PC BSOD'd in my regular profile and in my Admin profile.

My relatively new (3 months) Dell notebook has been doing some weird stuff lately but it was the multiple BSOD's yesterday that got me searching for some answers. The machine is frequently and persistently accessing the HD even when I'm not doing anything - this also frequently causes delays in responses while trying to type, or move cursor.

I have gone thru some malware checking with www.preventmalware.org but he is skeptical my problems are malware related even though we did find that one worm. He thinks something else is going on and and seeking help here would be a good idea.

1. How was it detected? What was scanning, you yourself or the back-ground scanner? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?

PC Configuration: Dell PC 1420, Vista, auto-updates via Windows Update. Latest updated version of Avast home edition running, along with Windows Defender, Threatfire, AVG Antispyware Free. (Ran manual scans using all of these within last 4 days in Normal Mode, found nothing)

PC bluescreened while typing composing an email message. Had IE7 and Outlook open along with a couple of PDF files. Before BlueScreen disappeared it mentioned something about a problem in Win32 and that it was creating a MEMORY.DMP file to help diagnose the problem. Machine restarted in safe mode. I logged in then shut down normally. Then restarted in normal mode. BSD again right after clicking to open IE7. Restarted in safe mode. Shut down normally. Rebooted again in normal mode. BSD again immediately. Restarted in Safe. Attempted to scan with Threatfire but on demand scanner wouldn't initialize. Started Avast scanner - full scan. 50% done, got VIRUS FOUND notice.

Win32:VB-DAJ [Wrm]
found in: c:\windows\MEMORY.DMP
type: virus/worm
VPS version 080607-0, 06/07/2008
Recommeded: Move to Chest.

Clicked to "move to chest" and got error:
"Virus Chest Server is not running. RPC Communication failed. Cannot process c:\windows\MEMORY.DMP file."

[I have since gotten the 241mb MEMORY.DMP file into the Avast virus chest. However, new MEMORY.DMP file has shown up in same place and Avast FAILS to scan it - results in error]


2. What was the source of the file, where did the file come from?.: e.g. address, URL, source.

The MEMORY.DMP file was created when the machine BSD'd. I've had several BSD's during the past week. (and during last 48 hours)


3. When was it downloaded or received?

N/A


4. What is the exact file name with extension.

c:\windows\MEMORY.DMP


5. What was the exact wording of the message that the AV program came up with? This is important for later.

Win32:VB-DAJ [Wrm]
found in: c:\windows\MEMORY.DMP
type: virus/worm
VPS version 080607-0, 06/07/2008
Recommeded: Move to Chest.

Clicked to "move to chest" and got error:
"Virus Chest Server is not running. RPC Communication failed. Cannot process c:\windows\MEMORY.DMP file."



6. Now go back and do nothing yet. Scan the particular file once again with your AV product.

A. The message is in the same wording: maybe positive alert

Yes, the same message.


B. If the message is not in the same wording or the scan does not find up anything this could be a false positive.




7. Check with an on line scanner or update to jotti for a second opinion. Jotti resides at http://virusscan.jotti.org/

I ran Trendmicro's Online Housecall and after about 40 minutes of cranking away, the machine blue screened again and rebooted.
Currently running Kaspersky online scan.


8. Go get informed ask a Virus Encyclopedia or Virus Central, put a question on a forum.

NOT FOUND - Virus name from Alert Notification is not found anywhere.

After rerunning Avast (after putting file in chest) Avast ran clear with no issues.


This is from most recent BSOD that happened while running Trendmicro Online Housecall

The error showed:
Problem event name: BlueScreen
OS Version 6.0.6000.2.0.0.768.3
Locale ID: 1033

BCCode: c2
BCP1: 00000007
BCP2: 0000113D
BCP3: 00000000
BCP4: B276D008
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
c:\windows\minidump\mini060808-01.dmp
c:\users\admin\appdata\local\temp\wer-2331606-0.sysdata.xml
c:\users\admin\appdata\local\temp\werccb1.tmp.version.txt

This BSOD occurred in my Admin profile. (Yesterday's was in my regular profile.) So it doesn't seem profile dependent.

I really appreciate whatever help you folks can offer. I'd really like to get back to computing.
Cheers,
Buck

This post has been edited by BuckS: Jun 8 2008, 05:32 PM

The key thing I read in all that you said was, "My relatively new (3 months) Dell notebook". Did you contact Dell? This should be under warranty so get on record you are getting BSODs, which most commonly indicate a hardware/hardware driver issue.

I have no experience with preventmalware.org so I immediately checked the List of Rogue/Suspect Anti-Spyware Products and it was not on the list, so that is good. Then I saw that they recommended you come here, so they must be legit! Right?

And certainly SUPERAntispyware, Avast, and Windows Defender together make a decent defense, if you are careful about where you go on the Internet, and what you download/copy from it.

The information that would be most useful is, what did the BSOD say? It will toss up a "Stop code", and often some verbiage with it that can be punched into Google for some ideas. You could still look in the Event Viewer logs (right-click on My Computer > Manage > Event Viewer) at the time moments before the BSODs to see if an error was logged.

But if this is still under warranty talk to Dell. This could be a heat/cooling issue, failing RAM, bad graphics, or some device on board the motherboard.

Hi,

I don't know what "stop code" is (near the bottom of my original post was the info that showed up on screen re the BSOD according to Windows) but I've attached an image of my most recent BSOD (last night) and will post in the next message the 2 Windows messages that came along with it after the restart. I really tried to list every bit of info I possibly could about and leading up to the error in my post.

Re Event Viewer - I have absolutely no idea what the heck I'm looking at in there - tons of, to me, jibberish and useless information - which I'm sure that for someone knowledgeable makes perfect sense.

Re Dell - Pls see the name of this post :-) Dell is no help at all - I can't get thru to anyone that seems to be able to offer me any assistance other than reformat my HDD. The support people couldn't even figure out that the reason they couldn't get into the user logs was because of a permissions issue on the specific file which I had to fix myself as they had no idea.

Thanks,
Buck

Here are images of the dialog box presented after the most recent reboot after BSOD. I had to use 2 images because the box couldn't be resized and there was more info than was shown in first view.

It's hilarious the way Windows says something like "do you want to search for a solution" and then the window disappears and that's that. It's gone and nothing else happens.

Hi Bucks

I can see from the picture, that your system have
created a minidump file.

You should try open the minidump, as the faulty module or driver
often is listed in that minidump.

The minidump can be placed in one of two places;

C:\Windows\Minidump
C:\Windows\System32\Minidump
(If its not there, you may have to search for the folder, but those are the defaults save-folders)

You need to enable "view hidden files and folders" to see the minidump folder.

Open Windows Explorer,
Select tools, folder options, view
Place a dot / checkmark in "view hidden files and folders".

Also found this;



The above was found here: UpdateXP.com

I hope this will help you further.

Regards Abydos