A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » General XP issues or comments
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

BSOD in Safe mode but can enter normal mode



 
 
Thread Tools Display Modes
  #1  
Old February 11th 19, 09:22 AM posted to microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 60
Default BSOD in Safe mode but can enter normal mode

I have a very strange phenomenon with my ThinkPad X61, WindowsXPsp3. It
runs normally, but I cannot enter safe mode. Press F8 at boot, select
any one of 3 safe modes, it will end to a blue screen of death showing
something like:
Stop: 0x0000007E (0xC0000005, 0xF76C0211, 0xF78EA700, 0xF78EA3FC)

Before that blue screen, a screen shows a bunch of drivers loading. The
last one is mup.sys. That signed file is fine, however. Something after
that must be wrong.

I used to be able to enter safe mode, but I cannot determine when this
phenomenon begins. Safe mode is used rarely.

Could anybody give some hints?

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #2  
Old February 11th 19, 01:35 PM posted to microsoft.public.windowsxp.general
J. P. Gilliver (John)[_4_]
external usenet poster
 
Posts: 2,679
Default BSOD in Safe mode but can enter normal mode

In message , Lu Wei
writes:
I have a very strange phenomenon with my ThinkPad X61, WindowsXPsp3. It
runs normally, but I cannot enter safe mode. Press F8 at boot, select
any one of 3 safe modes, it will end to a blue screen of death showing
something like:
Stop: 0x0000007E (0xC0000005, 0xF76C0211, 0xF78EA700, 0xF78EA3FC)

Before that blue screen, a screen shows a bunch of drivers loading. The
last one is mup.sys. That signed file is fine, however. Something after
that must be wrong.

I used to be able to enter safe mode, but I cannot determine when this
phenomenon begins. Safe mode is used rarely.

Could anybody give some hints?

Can you boot into all other modes other than the three "safe" ones?
Is there one called something like "normal with logging"? If so (and you
can find where the log file _is_, and make sense of it!), you _might_ be
able to see which one is loading after mup.sys. Although if it boots
anyway, that might not help ... |-:
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

A man is not contemptible because he thinks science explains everything, and a
man is not contemptible because he doesn't. - Howard Jacobson, in Radio Times
2010/1/23-29.
  #3  
Old February 12th 19, 02:36 AM posted to microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 60
Default BSOD in Safe mode but can enter normal mode

On 2019-2-11 20:35, J. P. Gilliver (John) wrote:

Can you boot into all other modes other than the three "safe" ones?


Yes.

Is there one called something like "normal with logging"? If so (and you
can find where the log file _is_, and make sense of it!), you _might_ be
able to see which one is loading after mup.sys. Although if it boots
anyway, that might not help ... |-:


Yes, the log file is C:\windows\ntbtlog.txt:
---------------------------------------------------------------------------
Service Pack 3 2 12 2019 09:11:50.375
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver d347bus.sys
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver ACPIEC.sys
Loaded driver \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver d347prt.sys
Loaded driver \WINDOWS\System32\Drivers\SCSIPORT.SYS
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver sr.sys
Loaded driver KSecDD.sys
Loaded driver DozeHDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver ApsHM86.sys
Loaded driver Apsx86.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\igxpmp32.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\NETw4x32.sys
Loaded driver \SystemRoot\system32\DRIVERS\pcmcia.sys
Loaded driver \SystemRoot\system32\DRIVERS\sdbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\isapnp.sys
Loaded driver \SystemRoot\system32\DRIVERS\fsvga.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\System32\Drivers\wdf01000.sys
Loaded driver \SystemRoot\system32\DRIVERS\tp4track.sys
Loaded driver \SystemRoot\system32\DRIVERS\atmeltpm.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\ADIHdAud.sys
Loaded driver \SystemRoot\system32\drivers\AEAudio.sys
Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
Loaded driver \SystemRoot\system32\DRIVERS\VBoxDrv.sys
Loaded driver \SystemRoot\System32\drivers\Tppwrif.sys
Loaded driver \SystemRoot\system32\DRIVERS\TPHKDRV.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\DRIVERS\smiif32.sys
Did not load driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\System32\Drivers\Parport.SYS
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
Loaded driver \??\C:\green\ThrottleStop\WinRing0.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip6.sys
Did not load driver \SystemRoot\system32\DRIVERS\Ip6Fw.sys
Loaded driver \SystemRoot\system32\DRIVERS\Ip6Fw.sys
Did not load driver \SystemRoot\system32\DRIVERS\Ip6Fw.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
---------------------------------------------------------------------------

I checked all 11 "did not load" driver file, all of them are signed, so
files are good. And some are special:
ndproxy is loaded first, then not loaded;
kbdhid is not loaded first, then loaded;
ip6fw is not loaded first, then loaded, then not loaded again.

