Page 1 of 3 123 Last
  1. #1

    testing for neocore

    been a long night
    Attached Files Attached Files


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Re: testing for neocore

    Hi,

    There are no crash dumps located in your jcgriff2 output folder. Can you please navigate to C:\Windows\Minidump and manually zip up and attach any crash dumps within that directory?

    Regards,

    Patrick

  3. #3
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    773
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    Thanks, gerawolf.

    OP here - long read: reinstalled...did the "pinned" faq :: The Incredible Adventures of Van Helsing General Discussions

    I'll check the logs now, if anyone else wants to chime in, please feel free - it's been a long, hard week for me ... and it's only Thursday!

    EDIT: Patrick, there's recently been a BSOD after setting up DV - gerawolf, can you copy any minidumps to the Desktop, zip and attach them, please?

  4. #4

    Re: testing for neocore

    Quote Originally Posted by satrow View Post
    Patrick, there's recently been a BSOD after setting up DV - gerawolf, can you copy any minidumps to the Desktop, zip and attach them, please?
    Oooh, a DV dump! Even better :O)

  5. #5
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    773
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    So far I'm seeing a .dll running out of a AppData\Local\Temp sub-folder and a 1MB partition on a data drive, both possible indicators of malware, either active, the .dll, or old, possible root/boot -kit in the partition, if it was previously used as a System/Boot drive.

    2x USB devices that cannot find enough free resources to use.

    Heck, even reports of Notepad hanging - something strange happening in this machine?!

    Just made another request in the steam topic for the DV crash dump.

    Going blind from reading MSInfo32, taking a break to look for lunch/stretch my legs.

  6. #6

    Re: testing for neocore

    Quote Originally Posted by Patrick View Post
    Quote Originally Posted by satrow View Post
    Patrick, there's recently been a BSOD after setting up DV - gerawolf, can you copy any minidumps to the Desktop, zip and attach them, please?
    Oooh, a DV dump! Even better :O)
    mini dump folders empty..will try again to run dv...will try to send between crashes
    Attached Files Attached Files

  7. #7

    Re: testing for neocore

    mini dump after verifier
    Attached Files Attached Files

  8. #8
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    773
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    The DV dump indicates ndisrd.sys as the likely cause, this appears to be a trojan which lowers your security; as a trojan, it might have invited 'friends' along.

    Add that to the other 2 potential malware pointers I commented on earlier and you really do need to investigate this further, get it inspected and cleaned up before any further troubleshooting. Please study the following post very carefully and do as instructed: Malware Removal Posting Instructions

  9. #9

  10. #10

    Re: testing for neocore

    still running back up..yay

  11. #11
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    773
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    My original link in my previous Post still works for me, both when logged in and from a different browser as a non-registered user - unless this is further evidence that your machine's possible infection is actively blocking you from sites/pages.

    I'll get a Security Team member/Admin to check it out.

    Can you go here: Security Arena - Sysnative Forums and ready the Sticky entitled "Malware Removal Posting Instructions" ?

  12. #12

    Re: testing for neocore

    still running back up..have dds and security check downloaded to secure :f drive...when done with back up will move it to desktop and run it as dirrected..i had to do some shuffling.. some segregation and separation too..created a drive just for downloads 15 gigs of space with all my little scanners of joy aimed at it

  13. #13

    Re: testing for neocore

    i deleted all date in the 1mb partition.. but have not been able to get rid of it..acts like healthy partition drive of a os system drive..any ideas how to get rid of it..the partition manager in win 7 cant get rid of it

  14. #14

    Re: testing for neocore

    back up taking forever,,but still plugging away..gonna go grab some food...if you want buritos get your butts over here

  15. #15

    Re: testing for neocore

    chicken and monteray jack buritos smothered in hot salsa..yumm

  16. #16
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,974

    Re: testing for neocore

    Hi, gerawolf.

    It is better if you don't make any changes that aren't requested until your issues have been resolved. (Yum! Your buritos sound great.)


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  17. #17

    Re: testing for neocore

    back up finished..computer restarted...dds ran... security check ran...posted them here according to directions
    http://www.sysnative.com/forums/secu...ng-issues.html

  18. #18
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    773
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    Ok, gerawolf, I'll leave you in the capable hands of the Security Team and we'll continue here once you've been checked out and cleaned up, if needed. Any burrito crumbs left, do they travel well in the mail?

  19. #19
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,974

    Re: testing for neocore

    Hi, satrow. I'm returning gerawolf to you. I've asked him to wait for your instructions before making any additional changes or running other tests since you may want him to spend some time on the computer to see if the problem(s) continue.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  20. #20
    satrow's Avatar
    Join Date
    Apr 2012
    Location
    Cymru
    Posts
    773
    • specs System Specs
      • Motherboard:
        ASRock Z77E-ITX
      • CPU:
        E3-1230 V2 3.3GHz
      • Memory:
        16GB G.Skill DDR3 2400
      • Graphics:
        Asus GTX1060
      • Sound Card:
        Onboard
      • Hard Drives:
        3x250GB SSDs, 2x 2.5 1TB HDD JBOD
      • Power Supply:
        Seasonic 360W Gold
      • Case:
        BitFenix Prodigy Black
      • Cooling:
        Be Quiet Shadow Rock Topflow + 2x case fans
      • Display:
        Dell U2412M 1900x1200 x2 (sometimes x3)
      • Operating System:
        W7 x64 Pro

    Re: testing for neocore

    Thanks very much, Corrine.

    Gerawolf, I would like you to use the PC as normal for a couple of days (it might take a while anyway for you to check everything is functional after the changes you've made today). The main reason is that I want you to populate the Windows logs again (the tools used to clean up any PUPS/residual infections would have cleared the majority of them), so we can assess the current Windows state after some normal usage (Notepad.exe hangs are not normal ...).

    Make notes of any errors/bugs you might come across and relay them later.

    In ~48 hours, follow the BSOD Sticky (http://www.sysnative.com/forums/bsod...ows-vista.html) again - pay particular attention to downloading Autoruns to the same folder as the jcgriff2 collection app and running that app as Administrator - I want to see a verified autouruns.arn file included in the attachment.


    Patrick, did you get any time to study the DV dump and glean anything useful from it?

Page 1 of 3 123 Last

Log in

Log in