Jump to content
Sign in to follow this  
white_cloud_8

Question

Recommended Posts

Hi,

 

just a couple of minutes ago my PC just restarted out of nowhere, and, once it rebooted and error message came up:

 

Microsoft Windows

 

The system has recovered from a serious error.

 

A log of this error has been created.

 

 

The error signature is:

 

BCCode : 100000d1 BCP1 : F8C24000 BCP2 : 00000002 BCP3 : 00000001

BCP4 : EEE18913 OSVer : 5_1_2600 SP: 2_0 Product : 256_1

 

 

Error Report Contents

 

The following files will be included in this error report:

 

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER9821.dir00\Mini101805-01.dmp

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER9821.dir00\sysdata.xml

 

 

 

 

 

:help: :shrug::huh:

Share this post


Link to post
Share on other sites

whoa, it just happened again (a couple of minutes ago)....when i was trying to play a music cd :huh: when i turned up the volume on my speakers you can hear this static noise then it restarted.

 

BTW: looking on the 'Event Viewer' it says that both were system errors, category (102)

 

 

Do I have a corrupt file or something?

Edited by white_cloud_8

Share this post


Link to post
Share on other sites

It did it again when I was trying to view a video clip in WMP format, it just restarted. What is going on???

 

Product: Windows Operating System

ID: 1003

Source: System Error

Version: 5.2

Symbolic Name: ER_KRNLCRASH_LOG

Message: Error code %1, parameter1 %2, parameter2 %3, parameter3 %4, parameter4 %5.

Edited by white_cloud_8

Share this post


Link to post
Share on other sites

The errors are very similar to errors generated when you are infected with the haxdoor virus. Microsoft has it listed here. I don't know if this is what you have but I would do some scanning just to be safe.

 

P.S. I saw you talking to yourself so I thought I would pop in to keep you from going crazy! :P

Share this post


Link to post
Share on other sites

The errors are very similar to errors generated when you are infected with the haxdoor virus. Microsoft has it listed here. I don't know if this is what you have but I would do some scanning just to be safe.

 

P.S. I saw you talking to yourself so I thought I would pop in to keep you from going crazy! :P

Yeah, thats really similar to what is going on here, I looked at the sample data and it looks similar. Which virus scanner should I use (I have AntiVir) but it doesn't ever seem to find anything (I guess thats not a bad thing :shrug: ). Which program would find that I have it???

Share this post


Link to post
Share on other sites

I tend to like this one, although there are several. If one don't find anything, try another. Also, if something is found, be sure system restore is turned off or the virus won't be removed. This one may have to be removed manually.

As for your updated driver, you could roll back to the other driver and see if you still have the problem. If the problem disappears, then I would say a bad driver...maybe someone else might have something to add...

Share this post


Link to post
Share on other sites

Okay, I just did a housecall trend micro scan, and, it came up with nothing. I then went to control panel>performance and maintenance>system properties and clicked on the 'Hardware' tab and 'Device Manager'. I rolled back the driver for 'Realtek AC'97 Audio' and it did nothing. I tried to view a clip in WMP and it restarted automatically *ONCE AGAIN*. What should I do next???

Share this post


Link to post
Share on other sites

I did a kaspersky on-line virus scan and it came up with three infected items but it was not related to that 'Haxdoor Virus'. The virus that came up in the scan was:

 

Infected Object Name - Virus Name

C:\System Volume Information\_restore{83709C4F-FE32-43FE-ABC1-CC5DE7F65412}\RP423\A0043132.dll Infected: not-a-virus:PSWTool.Win32.RAS.a

C:\System Volume Information\_restore{83709C4F-FE32-43FE-ABC1-CC5DE7F65412}\RP423\A0043147.old Infected: not-a-virus:PSWTool.Win32.RAS.a

C:\System Volume Information\_restore{83709C4F-FE32-43FE-ABC1-CC5DE7F65412}\RP435\A0044974.dll Infected: not-a-virus:PSWTool.Win32.RAS.a

 

Help, Please? :help: :help: :help:

Edited by white_cloud_8

Share this post


Link to post
Share on other sites

Do a online scan here and see if it finds anything. That looks nasty to me but I can't find much on it. Maybe a Spybot scan and a Hijack This scan might shed some light on it. I read some post on another board and a suggested download of Ewido here and update it and run it may help. I'm running out of options :(

Share this post


Link to post
Share on other sites

Infected Object Name - Virus Name

C:\System Volume Information\_restore{83709C4F-FE32-43FE-ABC1-CC5DE7F65412}\RP423\A0043132.dll Infected: not-a-virus:PSWTool.Win32.RAS.a

C:\System Volume Information\_restore{83709C4F-FE32-43FE-ABC1-CC5DE7F65412}\RP423\A0043147.old Infected: not-a-virus:PSWTool.Win32.RAS.a

C:\System Volume Information\_restore{83709C4F-FE32-43FE-ABC1-CC5DE7F65412}\RP435\A0044974.dll Infected: not-a-virus:PSWTool.Win32.RAS.a

 

Help, Please? :help: :help: :help:

Not sure how many times this has been stated (or how many more it will take), but those locations for infected files are in System Restore. The quick and easy way to get rid of them (and only way), turn off System Restore, which will delete all restore poibts that are saved. You can then turn Systtem Restore back on.

 

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

 

BTW, the only way you can get infected by any of those that are found, would be to use System Restore AND use one of those infected restore points.

Share this post


Link to post
Share on other sites

after turning off system restore, i noticed when i tried to open a music cd in WMP that it worked and when I viewed a video clip as well in WMP it worked, so i guess turning it off worked :)

 

note: should there be anything i should do diagnostics for or should i just leave it?

Edited by white_cloud_8

Share this post


Link to post
Share on other sites

Hi White Cloud,

 

Glad your machine is performing properly now, but I don't see how what you did would have fixed it. The bad-guys in System Restore shouldn't have been able to influence your computer functioning.

 

Will you please run a Panda Online Active Scan and post the Log? Here:

http://www.pandasoftware.com/products/activescan

Might help to see what may still be lingering there.

Note: Panda Active Scan will not "fix" many of the bad-guy items it identifies but will post the identity and file location so further investigation will be more informed. Panda takes a while, maybe an hour, but it seems to read and examine "every" file in your system, as compared to other scans which seem to scan "likely" locations. Therefore Panda comes up with stuff others don't.

Caution: Not everything identified by Panda will absolutely be a bad-guy.

You will need to investigate further to confirm, but if you post, you'll get some help with looking into it.

 

Best Regards

Share this post


Link to post
Share on other sites

What you could have done, go to Start > Run and enter in "Cleanmgr". Go to the More Options page and click the button to delete all but your most recent Restore Point.

Share this post


Link to post
Share on other sites

Glad it's working and reporting out clean.

Good work!

You've been here at the Pit way longer than me, so you already know that somebody is usually around to help when needed.

 

See Ya around the Pit. :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...