run two AVs at the same time, that really slows your PC down. Also uninstall Java, that shit is a security nightmare, though it might not be on your PC if it's new.
Update your flash here
get.adobe.com/flashplayer/
make sure you enable auto-updates when it prompts you. then update adobe reader here
http://get.adobe.com/reader/
Then follow these instructions.
If you followed all those steps (especially uninstalling Java) then your PC is now greatly resilient to viruses. I've yet to have a PC follow all of those steps and get a virus after. It's been about two years since I've been doing all that stuff too, on hundreds of PCs.
Update your flash here
get.adobe.com/flashplayer/
make sure you enable auto-updates when it prompts you. then update adobe reader here
http://get.adobe.com/reader/
Then follow these instructions.
now for a little advice on how to configure Adobe Reader. Reader like most adobe software is riddled with security holes and they've been getting their ass handed to them as of late on the security front. There are some a couple settings you can change that will help this though.
If you open reader and go to preferences (ctrl + k) and
1. click on "Javascript" and turn off javascript.
2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications"
3. Also got to updates and choose Automatically install updates in Reader/Acrobat preferences.
Now if you're wondering if you should've had a holy shit WTF moment while reading the first two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!?
I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site
and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background.
As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off.
If you open reader and go to preferences (ctrl + k) and
1. click on "Javascript" and turn off javascript.
2. Then go to "Trust Manager" and turn off "Allow opening of non-pdf file attachments with external applications"
3. Also got to updates and choose Automatically install updates in Reader/Acrobat preferences.
Now if you're wondering if you should've had a holy shit WTF moment while reading the first two the answer is yes. By default reader allows javascript aka the java exploits I mentioned above to be run via PDF! As are external applications, so you open a PDF and it runs a malicous exe! WTF! Why does reader need to run java or external applications!?!?
I turned these off a few months ago and I'm glad that I did. Recently I was browsing a shady site
and I moused over or accidentally clicked on a flash banner and bam! Reader opens up real fast with a blank PDF and this PDF wants to run Javascript! Luckily I had turned Java off for PDFs and so Reader was waiting for me to approve this PDF to run Java which I of course declined. Then the same thing happened a few days later. I wonder if I had java turned on would that blank empty PDF have even opened or would it have just done it's exploit in the background.As for downsides, I've yet to see a legit PDF prompt me to run Javascript or open an external application. So please do yourself the favor and turn those settings off.
Last edited by #1 STUNNA; Nov 4, 2012 at 01:21 AM.
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
I can't uninsall Trend. I can only disable it; which I do anytime I restart the machine (although I'm pretty sure there are bits that run that I cannot stop).
Regards Java, does that have any impact on basic functionality when browsing, etc it it's disabled?
Sanest Florida Man
Joined: Aug 2007
Posts: 45,986
Likes: 11,772
From: Florida
No. Only some sites might need it. But the vast majority of sites don't need it, I don't visit a site that does. If you come across a site that you must use that requires it and won't work without it then you can reinstall it but many security experts strongly suggest getting rid of it.
Race Director
Joined: Dec 2003
Posts: 12,521
Likes: 1,824
From: MAGA country
Bearcat, what rootkit did tdss killer find? Open the tdss killer log file. It should be in the root directory (e.g. C:\ ). Scroll down to the last few lines of the log file. It should indicated what the rootkit was.
Same deal for Malware bytes. What trojan did it find? Which did you run first? Malware bytes or TDSS killer?
You can find the MBAM log file by entering this line into the run box (the box that pops up when you click on the start button or press the windows key):
%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Depending on what rootkit/trojan was found, it's likely that several of your OS services have been tubed as well. Neither MBAM nor TDSS killer will repair those services. I have a fix if it turns out that the services are tubed. (You can check services by typing "services.msc" in the run box. Check to see if the following services are there: Background Intelligent Transfer Service, Base Filtering Engine, Security Center, Windows Firewall, Windows Update).
And for Trend Micro, I assume it's the enterprise version installed by your company and they have it locked from uninstalling? If so, then I'd let it run normally and uninstall MSE. Definitely don't want two AVs running concurrently.
Same deal for Malware bytes. What trojan did it find? Which did you run first? Malware bytes or TDSS killer?
You can find the MBAM log file by entering this line into the run box (the box that pops up when you click on the start button or press the windows key):
%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Depending on what rootkit/trojan was found, it's likely that several of your OS services have been tubed as well. Neither MBAM nor TDSS killer will repair those services. I have a fix if it turns out that the services are tubed. (You can check services by typing "services.msc" in the run box. Check to see if the following services are there: Background Intelligent Transfer Service, Base Filtering Engine, Security Center, Windows Firewall, Windows Update).
