Hey All!

[nommy the first]

Hey all!

My name is Nommy and I'm currently contributing at SevenForums and EightForums as GFX Designer and beginning BSoD Crash Dump analyst (link), and I'm going for my degree in Malware Removal at GeeksToGo (link). Having quite a bit of spare time I'm looking for another Forum to contribute to, and seeing that this one was being mentioned a few times, I checked it out

Now it's time to familiarize myself with the Forum rules, posting methods and tutorials and start posting
If anyone has any handy or useful tips, by all means share them.


Nice to meet you all,
Nommy

 

[Patrick]

Welcome to Sysnative!

 

[Corrine]

Hi, Nommy. Welcome to Sysnative! As you'll see, our rules are simple: Sysnative Forum Rules.

Good luck with your studies at GeekU. You have a ways to go there and it will take some time so don't get discouraged.

On a related note, we've been celebrating DonnaB's recent "graduation" from GeekU.

 

[Laxer]

Welcome to the forum and best of luck with your degree! :wave:

If you have any questions feel free to ask any of our admin team :thumbsup2:

 

[nommy the first]

Thanks for the welcome all

I hadn't noticed that DonnaB graduated yet :eek4: But I did see her post in the CheckMyFix and More Help Requested subforum quite a lot, and she offered great assistance there, so I can't say anything but that she earned it!
I know that I've just started (if anyone knows how the GeekU structure works, I'm currently beginning with Practice Log 4 of the underclass), but I'm really digging it so far and I love the challenge it is to completely rid someone's machine of malware.

Also the Forum rules are simple indeed, but a lot of stuff isn't in there, for instance; how does this Forum stand on piracy?
When I assist someone at other Forums and ask for an MGA, and it turns out counterfeit, I am to stop giving assistance until the OP has formatted his hard drive and installed a genuine copy of Windows, and sometimes the OP will also get banned, how is this here?

As for another question, I'm currently trying to learn myself how to read the stacks from minidumps, but I can't seem to find a proper source of info on the basics (enough advanced info though), so if anyone knows where I can find the basics (already found the BSoD Method and Tips thread), I'd be very grateful


Nommy

 

[Patrick]

Also the Forum rules are simple indeed, but a lot of stuff isn't in there, for instance; how does this Forum stand on piracy?
When I assist someone at other Forums and ask for an MGA, and it turns out counterfeit, I am to stop giving assistance until the OP has formatted his hard drive and installed a genuine copy of Windows, and sometimes the OP will also get banned, how is this here?

In regards to piracy, once we notice someone is running a counterfeit copy of Windows, whether that be via logs or noticing a Windows kernel that is only in loaders, then we let the user know we can no longer assist them and the thread is closed.

As for another question, I'm currently trying to learn myself how to read the stacks from minidumps, but I can't seem to find a proper source of info on the basics (enough advanced info though), so if anyone knows where I can find the basics (already found the BSoD Method and Tips thread), I'd be very grateful

Reading call stacks from minidumps believe it or not is generally not the basics as you need to know the various different types of routines in Windows, etc. Of course there is what I guess you could call general stack reading, like running a kv and checking to see if there are any driver calls, etc, regardless of the routine it was working with.... but any further than that, you're going to need to do some reading on Windows Internals.

Here's a pretty basic call stack containing a culprit driver - https://www.sysnative.com/forums/bs...al-information-stop-0x0000009f.html#post55305

Here's where we get a little more in-depth into the routines being called, why, what they were doing, etc - BSOD a day - Microsoft Community

(scroll down a bit to my post)

And if you did not know already, you read stacks from bottom to top. It helps to know routines as you can analyze further and come to conclusion based on the various routines being called.

 

[nommy the first]

In regards to piracy, once we notice someone is running a counterfeit copy of Windows, whether that be via logs or noticing a Windows kernel that is only in loaders, then we let the user know we can no longer assist them and the thread is closed.

Ah ok, thanks for the info!
The reason I'm asking is because the admin at another Forum kind of sees me as a "pirate hunter" for frequently pointing out pirated software / OSes and refusing to offer assistance until removal, while IMHO that's only the proper thing to do

Reading call stacks from minidumps believe it or not is generally not the basics as you need to know the various different types of routines in Windows, etc. Of course there is what I guess you could call general stack reading, like running a kv and checking to see if there are any driver calls, etc, regardless of the routine it was working with.... but any further than that, you're going to need to do some reading on Windows Internals.

Here's a pretty basic call stack containing a culprit driver - https://www.sysnative.com/forums/bs...al-information-stop-0x0000009f.html#post55305

Here's where we get a little more in-depth into the routines being called, why, what they were doing, etc - BSOD a day - Microsoft Community

(scroll down a bit to my post)

And if you did not know already, you read stacks from bottom to top. It helps to know routines as you can analyze further and come to conclusion based on the various routines being called.

