Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: BSOD at erandom times, probably caused by malware.

14 Jun 2015   #1
lazarba

Windows 7 Home Premium x64
 
 
BSOD at erandom times, probably caused by malware.

Okay so, I am getting / have been getting BSOD crashes at random times. I think I have made a connection between the computer being idle for a long time with the crashes ( ex. when downloading a game and I have to leave the computer unattended for a long time) . I posted on the BSOD thread first and here is the link to that post : BSOD at random times. " A driver has overrun a stack-based buffer"
Arc suggests that the crash is caused by malware, so here I am seeking your help.
I can reinstall, but I would like to avoid it if possible .
(All the info relevant to the problem have been posted on the other post).
Thanks in advance.


My System SpecsSystem Spec
.
14 Jun 2015   #2
cottonball

Windows 7 Home Premium
 
 

lazarba,

Please use the Farbar Recovery Scan Tool Download
Select the version that applies to your system: 64-bit
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens, click Yes to the disclaimer.

Press the Scan button.

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.

The first time the tool is run, it also creates another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec
15 Jun 2015   #3
lazarba

Windows 7 Home Premium x64
 
 

Here you go!


Attached Files
File Type: txt Addition.txt (46.1 KB, 1 views)
File Type: txt FRST.txt (50.4 KB, 3 views)
My System SpecsSystem Spec
.

15 Jun 2015   #4
cottonball

Windows 7 Home Premium
 
 

lazarba,

Have not forgotten you. Did take a look at the reports provided, and at first review, have not seen malware entries. Need to look at it more thoroughly, though.

Since the following driver has been questioned in your previous thread:
C:\Windows\SysWow64\WinFLAdrv.sys

Please run the file though one or more file scanners, and let's see if there are any malware detections:

VirusTotal
https://www.virustotal.com/

Jotti's malware scan

ThreatExpert - Online File Scanner

VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 39 AntiVirus Engines!

Comodo Instant Malware Analysis


Also, please check the following file:
C:\Windows\SysWow64\WinVDEdrv.sys

If you get a message saying: File has already been analyzed, click: Reanalyze file


Please post the link to the results of the scanners chosen.
My System SpecsSystem Spec
16 Jun 2015   #5
lazarba

Windows 7 Home Premium x64
 
 

Quote   Quote: Originally Posted by cottonball View Post
lazarba,

Have not forgotten you. Did take a look at the reports provided, and at first review, have not seen malware entries. Need to look at it more thoroughly, though.

Since the following driver has been questioned in your previous thread:
C:\Windows\SysWow64\WinFLAdrv.sys

Please run the file though one or more file scanners, and let's see if there are any malware detections:

VirusTotal
https://www.virustotal.com/

Jotti's malware scan

ThreatExpert - Online File Scanner

VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 39 AntiVirus Engines!

Comodo Instant Malware Analysis


Also, please check the following file:
C:\Windows\SysWow64\WinVDEdrv.sys

If you get a message saying: File has already been analyzed, click: Reanalyze file


Please post the link to the results of the scanners chosen.

For WinFLAdrv.sys
VirScan WinFLAdrv.sys MD5:98e452348ea54dc188883ee7ef12a842 0% Scanner(s) (0/39) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 39 AntiVirus Engines!
Virus total https://www.virustotal.com/en/file/a...is/1434452779/
Comodo failed, ThreatExpert refused to accept my file , Jottis remained unresponsive.

For WinVDEdry.sys

Virus total https://www.virustotal.com/en/file/d...is/1434453354/
VirScan WinVDEdrv.sys MD5:3cc985a4e7d90f5b6d9ff1fd5cd486d7 0% Scanner(s) (0/39) found malware! - VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 39 AntiVirus Engines!

They are both clean apparently.
My System SpecsSystem Spec
16 Jun 2015   #6
cottonball

Windows 7 Home Premium
 
 

lazarba,

The file scanners you used are both good choices, and, as you mention, no malware found.

Let's go this route...

Please, also use the herdProtect Anti-Malware Scanner:
Download herdProtect - Free Anti-Malware Platform

Select the Portable Version (green button on the right), and save to the Desktop

Double-click the herdProtectScan_Portable file to run the setup.

On the last prompt, make sure Launch herdProtect is checked, and press: Finish

Next, when presented with the Scanner prompt, press the green Scan button. (An Internet connection is needed.)
OK the next prompt.

The scan goes through various stages, and, when done, the scan Results are presented (Files scanned: xxx, Processes scanned: xxxx, etc.

When done, press (at the top): Save Results

Please do not remove any entries, and attach the herdProtect Scan_2015-(date) in your reply.


Also, please give Malwarebytes Anti-Malware a whirl.
You may have used it at some point, just make sure it is updated, or get a fresh copy!

Download > https://www.malwarebytes.org/products/
Select the FREE version!
Save to the Desktop.

On the Desktop. double-click mbam-setup-2.X.X.XXXX.exe to install (X's = current version)
Allow the file to run.
Follow the setup wizard to Install.

