testing for neocore
- Thread starter gerawolf
- Start date
Thanks, gerawolf.
OP here - long read: reinstalled...did the "pinned" faq :: The Incredible Adventures of Van Helsing General Discussions
I'll check the logs now, if anyone else wants to chime in, please feel free - it's been a long, hard week for me ... and it's only Thursday!
EDIT: Patrick, there's recently been a BSOD after setting up DV - gerawolf, can you copy any minidumps to the Desktop, zip and attach them, please?
OP here - long read: reinstalled...did the "pinned" faq :: The Incredible Adventures of Van Helsing General Discussions
I'll check the logs now, if anyone else wants to chime in, please feel free - it's been a long, hard week for me ... and it's only Thursday!
EDIT: Patrick, there's recently been a BSOD after setting up DV - gerawolf, can you copy any minidumps to the Desktop, zip and attach them, please?
Oooh, a DV dump! Even better :O)
So far I'm seeing a .dll running out of a AppData\Local\Temp sub-folder and a 1MB partition on a data drive, both possible indicators of malware, either active, the .dll, or old, possible root/boot -kit in the partition, if it was previously used as a System/Boot drive.
2x USB devices that cannot find enough free resources to use.
Heck, even reports of Notepad hanging - something strange happening in this machine?!
Just made another request in the steam topic for the DV crash dump.
Going blind from reading MSInfo32, taking a break to look for lunch/stretch my legs.
2x USB devices that cannot find enough free resources to use.
Heck, even reports of Notepad hanging - something strange happening in this machine?!
Just made another request in the steam topic for the DV crash dump.
Going blind from reading MSInfo32, taking a break to look for lunch/stretch my legs.
mini dump folders empty..will try again to run dv...will try to send between crashes
The DV dump indicates ndisrd.sys as the likely cause, this appears to be a trojan which lowers your security; as a trojan, it might have invited 'friends' along.
Add that to the other 2 potential malware pointers I commented on earlier and you really do need to investigate this further, get it inspected and cleaned up before any further troubleshooting. Please study the following post very carefully and do as instructed: https://www.sysnative.com/forums/security-arena/2507-malware-removal-posting-instructions.html
Add that to the other 2 potential malware pointers I commented on earlier and you really do need to investigate this further, get it inspected and cleaned up before any further troubleshooting. Please study the following post very carefully and do as instructed: https://www.sysnative.com/forums/security-arena/2507-malware-removal-posting-instructions.html
My original link in my previous Post still works for me, both when logged in and from a different browser as a non-registered user - unless this is further evidence that your machine's possible infection is actively blocking you from sites/pages.
I'll get a Security Team member/Admin to check it out.
Can you go here: Security Arena - Sysnative Forums and ready the Sticky entitled "Malware Removal Posting Instructions" ?
I'll get a Security Team member/Admin to check it out.
Can you go here: Security Arena - Sysnative Forums and ready the Sticky entitled "Malware Removal Posting Instructions" ?
still running back up..have dds and security check downloaded to secure :f drive...when done with back up will move it to desktop and run it as dirrected..i had to do some shuffling.. some segregation and separation too..created a drive just for downloads 15 gigs of space with all my little scanners of joy aimed at it
Hi, gerawolf.
It is better if you don't make any changes that aren't requested until your issues have been resolved. (Yum! Your buritos sound great.)
It is better if you don't make any changes that aren't requested until your issues have been resolved. (Yum! Your buritos sound great.)
back up finished..computer restarted...dds ran... security check ran...posted them here according to directions
https://www.sysnative.com/forums/security-arena/9085-gerawolfs-malware-and-van-helsing-issues.html
https://www.sysnative.com/forums/security-arena/9085-gerawolfs-malware-and-van-helsing-issues.html
Hi, satrow. I'm returning gerawolf to you. I've asked him to wait for your instructions before making any additional changes or running other tests since you may want him to spend some time on the computer to see if the problem(s) continue.
Thanks very much, Corrine. :rose:
Gerawolf, I would like you to use the PC as normal for a couple of days (it might take a while anyway for you to check everything is functional after the changes you've made today). The main reason is that I want you to populate the Windows logs again (the tools used to clean up any PUPS/residual infections would have cleared the majority of them), so we can assess the current Windows state after some normal usage (Notepad.exe hangs are not normal ...).
Make notes of any errors/bugs you might come across and relay them later.
In ~48 hours, follow the BSOD Sticky (https://www.sysnative.com/forums/bs...ctions-windows-8-1-8-7-and-windows-vista.html) again - pay particular attention to downloading Autoruns to the same folder as the jcgriff2 collection app and running that app as Administrator - I want to see a verified autouruns.arn file included in the attachment.
Patrick, did you get any time to study the DV dump and glean anything useful from it?
Gerawolf, I would like you to use the PC as normal for a couple of days (it might take a while anyway for you to check everything is functional after the changes you've made today). The main reason is that I want you to populate the Windows logs again (the tools used to clean up any PUPS/residual infections would have cleared the majority of them), so we can assess the current Windows state after some normal usage (Notepad.exe hangs are not normal ...).
Make notes of any errors/bugs you might come across and relay them later.
In ~48 hours, follow the BSOD Sticky (https://www.sysnative.com/forums/bs...ctions-windows-8-1-8-7-and-windows-vista.html) again - pay particular attention to downloading Autoruns to the same folder as the jcgriff2 collection app and running that app as Administrator - I want to see a verified autouruns.arn file included in the attachment.
Patrick, did you get any time to study the DV dump and glean anything useful from it?