gdi32.dll program hang (the ghost in the machine)
in [64 Bits Windows]
|
From: miso on 29 Dec 2006 02:14 I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ). Every once in a while, my PC gets in this mode where three programs (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6 gives me the clue that the problem is due to gdi32.dll. Two questions: 1) <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.html> claims there is a potential to create a DOS attack using gdi32.dll. Now I'm not running a server, and I am behind a firewall router, but any chance there is a virus in gdi32. 2) I've been waiting for sp2 to be released. What are the risks of installing the beta.
From: miso on 29 Dec 2006 13:32 miso(a)sushi.com wrote: > I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ). > Every once in a while, my PC gets in this mode where three programs > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6 > gives me the clue that the problem is due to gdi32.dll. > > Two questions: > 1) > <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.html> > claims there is a potential to create a DOS attack using gdi32.dll. Now > I'm not running a server, and I am behind a firewall router, but any > chance there is a virus in gdi32. > 2) I've been waiting for sp2 to be released. What are the risks of > installing the beta. Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]" Deleting the file made the problem go away, but I suspect this wasn't exactly the problem For one thing, the file was too large to put in the vault, so I assume it was the full size of my memory, which is around 3+Gbytes. I doubt I downloaded something that big.
From: Tony Sperling on 29 Dec 2006 22:18 It is probably hard to pinpoint an error so precisely. Something points somewhere specific could mean that is the avenue that brought on the offensive code, not necessarily where it originates. A memory dump would be a file the size of the memory, not a part thereof, and size should not have any relation to anything you downloaded. I suggest you make Avast run a full scan of your complete system over the course of a couple of days ( not continuously! ) - and after re-booting too. If it is something nasty, it may well regenerate itself, after being deleted. Tony. . . <miso(a)sushi.com> wrote in message news:1167417122.884423.239110(a)73g2000cwn.googlegroups.com... > > miso(a)sushi.com wrote: > > I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ). > > Every once in a while, my PC gets in this mode where three programs > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6 > > gives me the clue that the problem is due to gdi32.dll. > > > > Two questions: > > 1) > > <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.ht ml> > > claims there is a potential to create a DOS attack using gdi32.dll. Now > > I'm not running a server, and I am behind a firewall router, but any > > chance there is a virus in gdi32. > > 2) I've been waiting for sp2 to be released. What are the risks of > > installing the beta. > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]" > Deleting the file made the problem go away, but I suspect this wasn't > exactly the problem For one thing, the file was too large to put in the > vault, so I assume it was the full size of my memory, which is around > 3+Gbytes. I doubt I downloaded something that big. >
From: miso on 29 Dec 2006 23:29 Tony Sperling wrote: > It is probably hard to pinpoint an error so precisely. Something points > somewhere specific could mean that is the avenue that brought on the > offensive code, not necessarily where it originates. > > A memory dump would be a file the size of the memory, not a part thereof, > and size should not have any relation to anything you downloaded. I suggest > you make Avast run a full scan of your complete system over the course of a > couple of days ( not continuously! ) - and after re-booting too. If it is > something nasty, it may well regenerate itself, after being deleted. > > Tony. . . The size of the dump file made me draw the same conclusion, but maybe the virus can attach to the last dump file. Good idea on running the virus scan to see if it pops up again. Here are some older threads of mine with the same problem: [July 31, 2006) <http://groups.google.com/group/microsoft.public.windows.64bit.general/browse_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62ec09231767> [Sept 11, 2006] <http://groups.google.com/group/microsoft.public.windows.64bit.general/browse_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476851b0e1fdd> [Sept 10, 2006] <http://groups.google.com/group/microsoft.public.windows.64bit.general/browse_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.public.windows.64bit.general+author%3Amiso%40sushi.com&rnum=38&hl=en#223c95defd080d1d> X64 is really stable, but this bug just drives me crazy since it is so flaky. > > <miso(a)sushi.com> wrote in message > news:1167417122.884423.239110(a)73g2000cwn.googlegroups.com... > > > > miso(a)sushi.com wrote: > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ). > > > Every once in a while, my PC gets in this mode where three programs > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6 > > > gives me the clue that the problem is due to gdi32.dll. > > > > > > Two questions: > > > 1) > > > > <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.ht > ml> > > > claims there is a potential to create a DOS attack using gdi32.dll. Now > > > I'm not running a server, and I am behind a firewall router, but any > > > chance there is a virus in gdi32. > > > 2) I've been waiting for sp2 to be released. What are the risks of > > > installing the beta. > > > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]" > > Deleting the file made the problem go away, but I suspect this wasn't > > exactly the problem For one thing, the file was too large to put in the > > vault, so I assume it was the full size of my memory, which is around > > 3+Gbytes. I doubt I downloaded something that big. > >
