Jump to content

BSOD and Error during Heuristic analysis


Recommended Posts

I clean installed v. 2.0.3.1025. ( Deactivated protection module in v. 2.0.2. Uninstalled through Windows and then ran mbam-clean ) Everything was right. Fast start up ( rebooted after install ). Updated without problem. Fast browsing. Got all my settings changed ( activate rootkit analysis, edit schedule scans and updates, etc.. )

 

Then I ran a Threat scan. It ran fast although I noticed that the blue bar was not advancing that much during the file system objects analysis. Started to do the Heuristic analysis and almost at the end ( it had run during 9 min and more than 270.000 files ) started to lag or freeze, and then BOSD

 

KERNEL_STACK_INPAGE_ERROR

0X00000077(0X00000001, 0X00000000, 0X00000000, 0XBA50FD24

 

I have the minidmp

 

I tried to reproduce it to get a full MEMORY.DMP, but eventhough I got the same BSOD it did not save it and crashed my sistem so badly that to rebooted it I had to go back to a system restore point. It got my C++ runtime and my firewall all bugged down. Well, that was last night. I reinstalled it today and ran again the threat scan to get the full dmp. This time, during the Heuristic analysis, I got a Winlogon error and the system shut down. No Dump.

 

BTW. v. 2.0.2 worked without problems.

 

May be my old warhorse can not keep up with the new thecnology. Mi sys my sig.

 

Attached are the diagnostic logs, Minidump, and an image of the changes that the winlogon error made recorded by Comodo.

 

I will appreciate any help to solve this issue. Thank you.

FRST.txt

Addition.txt

Minidmp.rar

post-26314-0-68303600-1413390649_thumb.p

Link to post
Share on other sites

  • Root Admin

The logs indicate that it may be something to do with the wmplayer from Windows. But the other logs also show that the computer appears to probably be infected.

 

 

 

 

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x8E

PROCESS_NAME: wmplayer.exe

LAST_CONTROL_TRANSFER: from bf25e283 to bf07f230

 

 

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
 

Thank you

Link to post
Share on other sites

Hi AdvancedSetup.

 

Thank you for answering. First of all I would like to apologize because the minidump I attached is not even from the BSOD mentioned above. I automatically attached it because it was the only dump I had in the folder and I did not see the date from 2 months back. So I wonder why KERNEL_STACK_INPAGE_ERROR did not produce a minidmp or the subsequent BSOD produced a full dump when I set up my system to do so.

 

Did you noticed all the Error: (10/15/2014 10:22:50 AM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\iaStor0 ? This are created while MBAM is doing the Heuristic analysis.

 

Also I do not see the MBAM CheckResult.txt log among the attached items above. Did I forget to attach it ? I have it though.

 

One last question. Where did you see that my WMP caused the crash ? I have WMP 10 which work pretty good eventhough I do not run it that often because my main player is VLC so can't imagine why it would create an issue with MBAM.

 

I'll be looking for help in the removal forum and see what that infection might be. I know I have some old programs that came with my desktop which are not signed, and I have a particular MBR which invokes a hidden DeLL image, but I have not get infected in the past 8 or 9 years. I know.. I know. No one is really safe if surfing the web and security programs are not 100 % sure so I will run any app you ask for.

 

Thanks, see you again soon.

Link to post
Share on other sites

  • Root Admin

You cannot edit posts until you reach 100 posts due to abuse by some users.

The crash dump is there regardless of MBAM or not from what you posted and I scanned. If you want further analysis or possible fixes then you'll need to open a topic in the other forum as requested as we do not run other scans except in that forum.

Thank you

Link to post
Share on other sites

Thank you again Ron. I did not know about the 100 posts limitation to edit a post. I do not go about these forums that much because MBAM seldom makes problems for me.

 

Yes, I already opened a topic in the removal forum section. Just like you adviced me above, about 50 minutes later after reading your answer here and posting my replies to you. BTW I ran another scan and this time I got a full MEMORY DMP. Do you want it ?

 

https://forums.malwarebytes.org/index.php?/topic/158967-bsod-during-heuristic-scan-probably-infection/

 

Thanks again.

Link to post
Share on other sites

Can you tell me how do I go about it ? I mean. I can not edit the post, and if I reply in the topic, I do not have an option to attach anything. Do I open another help topic or what ?

 

The minidump is small about 6 KB, but the full dump is 580 MB already zipped. Sorry about my typo in the other topic where I say the DMP is 2 MG. I wanted to say it is 2 GB.

Link to post
Share on other sites

Do not reply to that topic until you have one of the experts helping you and then you can offer the file to them if they want it. Do NOT start a new topic either. Since the file is 580MB zipped, then you may have to upload it to WeTransfer, below are the instructions for that...

WeTransfer instructions for uploading crash dumps

Upload File(s) to WeTransfer:

  • Visit WeTransfer.com
  • Click on I Agree

    4ENbg3P.png

  • Click on the icon on the lower left indicated in the below image

    qKOjzXD.png

  • Select the Link option

    Cyzhcx1.png

  • Click on +Add Files

    CvZMyrC.png

  • Browse to the location of the file and double-click on it or click once on it and select Open

    S5Ty834.png

  • Click on Transfer

    8eYfZGi.png

  • Once the transfer completes, click on Copy link

    fkb0tkR.png

  • Once you receive the Copied! message as indicated below, paste the link into your next reply

    ndpEstA.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.