gdi32.dll program hang (the ghost in the machine)
in [64 Bits Windows]
|
From: Dshai on 30 Dec 2006 08:40 Tony, for future reference on NewDotNet, AdAware will find and disable it as well as identifying the registry keys that "control" it, this allows you to delete said keys and effectively rid yourself of the pest without a format/reload. Dshai "Tony Sperling" <tony.sperling(a)dbREMOVEmail.dk> wrote in message news:u4TbpTBLHHA.1424(a)TK2MSFTNGP04.phx.gbl... > I'm not sure what benefit a Virus could possibly have from doing that. > More > likely - if there is a Virus, it trips a process which triggers a memory > dump and the Virus gets dumped along with everything else, but this is not > where it performs it's feat, I believe it will effectively be disabled > there. The danger is to find it there (where it is harmless!) and thinking > you got rid of it. In the mean-time it sits and waits quietly somewhere > else. Nobody really knows what a Virus is doing - or why, sometimes they > wait for one specific event (a date, or a certain chain of characters in > the > keyboard buffer?) this sets it off and it lands in a dump file, the > original > going back to sleep, the only thing a Virus Scanner can do is scan for API > and System Calls that would be typical for a Virus to want to utilize! > Whatever the scanner finds, a lot of it has to be false alarms - we just > don't know which ones they are. Personally, I've noticed that Avast finds > an > inordinate amount of one specific type of Virus (Trojan's!). If I was > using > something else, it would probably just be a different type of Virus, and > most of anything they find will be false alarms. > > Windows Defender is not Virus-Centric, but it does some very impressive > scanning, and sometimes finds suspicious things that other's don't find. > Most likely then it is a false alarm, but you have an option to go > looking. > I suggest you could install that and run it in tandem with Avast. > > Anyway, I think the behaviour you are seeing is looking more like a > spyware/malware problem, than an actual Virus??? > > I was being terrorised by one nasty thing called "NewDotNet", Recovering > to > a Restore Point helped for a while, but it came back and I ended up doing > a > fresh install. Defender was the only thing that found it - nothing could > remove it. Not sure what your options are, but try and find out what it > really is or you'll be stabbing at shadows. > > (One option is to mail the dump file to Avast - they are a helpfull lot, > but > I'm not sure that they can do anything helpfull with it?) > > > Tony. . . > > > > <miso(a)sushi.com> wrote in message > news:1167452998.167900.312250(a)v33g2000cwv.googlegroups.com... >> >> Tony Sperling wrote: >> > It is probably hard to pinpoint an error so precisely. Something points >> > somewhere specific could mean that is the avenue that brought on the >> > offensive code, not necessarily where it originates. >> > >> > A memory dump would be a file the size of the memory, not a part > thereof, >> > and size should not have any relation to anything you downloaded. I > suggest >> > you make Avast run a full scan of your complete system over the course > of a >> > couple of days ( not continuously! ) - and after re-booting too. If it > is >> > something nasty, it may well regenerate itself, after being deleted. >> > >> > Tony. . . >> >> The size of the dump file made me draw the same conclusion, but maybe >> the virus can attach to the last dump file. Good idea on running the >> virus scan to see if it pops up again. >> >> Here are some older threads of mine with the same problem: >> [July 31, 2006) >> > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows > e_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62 > ec09231767> >> [Sept 11, 2006] >> > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows > e_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476 > 851b0e1fdd> >> [Sept 10, 2006] >> > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows > e_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.pu > blic.windows.64bit.general+author%3Amiso%40sushi.com&rnum=38&hl=en#223c95def > d080d1d> >> >> X64 is really stable, but this bug just drives me crazy since it is so >> flaky. >> >> >> > >> > <miso(a)sushi.com> wrote in message >> > news:1167417122.884423.239110(a)73g2000cwn.googlegroups.com... >> > > >> > > miso(a)sushi.com wrote: >> > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64 >> > > > 4400 ). >> > > > Every once in a while, my PC gets in this mode where three programs >> > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop >> > > > 6 >> > > > gives me the clue that the problem is due to gdi32.dll. >> > > > >> > > > Two questions: >> > > > 1) >> > > > >> > > <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.ht >> > ml> >> > > > claims there is a potential to create a DOS attack using gdi32.dll. > Now >> > > > I'm not running a server, and I am behind a firewall router, but >> > > > any >> > > > chance there is a virus in gdi32. >> > > > 2) I've been waiting for sp2 to be released. What are the risks of >> > > > installing the beta. >> > > >> > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]" >> > > Deleting the file made the problem go away, but I suspect this wasn't >> > > exactly the problem For one thing, the file was too large to put in > the >> > > vault, so I assume it was the full size of my memory, which is around >> > > 3+Gbytes. I doubt I downloaded something that big. >> > > >> > >
