Thread: BSOD in Safe mode but can enter normal mode
View Single Post
  #8  
Old February 12th 19, 09:35 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
  
Posts: 11,873
Default BSOD in Safe mode but can enter normal mode
Lu Wei wrote:
On 2019-2-12 10:05, Paul wrote:
...
You can use Driver Verifier to check for memory
leaks or the like in a driver. But this isn't
happening in regular running mode. And the drivers
that load in Safe Mode, would be a subset of the
ones in Normal Mode. I had one case, where running
Driver Verifier, actually stopped a problem, rather
than allowing analysis of where the problem might be.

Since the drivers that load in Safe Mode are a subset of the ones in
Normal Mode, and I can enter Normal Mode without problem, then the
problem should not relate to a driver, isn't it? And my driver set is
near standard; I only install official drivers except one or two that I
surely know what they are for.

You could do an AV scan. Or, it was an AV product
which damaged something. I don't have any information
there, to indicate what to do next.

I do not have any AV product. My habit of using computer is
conservative: I only use software that truly needed, download them from
official site, check signature if there be one, and periodically
optimize and clean the system. I feel no need for AV software to
deteriorate performance; only worms that actively spread by OS bug (like
Sasser?) could infect me, which AV product could not defend against either.
I've had one case here, where a problem did not respond,
to a Clean Install. Which is pretty scary. Later, it seemed
to be a RAM problem that was at the heart of the matter,
but I'm not 100% convinced that's all of it. It could have
been two problems. The RAM being half of it. The RAM seemed
to be bad on my machine, near where some driver was running.
It would cause a crash after 15GB of writes to disk.

Should not RAM problem be random? The phenomenon I encounter is 100%
reproducible, and I have no blue screen or unexpected crash problem in
normal mode usage.


RAM problems can be "stuck-at faults". That's where
a RAM location is 0 and will never be writeable to 1.
That was the kind of fault I had. The OS didn't load
the files in exactly the same locations on each run,
which changed the symptoms on a daily basis.

Another kind of RAM problem, is random, like bus noise.
If you run a memtest, the location reported as failing,
changes each time. Such conditions arise when the RAM
has not received enough voltage, for the clock speed
it is running at.

You use memtest to check for stuck-at faults.

http://www.memtest.org # downloads are 50% down the page

Prime95 Torture Test (mersenne.org), is slightly better
for finding noise-like faults. Memtest doesn't usually
provide enough stress for that testing purpose.

One full pass of memtest is good enough. I don't believe in
doing multiple passes, because Prime95 will do a good job
of detecting flaky stuff. Four hours of Prime95 is good
enough for me. Some people run it for longer than that.

*******

You can get an offline scanning CD to check for malware.
Normally I would recommend Kaspersky, but I don't know
what's going through their heads today. (I trust them,
but I don't know how their company is suffering from
political conditions, and consequently, how well
their scanning disc is being maintained.)

Bitdefender makes a disc too. As do a couple of other
companies that I haven't used in a while. The first
offline scanner I might have used was FSecure.

If you use an offline scanner, put a copy of EICAR
in one of the disk folders, to check that the scanner
is actually working. It's a text string, and *every*
AV should detect it. An offline AV scanner will
also complain about password protected archives
(which it cannot scan). In fact, some archives
are easily cracked, but the ethics of the situation
demand that they not crack the password, and
"complain" instead :-)

https://en.wikipedia.org/wiki/EICAR_test_file

The Kaspersky offline scanner, tends to fail on
extremely large compressed archives. For example,
the source tarball for Chromium might have 600,000
files in it, and the scanner will stop and error out
if it hits objects that "deep". It doesn't run out
of RAM though. It's hard to tell why it quit. So I
have to keep the source for Firefox, Thunderbird,
and Chromium, from the scanners view.

https://support.kaspersky.com/14229

The rescue CD writes to C: or what it thinks is the
C: it should be using. It leaves a folder at top level
(C:\Kaspersky...) It also uses the pagefile, but cleans
it before reboot.

Operation works in stages.

1) The first stage is after the CD boots, you
click a button to download AV signature updates.
This could take 20 minutes.

2) Once the update is obtained and stored in the
C: folder for the purpose, you can select which
partitions to scan, and what policy you want to
use. (The default is OK.) The scan should put up
warning dialogs, like when it detects EICAR.

At the end, it should give you a summary, and
another opportunity to act on the results.
I've never bothered using the Quarantine function
when scanning with it. I'm only looking for "detections"
when I use it. Like, "is there something on here or
isn't there".

Paul
Ads