Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:Malware-gen trojan infection


  • Please log in to reply

#136
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
I updated Kaspersky to 2014
  • 0

Advertisements


#137
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
event viewer logs after I disabled the fingerprint sensor and updated Kaspersky, I also cleared the logs

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/10/2013 8:51:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/10/2013 1:43:42 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 19/10/2013 1:43:42 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/10/2013 8:53:00 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/10/2013 1:43:37 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2271316084-460775634-2034437219-1000:
Process 2720 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2271316084-460775634-2034437219-1000
  • 0

#138
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Kaspersky is better now tho still not perfect.

You have to right click on the memory.dmp file and rename it to memory.txt in order to attach it or you can Zip it up if you have the capability. (7-zip works well and is free but you have to make sure it uses the .zip and not the .7z).
  • 0

#139
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
i'll try again
no luck even as a zip file.
  • 0

#140
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Make sure it has the .zip extension. 7-zip by default will use .7z.

You can also try Who Crashed:

http://www.resplendence.com/downloads

See what it says. Or we can run BlueScreenView again:
Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
  • 0

#141
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
I used who crashed, here is the report

System Information (local)
--------------------------------------------------------------------------------

computer name: HP
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel® Core™ i5-2410M CPU @ 2.30GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 8535261184 total
VM: 2147352576, free: 1922822144




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 17/10/2013 3:13:14 AM GMT your computer crashed
crash dump file: C:\Windows\Minidump\101713-25428-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x74540)
Bugcheck code: 0x9F (0x3, 0xFFFFFA8007CC6A10, 0xFFFFF80000B9C3D8, 0xFFFFFA8010CFB6C0)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Thu 17/10/2013 3:13:14 AM GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x9F (0x3, 0xFFFFFA8007CC6A10, 0xFFFFF80000B9C3D8, 0xFFFFFA8010CFB6C0)
Error: DRIVER_POWER_STATE_FAILURE
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Sun 13/10/2013 2:36:51 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\101313-27674-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x74540)
Bugcheck code: 0x9F (0x3, 0xFFFFFA80080A6A10, 0xFFFFF80000B9C3D8, 0xFFFFFA80103D7010)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.




--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

3 crash dumps have been found and analyzed. No offending third party drivers have been found. Consider configuring your system to produce a full memory dump for better analysis.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
  • 0

#142
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
also did bsod, hopefully the text log will upload

Attached Files

  • Attached File  bsod.txt   4.15KB   48 downloads

  • 0

#143
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Consider configuring your system to produce a full memory dump for better analysis.


Let's try what they advise: Start, Control Panel, System, Advanced System Settings, Startup and Recovery => Settings, Change Write Debugging Information to Kernel Memory Dump, OK.

Then we wait for the next one.
  • 0

#144
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
it was already set to kernel memory dump
  • 0

#145
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
Then perhaps it is too big for the forum. I will send you my email address in a PM
  • 0

Advertisements


#146
gregahoffman

gregahoffman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 400 posts
sent
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP