Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: W7/64 freeze after few seconds; strange items in WMI

09 Apr 2017   #21
Ranger4

Windows 7 Home Premium 64 bit sp1
 
 

Quote   Quote: Originally Posted by Fenichel View Post
I have a question for the clone-experienced contributors. When I first thought about cloning, quite a few years ago, I thought that it couldn't work. My thought was that most disk drives have a few unusable sectors here and there, identified to prevent their being allocated, but straight copying of one HDD onto another would not take proper account of the receiving HDD's bad sectors. Now, obviously my thinking was wrong, but what did I miss?
These websites might help you with how cloning works.

When to image a hard drive, and when to clone it | PCWorld

Disk cloning - Wikipedia

As I understand it cloning copies the hard drive into one big file. That file then is written to the new disc in much the same way as any software program is. In other words it's not the same as copy & paste. It's not actually coping sector by sector, thereby removing the bad sector problem being transferred.


My System SpecsSystem Spec
.
10 Apr 2017   #22
Fenichel

Windows 7/64 Pro SP1
 
 
cloning

Quote:
As I understand it cloning copies the hard drive into one big file. That file then is written to the new disc in much the same way as any software program is. In other words it's not the same as copy & paste. It's not actually coping sector by sector, thereby removing the bad sector problem being transferred.
I wasn't worried about the donor sites; it's easy enough to copy everything (all sectors) into one big file but then follow the file-system links and read out only the good stuff. What I was concerned about is the recipient sites. The OS works with offset-within-file much of the time, but at other times it talks directly to disk addresses, I think. If it thinks it knows that Thing is at sector AAA, but AAA is now (on the new, recipient disk) not usable, how does the clone system know what part of the OS should be told that Thing is now at BBB?

We don't need to belabor this; obviously cloning has been made to work, and I'm foolish not to have been using it.
My System SpecsSystem Spec
10 Apr 2017   #23
Fenichel

Windows 7/64 Pro SP1
 
 
results of suspending Kaspersky AV

Thanks to ICIT2LOL. I suspended Kaspersky AV and moved back in the direction of Normal mode.
  • Windows accepted my password as usual
  • On a background I don't recall (black or the Welcome screen), I got an Application Error message from mbamtray.exe: The instruction at (somewhere) could not be read.
  • The cream, featureless, illegal-Windows desktop appeared behind the diagnostic box, and now I got an Application Error exception from ksdeuii.exe: Unknown software exception 0x40000015.
  • Within a few seconds, with no input from me, my normal desktop appeared. It lasted a few more seconds before the now-familiar freeze, and I had to go back in Safe Mode. But then, I tried Normal Mode again, hoping that the immediately-past experience in Normal Mode had been a one-off.
  • On that attempt at Normal Mode, with Kaspersky still disabled, I got no Application-Error messages, no nasty cream screen, just my normal desktop. I puttered for about a minute, at which time there appeared a Kaspersky popup, inviting me to reactivate it.
  • I did, and got another Kaspersky popup inviting me to update my virus definitions. I clicked on that, but a few seconds later the machine was frozen again.
Possibly I can run in Normal mode indefinitely, as long as I don't try to reactivate Kaspersky AV (I don't know this; the latest freeze might just have been some other clock running out). If the Kaspersky theory is true, then there are at least two possible ways ahead (I want advice):
  • With help from this forum and, possibly, from Kaspersky Labs, I can get Kaspersky AV going again. While that is going on, I will need some sort of coverage, possibly from MalwareBytes.
  • Or, I could give up on Kaspersky altogether, and just start protecting myself with MWB or Eset or something else. Would I be losing something in not having Kaspersky?
And yes, I'm off tomorrow to buy a new external HDD to be my clone holder.
My System SpecsSystem Spec
.

10 Apr 2017   #24
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Well if you want then what I would do is to uninstall Kaspersky because you might have a very buggy download. Is the version 2017?? by the way because if not then you can use the same activation code for each subsequent version that comes out - that is what I do.
If you uninstall then it will give you the option of saving the code so a fresh install is ready to go. Now I would seriously think about nit uninstalling it but if you want good free one then I would have a read of this
If you want a good free AV then there are plenty in this
Free Windows Desktop Software Security List - Realtime Protection | Gizmo's Freeware
However I would advise you against using AVG, McAfee, Baidu, Ad-Adaware, and Comodo (only because it is a terrible nagger)
I have tested out Bitdefender, Avast,Avira, MSE, Sophos, and Panda and out of those I would if I were not using a paid for version of Kaspersky run Bitdefender, Avast, and Avira in that order and then the others. I mentioned the Kaspersky only because I have used it for a very long time now and as well as being an excellent AV is also very cheap to run at approx $0.035 a day (currently) and that is just about free and one gets the extra benefits.
The choice is yours as always.
(pretyped to save time)

NB That disabling depends on how long you set it for too so be aware of it enabling itself again. Plus if you do uninstall it it doesn't mean you cannot reinstall it and you need to use the removal tool which does sometimes leave remnants in the registry entries mainly because it is saving that code. .
My System SpecsSystem Spec
10 Apr 2017   #25
Fenichel

Windows 7/64 Pro SP1
 
 
Kaspersky or not

@ICIT2LOL:
I don't think I understand your last message. On the one hand you say
Quote:
what I would do is to uninstall Kaspersky
, but then you say
Quote:
I have used Kaspersky for a very long time now and as well as being an excellent AV is also very cheap to run at approx $0.035 a day (currently) and that is just about free and one gets the extra benefits.
You note that perhaps I should uninstall Kaspersky because I might have a bad download. I've been running it for 2 years or so now, with updates as they are available, so it might be corrupt, but a bad download doesn't seem as likely. I'm paid up until next year, I think.

What do you think about uninstalling it and then immediately reinstalling it, speculating that the new download will be OK? Of course, all of this is contingent on the theory that my problems have all been routed out by the other AV programs, and that the only lingering issue is with a malfunctioning Kaspersky program. That is not yet proven, to say the least.
My System SpecsSystem Spec
10 Apr 2017   #26
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Before worrying about backups and cloning your system, I would suggest taking care of the infections first.

Have you tried RKill and then run needed scans?

RKill Download


I would also suggest removing all cookies found by SAS.

Their is a good chance you will need to do a Clean Install; it all depends on the infections found.

Jack
My System SpecsSystem Spec
10 Apr 2017   #27
Fenichel

Windows 7/64 Pro SP1
 
 

Thanks for the link to RKill. RKill seemed to be reasonably comfortable (see attached output), and I had already deleted all of the cookies found by SAS.

I recognize that I still may need to do a clean install, but I'm not sure how to decide whether that will be necessary. I've now scanned my whole system with MalWareBytes, eSet, SuperAntiSpyWare, and now RKill, and removed the various tagged items.

What other disinfection would you recommend? One possibility that occurs to me is that I should now run some or all of the above scans again, in case the malware had a hiding place and has now re-established itself.

Remember that the trouble seems to have started just after midnight at the beginning of April 1st; the computer had then been running continuously for over a week, and receiving no input from me during that time (I was away until 0400 on April 1st). That says to me that the malware was lying in wait, set to start at or after a specific time (2017-04-01 00:00). It had not, in its dormant form, ever been detected by Kaspersky, and I may (or may not) have successfully deleted the dormant version as described in message #7. In the depths of my paranoia, it occurs to me that there might be another dormant version still on my system somewhere, ready to rise again on April 1st of next year or, indeed, at any other time.

In this vein, I remember that the file that I suspect was the dormant carrier was recognized by Windows Explorer as being encrypted (that is, its name was displayed in green). I've never noticed any other files on my system with that property. I could search my system for files whose FILE_ATTRIBUTE_ENCRYPTED bit is set; I don't know of a tool that does that, but I could write my own without much delay. Do you recommend that I bother with this?


Attached Files
File Type: txt Rkill.txt (2.6 KB, 2 views)
My System SpecsSystem Spec
10 Apr 2017   #28
Fenichel

Windows 7/64 Pro SP1
 
 
finding encrypted files

Quote:
I could search my system for files whose FILE_ATTRIBUTE_ENCRYPTED bit is set; I don't know of a tool that does that, but I could write my own without much delay.
This turned out to be a trivial piece of coding, so it's coded and run. There were a few copies of the encrypted file hanging around in the Recycle Bin, but now they're definitely gone.
My System SpecsSystem Spec
10 Apr 2017   #29
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

We need a status report.
Are you having any problems with your system?