And for Trend Micro, I assume it's the enterprise version installed by your company and they have it locked from uninstalling? If so, then I'd let it run normally and uninstall MSE. Definitely don't want two AVs running concurrently.
Last edited by nfnsquared; Nov 5, 2012 at 09:35 AM.
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
Bearcat, what rootkit did tdss killer find? Open the tdss killer log file. It should be in the root directory (e.g. C:\ ). Scroll down to the last few lines of the log file. It should indicated what the rootkit was.
Same deal for Malware bytes. What trojan did it find? Which did you run first? Malware bytes or TDSS killer?
You can find the MBAM log file by entering this line into the run box (the box that pops up when you click on the start button or press the windows key):
%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Depending on what rootkit/trojan was found, it's likely that several of your OS services have been tubed as well. Neither MBAM nor TDSS killer will repair those services. I have a fix if it turns out that the services are tubed. (You can check services by typing "services.msc" in the run box. Check to see if the following services are there: Background Intelligent Transfer Service, Base Filtering Engine, Security Center, Windows Firewall, Windows Update).
And for Trend Micro, I assume it's the enterprise version installed by your company and they have it locked from uninstalling? If so, then I'd let it run normally and uninstall MSE. Definitely don't want two AVs running concurrently.
Same deal for Malware bytes. What trojan did it find? Which did you run first? Malware bytes or TDSS killer?
You can find the MBAM log file by entering this line into the run box (the box that pops up when you click on the start button or press the windows key):
%AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Depending on what rootkit/trojan was found, it's likely that several of your OS services have been tubed as well. Neither MBAM nor TDSS killer will repair those services. I have a fix if it turns out that the services are tubed. (You can check services by typing "services.msc" in the run box. Check to see if the following services are there: Background Intelligent Transfer Service, Base Filtering Engine, Security Center, Windows Firewall, Windows Update).
And for Trend Micro, I assume it's the enterprise version installed by your company and they have it locked from uninstalling? If so, then I'd let it run normally and uninstall MSE. Definitely don't want two AVs running concurrently.
From the MBAM log:
Files Detected: 1
C:\Users\Administrator\AppData\Local\Temp\CCDA.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\CCDA.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
00:53:40.0312 4944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
Base Filtering Engine - Runnng;
Security Center - Running;
Windows Firewall - Running;
Windows Update - Running.
Yes, it's TM Enterprise.
No noticable issues since those two items were removed a couple of nights ago.
Race Director
Joined: Dec 2003
Posts: 12,521
Likes: 1,824
From: MAGA country
^^^ Probably OK then. Pihar.C doesn't mess with the services. Not familiar with CCDA.tmp or what may have placed it there...
I am a bit surprised about the BSODs... most trojans need and actually want the OS to be in working condition. Pihar.C is not known for causing BSODs in Win7. I've removed probably over 300 cases of pihar.c and don't remember it ever causing a bsod...
I am a bit surprised about the BSODs... most trojans need and actually want the OS to be in working condition. Pihar.C is not known for causing BSODs in Win7. I've removed probably over 300 cases of pihar.c and don't remember it ever causing a bsod...
Last edited by nfnsquared; Nov 5, 2012 at 04:48 PM.
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
^^^ Probably OK then. Pihar.C doesn't mess with the services. Not familiar with CCDA.tmp or what may have placed it there...
I am a bit surprised about the BSODs... most trojans need and actually want the OS to be in working condition. Pihar.C is not known for causing BSODs in Win7. I've removed probably over 300 cases of pihar.c and don't remember it ever causing a bsod...
I am a bit surprised about the BSODs... most trojans need and actually want the OS to be in working condition. Pihar.C is not known for causing BSODs in Win7. I've removed probably over 300 cases of pihar.c and don't remember it ever causing a bsod...
Sanest Florida Man
Joined: Aug 2007
Posts: 45,986
Likes: 11,772
From: Florida
Yeah it was the rootkit causing the BSOD. You don't see it often but I have seen it before. Who knows it could've been an unintended consequence of the bootkit conflicting with something else on your PC causing the crash.
Race Director
Joined: Dec 2003
Posts: 12,521
Likes: 1,824
From: MAGA country
Thread Starter
AZ Community Team
Joined: May 2007
Posts: 32,488
Likes: 7,771
From: N35°03'16.75", W 080°51'0.9"
After you showed me how to find what it was, I wanted to seach to find out what it did .... it's purpose or threat. Browsing results I just noticed that there were various links/posts refering to random reboots and the BSOD.
But, like I said, I didn't delve beyond the mere search, so ....
.
Thread
Thread Starter
Forum
Replies
Last Post
snorf
2G RDX (2013-2018)
429
Nov 4, 2019 06:44 AM