Thanks for all the info!
I generally use the !thread, lmtsm and lm commands to spot failing drivers, and I didn't even know about the kv command:doh:
Reading a lot doesn't bother me at all, Forums like this have helped me so much in the past that I think that it's an honor for me to be able to learn about this and help other people with their problems. I guess this is the point where I start reading lots of MSDN, TechNET, and Sysnative entries, tuts and manuals

I did know that you read stacks from bottom to top yes, but besides the occasional obvious one, that's about all I could get out of them.


Again, thanks for the info, it's much appreciated,
Nommy

 

[Patrick]

!thread is good, yes. It's very helpful for when running exr's and seeing access violations and wanting to take a look at the call stack to see what possibly caused it if not listed in the .exr, among many other things.

Here are some books you should definitely check out if you want to go further into analysis:

Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
Windows Internals, Part 2: Covering Windows Server® 2008 R2 and Windows 7
Advanced Windows Debugging

 

[jcgriff2]

Welcome to Sysnative Forums!

 

[Will]

Hi Nommy, welcome to Sysnative! :welcome:

One thing to remember about pirated threads is that OPs aren't always aware they're using pirated software. This is frequently the case after a paid technician or friend has previously repaired a computer. We don't support pirated software, but we also want to retain a friendly atmosphere and make sure how the OP knows how to get hold of a legitimate copy of Windows/Linux etc.

 

[nommy the first]

Again, many thanks for the warm welcome all!

!thread is good, yes. It's very helpful for when running exr's and seeing access violations and wanting to take a look at the call stack to see what possibly caused it if not listed in the .exr, among many other things.

Here are some books you should definitely check out if you want to go further into analysis:

Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7
Windows Internals, Part 2: Covering Windows Server® 2008 R2 and Windows 7
Advanced Windows Debugging

Many thanks for those links, they'll be very useful

Hi Nommy, welcome to Sysnative! :welcome:

One thing to remember about pirated threads is that OPs aren't always aware they're using pirated software. This is frequently the case after a paid technician or friend has previously repaired a computer. We don't support pirated software, but we also want to retain a friendly atmosphere and make sure how the OP knows how to get hold of a legitimate copy of Windows/Linux etc.

Ooh I know that. I'll never tell any OP that they installed a counterfeit OS or a counterfeit product, I'll inform them, in a friendly manner, that their OS / some software is counterfeit.
Two things I hold very high when posting is being friendly and trying to make my posts as easy and good as possible to follow.


Nommy

 

[DreadStarX]

Hah! Since you posted in mine, I thought I would in yours!

Welcome to Sysnative, Nommy! :)

 

[DonnaB]

Hi Nommy!

Good to see you here!

You sure came to the right place to further your education.

You had asked about pirated software. I have to agree with Patrick and he said:

In regards to piracy, once we notice someone is running a counterfeit copy of Windows, whether that be via logs or noticing a Windows kernel that is only in loaders, then we let the user know we can no longer assist them and the thread is closed.

I had brought this up in GeekU once whilst trying to create a canned for pirated software since I didn't see many around that I could swoop in on and snatch to use if I ever needed. Seems many may see pirated software abusers differently, though I do understand their point. Many Windows users in 3rd world countries can't afford to purchase a legal copy of windows since their monthly income is far less than some who live in more prosperous countries. I try to encourage the user(s) who have pirated software installed to check into other alternatives such as what you'll find >>here<<. If you'd like, here's the canned I had created for that purpose:

I do regret having to point out that I will not be able to assist you. Your log shows signs of a pirated Operating System. Pirated Operating Systems are not only illegal but can also be a security risk to you which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft.

If you are unable to afford or do not have access to a legit copy of Windows software there are other alternatives that you may want to look into such as the following Linux based OS's that are free for installation. You can read more about these OS's from the link below:

Top 5 Best Linux OS Distributions

I have also included a couple sites for freeware alternatives to software that may be of interest to you:

osalt.com
alternativeTo

 

[DonnaB]

Hi Nommy! :wave:

Good to see you here!

You sure came to the right place to further your education.

You had asked about pirated software. I have to agree with Patrick and he said:

In regards to piracy, once we notice someone is running a counterfeit copy of Windows, whether that be via logs or noticing a Windows kernel that is only in loaders, then we let the user know we can no longer assist them and the thread is closed.