Could that reveal something?

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #4  
Old February 11th 19, 07:42 PM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default BSOD in Safe mode but can enter normal mode

Lu Wei wrote:
I have a very strange phenomenon with my ThinkPad X61, WindowsXPsp3. It
runs normally, but I cannot enter safe mode. Press F8 at boot, select
any one of 3 safe modes, it will end to a blue screen of death showing
something like:
Stop: 0x0000007E (0xC0000005, 0xF76C0211, 0xF78EA700, 0xF78EA3FC)

Before that blue screen, a screen shows a bunch of drivers loading. The
last one is mup.sys. That signed file is fine, however. Something after
that must be wrong.

I used to be able to enter safe mode, but I cannot determine when this
phenomenon begins. Safe mode is used rarely.

Could anybody give some hints?


http://aumha.org/a/stop.htm

"0x0000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

A system thread generated an exception which the error handler
did not catch. There are numerous individual causes for this
problem, including hardware incompatibility, a faulty device
driver or system service, or some software issues. Check
Event Viewer (EventVwr.msc) for additional information.
"

The suggestion to check Event Viewer, applies to cases where
this happens after the system is running for some time, and then
the error shows up.

The 0xC0000005 is an "Access Violation".

As you rightly assume, it's the "thing *after* mup.sys" causing
a problem. Boot logging is a useless feature. Boot logging shows
what successfully loaded, when the user has no clue as to what
comes next in the failure case.

About all I can suggest, is checking Event Viewer for unrelated
error events, to see if there is a "theme", some sickness in
the system that might be contributing to the problem. As I don't
know of a way to attack the problem head-on.

Paul
  #5  
Old February 12th 19, 02:54 AM posted to microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 60
Default BSOD in Safe mode but can enter normal mode

On 2019-2-12 2:42, Paul wrote:

http://aumha.org/a/stop.htm

Â*Â* "0x0000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

Â*Â*Â* A system thread generated an exception which the error handler
Â*Â*Â* did not catch. There are numerous individual causes for this
Â*Â*Â* problem, including hardware incompatibility, a faulty device
Â*Â*Â* driver or system service, or some software issues. Check
Â*Â*Â* Event Viewer (EventVwr.msc) for additional information.
Â*Â* "

The suggestion to check Event Viewer, applies to cases where
this happens after the system is running for some time, and then
the error shows up.

The 0xC0000005 is an "Access Violation".

As you rightly assume, it's the "thing *after* mup.sys" causing
a problem. Boot logging is a useless feature. Boot logging shows
what successfully loaded, when the user has no clue as to what
comes next in the failure case.

About all I can suggest, is checking Event Viewer for unrelated
error events, to see if there is a "theme", some sickness in
the system that might be contributing to the problem. As I don't
know of a way to attack the problem head-on.


Event view has only one warning of ID 1524 from userenv when I log off, no information during start.
There is more info about that event in C:\windows\debug\usermode\userenv.log:
----------------------------------------------------------------------------------------------
USERENV(2d4.2d8) 09:10:56:765 MyRegUnLoadKey: Failed to unmount hive 00000005
USERENV(2d4.2d8) 09:10:56:765 UnLoadClassHive: failed to unload classes key with 5
USERENV(2d4.2d8) 09:10:56:765 DumpOpenRegistryHandle: 1 user registry Handles leaked from \Registry\User\S-1-5-21-2000478354-1078081533-1801674531-1003_Classes
USERENV(2d4.2d8) 09:10:56:765 ReportError: Impersonating user.
USERENV(2d4.2d8) 09:12:09:640 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(2d4.2d8) 09:12:09:640 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(2d4.2d8) 09:12:09:640 CUserProfile::CleanupUserProfile: Ref Count is not 0
----------------------------------------------------------------------------------------------
I have troubleshooted this too, and tried UPHclean, but not work. It seems a trivial warning, I think I could let it be. But BSOD in safe mode makes me nervous.

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #6  
Old February 12th 19, 03:05 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default BSOD in Safe mode but can enter normal mode

Lu Wei wrote:
On 2019-2-12 2:42, Paul wrote:
http://aumha.org/a/stop.htm

"0x0000007E: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED

A system thread generated an exception which the error handler
did not catch. There are numerous individual causes for this
problem, including hardware incompatibility, a faulty device
driver or system service, or some software issues. Check
Event Viewer (EventVwr.msc) for additional information.
"

The suggestion to check Event Viewer, applies to cases where
this happens after the system is running for some time, and then
the error shows up.