From: Tony Sperling on 30 Dec 2006 15:45 Well, thank YOU! This is the only kind of malware that ever brought my machine (any of them) to it's knees. It was silent for a long time, maybe a year, then started playing tricks with the i-net connection. As a last attempt I tried deleting it manually and that completely broke my connection and nothing could bring it back up. O.K. - AdAware it is then! Since Defender recognised it, I assume it will stop it and protect you, but once it is inside? This is certainly good news on the threshold of a new year! Tony. . . "Dshai" <dshai(a)indy.rr.com> wrote in message news:%23dzucgBLHHA.4712(a)TK2MSFTNGP04.phx.gbl... > Tony, for future reference on NewDotNet, AdAware will find and disable it as > well as identifying the registry keys that "control" it, this allows you to > delete said keys and effectively rid yourself of the pest without a > format/reload. > > Dshai > > "Tony Sperling" <tony.sperling(a)dbREMOVEmail.dk> wrote in message > news:u4TbpTBLHHA.1424(a)TK2MSFTNGP04.phx.gbl... > > I'm not sure what benefit a Virus could possibly have from doing that. > > More > > likely - if there is a Virus, it trips a process which triggers a memory > > dump and the Virus gets dumped along with everything else, but this is not > > where it performs it's feat, I believe it will effectively be disabled > > there. The danger is to find it there (where it is harmless!) and thinking > > you got rid of it. In the mean-time it sits and waits quietly somewhere > > else. Nobody really knows what a Virus is doing - or why, sometimes they > > wait for one specific event (a date, or a certain chain of characters in > > the > > keyboard buffer?) this sets it off and it lands in a dump file, the > > original > > going back to sleep, the only thing a Virus Scanner can do is scan for API > > and System Calls that would be typical for a Virus to want to utilize! > > Whatever the scanner finds, a lot of it has to be false alarms - we just > > don't know which ones they are. Personally, I've noticed that Avast finds > > an > > inordinate amount of one specific type of Virus (Trojan's!). If I was > > using > > something else, it would probably just be a different type of Virus, and > > most of anything they find will be false alarms. > > > > Windows Defender is not Virus-Centric, but it does some very impressive > > scanning, and sometimes finds suspicious things that other's don't find. > > Most likely then it is a false alarm, but you have an option to go > > looking. > > I suggest you could install that and run it in tandem with Avast. > > > > Anyway, I think the behaviour you are seeing is looking more like a > > spyware/malware problem, than an actual Virus??? > > > > I was being terrorised by one nasty thing called "NewDotNet", Recovering > > to > > a Restore Point helped for a while, but it came back and I ended up doing > > a > > fresh install. Defender was the only thing that found it - nothing could > > remove it. Not sure what your options are, but try and find out what it > > really is or you'll be stabbing at shadows. > > > > (One option is to mail the dump file to Avast - they are a helpfull lot, > > but > > I'm not sure that they can do anything helpfull with it?) > > > > > > Tony. . . > > > > > > > > <miso(a)sushi.com> wrote in message > > news:1167452998.167900.312250(a)v33g2000cwv.googlegroups.com... > >> > >> Tony Sperling wrote: > >> > It is probably hard to pinpoint an error so precisely. Something points > >> > somewhere specific could mean that is the avenue that brought on the > >> > offensive code, not necessarily where it originates. > >> > > >> > A memory dump would be a file the size of the memory, not a part > > thereof, > >> > and size should not have any relation to anything you downloaded. I > > suggest > >> > you make Avast run a full scan of your complete system over the course > > of a > >> > couple of days ( not continuously! ) - and after re-booting too. If it > > is > >> > something nasty, it may well regenerate itself, after being deleted. > >> > > >> > Tony. . . > >> > >> The size of the dump file made me draw the same conclusion, but maybe > >> the virus can attach to the last dump file. Good idea on running the > >> virus scan to see if it pops up again. > >> > >> Here are some older threads of mine with the same problem: > >> [July 31, 2006) > >> > > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows > > e_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62 > > ec09231767> > >> [Sept 11, 2006] > >> > > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows > > e_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476 > > 851b0e1fdd> > >> [Sept 10, 2006] > >> > > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows > > e_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.pu > > blic.windows.64bit.general+author%3Amiso%40sushi.com&rnum=38&hl=en#223c95def > > d080d1d> > >> > >> X64 is really stable, but this bug just drives me crazy since it is so > >> flaky. > >> > >> > >> > > >> > <miso(a)sushi.com> wrote in message > >> > news:1167417122.884423.239110(a)73g2000cwn.googlegroups.com... > >> > > > >> > > miso(a)sushi.com wrote: > >> > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64 > >> > > > 4400 ). > >> > > > Every once in a while, my PC gets in this mode where three programs > >> > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop > >> > > > 6 > >> > > > gives me the clue that the problem is due to gdi32.dll. > >> > > > > >> > > > Two questions: > >> > > > 1) > >> > > > > >> > > > <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.ht > >> > ml> > >> > > > claims there is a potential to create a DOS attack using gdi32.dll. > > Now > >> > > > I'm not running a server, and I am behind a firewall router, but > >> > > > any > >> > > > chance there is a virus in gdi32. > >> > > > 2) I've been waiting for sp2 to be released. What are the risks of > >> > > > installing the beta. > >> > > > >> > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]" > >> > > Deleting the file made the problem go away, but I suspect this wasn't > >> > > exactly the problem For one thing, the file was too large to put in > > the > >> > > vault, so I assume it was the full size of my memory, which is around > >> > > 3+Gbytes. I doubt I downloaded something that big. > >> > > > >> > > > > > >
First
|
Prev
|
Pages: 1 2 Prev: Constant system crashes Next: Windows Vista Activation Error 0x8007232b |