I had brought this up in GeekU once whilst trying to create a canned for pirated software since I didn't see many around that I could swoop in on and snatch to use if I ever needed. Seems many may see pirated software abusers differently, though I do understand their point. Many Windows users in 3rd world countries can't afford to purchase a legal copy of windows since their monthly income is far less than some who live in more prosperous countries. I try to encourage the user(s) who have pirated software installed to check into other alternatives such as what you'll find >>here<<. If you'd like, here's the canned I had created for that purpose:

I do regret having to point out that I will not be able to assist you. Your log shows signs of a pirated Operating System. Pirated Operating Systems are not only illegal but can also be a security risk to you which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft.

If you are unable to afford or do not have access to a legit copy of Windows software there are other alternatives that you may want to look into such as the following Linux based OS's that are free for installation. You can read more about these OS's from the link below:

Top 5 Best Linux OS Distributions

I have also included a couple sites for freeware alternatives to software that may be of interest to you:

osalt.com
alternativeTo

Good luck with your studies in GeekU. You have some really good teachers there.

Hope to see you around!

Donna :smile9:

 

[DonnaB]

Ooops! I really messed that up didn't I?

Double post!!! Rule #1. Never try to edit your post after you click submit and before it actually submits! :hysterical:

 

[DreadStarX]

Ooops! I really messed that up didn't I?

Double post!!! Rule #1. Never try to edit your post after you click submit and before it actually submits! :hysterical:

We're all Human, I think, at least. We make mystakes yuhkno wut i meun?

 

[nommy the first]

Thanks for the canned Donna! It'll come in very handy

You didn't mess up, everyone makes mistakes

What I mostly do in case of piracy is judge how the OP stands on it; if he knowingly installed the software/OS and doesn't show any regret, I'll report him and stop offering assistance, but if some sketchy repair guy or a friend unknowingly installed it and the OP is showing regret or at least requesting information about it, I'll give them a chance to fix their problem and inform them about MS links the OP can use to possibly get a complimentary copy of the OS for reporting the salesman.

Here's the canned I created for that purpose;

Hello [b] .... [/b],

It seems that your Windows installation is counterfeit.

• There is an Activation Exploit simulating the SLIC table of a ..... motherboard while you are using a ..... motherboard.
• There seems to be a hackers exploit that removes the WAT update from your machine and so enables activation.
• [code] ..... [/code] The -068- from your Product ID points to an MSDN product key being used, and those are not for resale.
• [code] ..... [/code] Your machine is using the "Stolen Lenovo Product Key".
• [code] ..... [/code] The WAT update is not installed on your machine.

((Either choose one of those or fill in the exploit being used))

To receive further assistance, please format your hard drive and install a genuine copy of Windows.

If you feel that you have been 'conned', then it is advised to go back to the vendor and claim a refund. Please do not accept another product key, as it will likely be a counterfeit one.
I also recommend you to report the vendor to Microsoft by filling in the Counterfeit Report. There is a chance that Microsoft will reward you with a complimentary version of your OS.

For more information, please read these;
Genuine Advantage Validation Issues - Blocked Product Keys
Advice on safe software shopping (revised)
Chasing Pirates: Inside Microsoft's War Room
Youtube video: Bogus Windows 7 warning

Your canned looks very interesting, I never thought of offering Linux as a replacement for a counterfeit Windows OS.. Will look into it :S


Nommy

 

[nommy the first]

Excuse my double post, but I completely forgot this!
Congrats on graduating from GeekU Donna! :thumbsup2::thumbs_up:
From what I've seen you post in the Need a Hand and LiveLogs Help subforums (to which I strangely have access lol) you provide great assistance to anyone in need and you've definitely earned it!

I'm still a long way from even reaching the upperclass let alone graduating, but I've already learned very much and I'm looking forward to begin with my Registry Exercises


Nommy

 

[DreadStarX]

When it comes to Piracy, I know I'm a bad boy But I do have a rule;

If I download it, I must buy it. Every movie, tv-show, or song I have, I own on a physical copy. :)


Also, if a friend has an illegal copy of Windows, I will share my legit keys with them. I was a MSDNAA Member, so I have several copies of Windows 7 / 8 keys, and will gladly hand them out if its a problem.


I'll remember offering Ubuntu though, in some aspects, its better than Windows. :)

 

[nommy the first]

Not judging you mate, but you do know that your MSDN key's are meant to be used by you alone, right? You could get in a lot of trouble for openly stating that you share them, especially on a Forum maintained by MVP's and MCCA's..

As for piracy, I don't do it. All music/films/software and even canneds, fonts, textures and graphics I own are my own - either purchased or created by myself.
I had a torrent client for about one year which was solely used for downloading Linux. But since I only use Windows now, I don't even have that.

And in my line of thought; why pirate a film/song? You can listen everything on youtube and stream all films if you know the correct sites.
IMHO the risks just aren't worth the gain.


Nommy