From: Tony Sperling on 30 Dec 2006 08:17 I'm not sure what benefit a Virus could possibly have from doing that. More likely - if there is a Virus, it trips a process which triggers a memory dump and the Virus gets dumped along with everything else, but this is not where it performs it's feat, I believe it will effectively be disabled there. The danger is to find it there (where it is harmless!) and thinking you got rid of it. In the mean-time it sits and waits quietly somewhere else. Nobody really knows what a Virus is doing - or why, sometimes they wait for one specific event (a date, or a certain chain of characters in the keyboard buffer?) this sets it off and it lands in a dump file, the original going back to sleep, the only thing a Virus Scanner can do is scan for API and System Calls that would be typical for a Virus to want to utilize! Whatever the scanner finds, a lot of it has to be false alarms - we just don't know which ones they are. Personally, I've noticed that Avast finds an inordinate amount of one specific type of Virus (Trojan's!). If I was using something else, it would probably just be a different type of Virus, and most of anything they find will be false alarms. Windows Defender is not Virus-Centric, but it does some very impressive scanning, and sometimes finds suspicious things that other's don't find. Most likely then it is a false alarm, but you have an option to go looking. I suggest you could install that and run it in tandem with Avast. Anyway, I think the behaviour you are seeing is looking more like a spyware/malware problem, than an actual Virus??? I was being terrorised by one nasty thing called "NewDotNet", Recovering to a Restore Point helped for a while, but it came back and I ended up doing a fresh install. Defender was the only thing that found it - nothing could remove it. Not sure what your options are, but try and find out what it really is or you'll be stabbing at shadows. (One option is to mail the dump file to Avast - they are a helpfull lot, but I'm not sure that they can do anything helpfull with it?) Tony. . . <miso(a)sushi.com> wrote in message news:1167452998.167900.312250(a)v33g2000cwv.googlegroups.com... > > Tony Sperling wrote: > > It is probably hard to pinpoint an error so precisely. Something points > > somewhere specific could mean that is the avenue that brought on the > > offensive code, not necessarily where it originates. > > > > A memory dump would be a file the size of the memory, not a part thereof, > > and size should not have any relation to anything you downloaded. I suggest > > you make Avast run a full scan of your complete system over the course of a > > couple of days ( not continuously! ) - and after re-booting too. If it is > > something nasty, it may well regenerate itself, after being deleted. > > > > Tony. . . > > The size of the dump file made me draw the same conclusion, but maybe > the virus can attach to the last dump file. Good idea on running the > virus scan to see if it pops up again. > > Here are some older threads of mine with the same problem: > [July 31, 2006) > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows e_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62 ec09231767> > [Sept 11, 2006] > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows e_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476 851b0e1fdd> > [Sept 10, 2006] > <http://groups.google.com/group/microsoft.public.windows.64bit.general/brows e_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.pu blic.windows.64bit.general+author%3Amiso%40sushi.com&rnum=38&hl=en#223c95def d080d1d> > > X64 is really stable, but this bug just drives me crazy since it is so > flaky. > > > > > > <miso(a)sushi.com> wrote in message > > news:1167417122.884423.239110(a)73g2000cwn.googlegroups.com... > > > > > > miso(a)sushi.com wrote: > > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ). > > > > Every once in a while, my PC gets in this mode where three programs > > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6 > > > > gives me the clue that the problem is due to gdi32.dll. > > > > > > > > Two questions: > > > > 1) > > > > > > <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.ht > > ml> > > > > claims there is a potential to create a DOS attack using gdi32.dll. Now > > > > I'm not running a server, and I am behind a firewall router, but any > > > > chance there is a virus in gdi32. > > > > 2) I've been waiting for sp2 to be released. What are the risks of > > > > installing the beta. > > > > > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]" > > > Deleting the file made the problem go away, but I suspect this wasn't > > > exactly the problem For one thing, the file was too large to put in the > > > vault, so I assume it was the full size of my memory, which is around > > > 3+Gbytes. I doubt I downloaded something that big. > > > >
|
Next
|
Last
Pages: 1 2 Prev: Constant system crashes Next: Windows Vista Activation Error 0x8007232b |