Place a checkmark next to Launch Malwarebytes Anti-Malware, then click: Finish
However, please make sure to uncheck the PREMIUM version Trial checkmark, if it appears.

Once MBAM opens, click the Settings tab at the top, and, in the left column, select Detections and Protections
If not already checked, select: Scan for rootkits
Click the Scan tab at the top of the program window, and select: Threat Scan

Next, click: Scan Now
If you receive a message that updates are available, click: Update Now
At this point, the update is downloaded, installed, and the scan starts.
The scan may take some time to finish, so please be patient.

If potential threats are detected, select Quarantine All as the Action for all the listed items.
Next, click: Apply Actions

While still on the Scan tab, click the link for View detailed log
In the window that opens, click the Export button, select Text file (*.txt), and save the log to the Desktop.


Please post the MBAM report in your reply.

Notes:
1. The log is automatically saved by MBAM and is also viewed by clicking:
History tab > Application Logs.
2, If MBAM encounters a file that is difficult to remove...
Click OK and allow MBAM to proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
My System SpecsSystem Spec
16 Jun 2015   #7
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

After you've run MBam, as cottonball requested ... download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
My System SpecsSystem Spec
17 Jun 2015   #8
lazarba

Windows 7 Home Premium x64
 
 

Okay , done all three. Included the mbav scan file and the herdprotect file, and here is the CKScanner results :
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\steam\steamapps\common\skyrim\data\textures\architecture\markarth\crackrock4.dds
c:\steam\steamapps\common\skyrim\data\textures\architecture\markarth\crackrock4b.dds
c:\steam\steamapps\common\skyrim\data\textures\architecture\markarth\crackrock4b_n.dds
c:\steam\steamapps\common\skyrim\data\textures\architecture\markarth\crackrock4var2.dds
c:\steam\steamapps\common\skyrim\data\textures\architecture\markarth\crackrock4var3.dds
c:\steam\steamapps\common\skyrim\data\textures\architecture\markarth\crackrock4_n.dds
c:\steam\steamapps\common\skyrim\data\textures\architecture\windhelm\wholdcrackedbrick.dds
c:\steam\steamapps\common\skyrim\data\textures\architecture\windhelm\wholdcrackedbrick2.dds
c:\users\lazaros\desktop\programs\comicrack.lnk
c:\users\lazaros\documents\my games\skyrim\saves\save 1791 - mar'dew cracked tusk keep 27.11.12.ess
c:\users\lazaros\documents\my games\skyrim\saves\save 1791 - mar'dew cracked tusk keep 27.11.12.skse
scanner sequence 3.EF.11.CWNAHZ
----- EOF -----


Attached Files
File Type: txt mbav.txt (1.0 KB, 3 views)
File Type: txt Scan_2015-6-17-11-30.txt (43.8 KB, 3 views)
My System SpecsSystem Spec
17 Jun 2015   #9
lazarba

Windows 7 Home Premium x64
 
 

Okay, just got another BSOD, this time there was no talk of drivers overflowing a stack based buffer and what-not, but regardless, here is the crashdump.


Attached Files
File Type: zip 061715-7706-01.zip (22.4 KB, 1 views)
My System SpecsSystem Spec
18 Jun 2015   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Can you tell us about this C:\Windows\System32\Tasks\AutoKMS and this? C:\Windows\Tasks\AutoKMS.job

"The file is often installed if you are using a hacked program..... Office? and can be from a Keygen program."
My System SpecsSystem Spec
Reply

 BSOD at erandom times, probably caused by malware.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD at random times caused by random drivers
My PC keeps crashing and i have no idea why. http://i.imgur.com/mVPGuRX.png
BSOD Help and Support
BSOD Caused By Graphic Drivers -- Seems to occur at random times
Del
BSOD Help and Support
Getting a bsod at random times " Probably caused by : L1C62x64.sys"
i keep getting this Bsod please help :(
BSOD Help and Support
Uplay AC3 download caused malware that Malwarebytes can't fix
Hi guys my case is very similar to the one bellow except Malwarebytes didnt find the error http://www.sevenforums.com/general-discussion/239103-computer-suddenly-slow-starts-up-non-changeable-classic-theme.html the start bar and windows are still in classic and boot time is very very...
General Discussion
BSOD multiple times. Caused by ntkrnlmp.exe.
Hi everyone, I've had the BSOD 5 or 6 times today and I'm at a lost on how to fix it. I've run the diagnostics and there's apparently nothing wrong. I've run a virus scan with Malwarebytes and nothing. I've tried to do a system restore however my system protection was turned off and so there...
BSOD Help and Support
BSoD - Most probably caused by malware
Every time I try a normal startup on my Windows 7 Home Premium x64 computer I get the BSoD. When I run in safemode it can go for about 10 minutes before it gets the screen. The error report looks like this: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7600.2.0.0.768.3...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App