The purpose of RKill is to stop programs (infections) from running so a better security scan can be done.
Some infection will try to shut down security programs so your security programs can't find the infections.

No security program is a fix all.

If at the end you have doubts about your computer security, that is when I would do a clean install.
In cases like this I would do a format and a wipe of the disk and then install Windows 7 again.
It's a pain I know.

P/S:
Remember that anything that was hooked up to or in communications with the infected system could also be infected. A April Fools day infection could of been in the system for a long time just waiting for the clock on your computer to activate the infection. Their are just so many possibilities.

Jack
My System SpecsSystem Spec
10 Apr 2017   #30
Fenichel

Windows 7/64 Pro SP1
 
 
status report

I haven't been back into Normal Mode since the time yesterday, described a few messages ago.

I am not altogether comfortable with the current situation, but I am heartened by the facts that
  • the presumed malware file came in a Github file that was unlikely to be downloaded by many people, let alone high-value targets, and
  • it was left around in a non-stealthy form (distinguished explorer appearance, immediate detection upon attempted copying), and
  • the trigger date was the too-obvious April 1st, and
  • I haven't heard from any ransomers or gloaters, and
  • other victims don't seem to be complaining publicly
To me, these facts suggest that the perpetrators were only moderately skilled dabblers, and so I may (with the help of this forum) have got rid of the infection. I am inclined
  • to run MalWareBytes again, to see if the malware somehow ran a flanking maneuver around it,
  • to run eSet again
  • to run SuperAntiSpyware again
  • to unload Kaspersky AV
  • to reload Kaspersky AV
and then to reattempt Normal Mode. Formatting and reinstalling would take about a week, considering all of the Windows annoyances that would need to be cleaned up again, and considering the wide range of apps that I use. I respect your more conservative approach, of course. I hope you don't believe that I am being wild-ass foolhardy.

What I may do in parallel is just to buy another machine and, without any time pressure, configure it into usable form. Then I could move my data over and use the new machine while, again under no time pressure, I scrubbed this machine down to bare silicon & iron oxide and did the clean install. I used to maintain 2 machines to ease a strategy like this, but it became too much trouble to keep them both up to date.
My System SpecsSystem Spec
Reply

 W7/64 freeze after few seconds; strange items in WMI




Thread Tools




Similar help and support threads
Thread Forum
high dpc latency 3.8 seconds! ataport.sys intermittent a/v buzz/freeze
Microsoft drivers are running the onboard hd audio, the realtek drivers don't seem to load; i've downloaded some updates for this jurassic MB from asus for windows 7 and they can't find the hd audio device so they won't install. i've also downloaded some updated drivers from realtek but haven't...
Sound & Audio
Strange items in Downloads folder and disposal?
Absolutely not a clue how they ( see att) got there. Can anyone give me a clue what they are for and where they would normally reside? Can I just delete them, or should I ensure they exist elsewhere?
General Discussion
Firefox problem - Freeze a couple of seconds, a windows open & closes
Hi guys. I've been having this problem and it's driving me nuts. Literally. The title of the thread is a bit ambiguous. Let me explain. In certain circonstences, I don't know what they are (maybe around Flash objects), I am browsing normally, closing & opening tabs and sometimes, Firefox...
Browsers & Mail
My computer will freeze up/lock up every seconds at login
Help! My computer that I've had since '09 has been freezing up every few seconds at startup, for example, the start button glows on mouse over and when i click the start menu doesn't come up, then if I move my mouse the windows logo is still glowing, same goes for the notifications triangle. Other...
BSOD Help and Support
Freeze about 5-10 seconds after log in
This issue just started occuring today and it has me completely stumped. As I recall, I don't believe I was doing anything out of the ordinary (browsing youtube and facebook) when my system locked up then restarted after about 20 seconds. After I booted back up to the log in screen, typed in my...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:44.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App