The 0xC0000005 is an "Access Violation".

As you rightly assume, it's the "thing *after* mup.sys" causing
a problem. Boot logging is a useless feature. Boot logging shows
what successfully loaded, when the user has no clue as to what
comes next in the failure case.

About all I can suggest, is checking Event Viewer for unrelated
error events, to see if there is a "theme", some sickness in
the system that might be contributing to the problem. As I don't
know of a way to attack the problem head-on.


Event view has only one warning of ID 1524 from userenv when I log off, no information during start.
There is more info about that event in C:\windows\debug\usermode\userenv.log:
----------------------------------------------------------------------------------------------
USERENV(2d4.2d8) 09:10:56:765 MyRegUnLoadKey: Failed to unmount hive 00000005
USERENV(2d4.2d8) 09:10:56:765 UnLoadClassHive: failed to unload classes key with 5
USERENV(2d4.2d8) 09:10:56:765 DumpOpenRegistryHandle: 1 user registry Handles leaked from \Registry\User\S-1-5-21-2000478354-1078081533-1801674531-1003_Classes
USERENV(2d4.2d8) 09:10:56:765 ReportError: Impersonating user.
USERENV(2d4.2d8) 09:12:09:640 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(2d4.2d8) 09:12:09:640 CUserProfile::CleanupUserProfile: Ref Count is not 0
USERENV(2d4.2d8) 09:12:09:640 CUserProfile::CleanupUserProfile: Ref Count is not 0
----------------------------------------------------------------------------------------------
I have troubleshooted this too, and tried UPHclean, but not work. It seems a trivial warning, I think I could let it be. But BSOD in safe mode makes me nervous.


Yeah, I would have recommended UPHClean. You have to start using
it, after some video driver is installed, as an example of how
trivial the cases are where an open hive is involved. It's not like
you need an OS that is several years old - the hive hanging up can
happen an hour after you do a Clean Install.

It's pretty hard to recommend a path to follow, when none of the
information strongly points at a cause.

You can use Driver Verifier to check for memory
leaks or the like in a driver. But this isn't
happening in regular running mode. And the drivers
that load in Safe Mode, would be a subset of the
ones in Normal Mode. I had one case, where running
Driver Verifier, actually stopped a problem, rather
than allowing analysis of where the problem might be.

You could do an AV scan. Or, it was an AV product
which damaged something. I don't have any information
there, to indicate what to do next.

I've had one case here, where a problem did not respond,
to a Clean Install. Which is pretty scary. Later, it seemed
to be a RAM problem that was at the heart of the matter,
but I'm not 100% convinced that's all of it. It could have
been two problems. The RAM being half of it. The RAM seemed
to be bad on my machine, near where some driver was running.
It would cause a crash after 15GB of writes to disk.

Paul
  #7  
Old February 12th 19, 08:32 AM posted to microsoft.public.windowsxp.general
Lu Wei
external usenet poster
 
Posts: 60
Default BSOD in Safe mode but can enter normal mode

On 2019-2-12 10:05, Paul wrote:
...
You can use Driver Verifier to check for memory
leaks or the like in a driver. But this isn't
happening in regular running mode. And the drivers
that load in Safe Mode, would be a subset of the
ones in Normal Mode. I had one case, where running
Driver Verifier, actually stopped a problem, rather
than allowing analysis of where the problem might be.

Since the drivers that load in Safe Mode are a subset of the ones in
Normal Mode, and I can enter Normal Mode without problem, then the
problem should not relate to a driver, isn't it? And my driver set is
near standard; I only install official drivers except one or two that I
surely know what they are for.

You could do an AV scan. Or, it was an AV product
which damaged something. I don't have any information
there, to indicate what to do next.


I do not have any AV product. My habit of using computer is
conservative: I only use software that truly needed, download them from
official site, check signature if there be one, and periodically
optimize and clean the system. I feel no need for AV software to
deteriorate performance; only worms that actively spread by OS bug (like
Sasser?) could infect me, which AV product could not defend against either.

I've had one case here, where a problem did not respond,
to a Clean Install. Which is pretty scary. Later, it seemed
to be a RAM problem that was at the heart of the matter,
but I'm not 100% convinced that's all of it. It could have
been two problems. The RAM being half of it. The RAM seemed
to be bad on my machine, near where some driver was running.
It would cause a crash after 15GB of writes to disk.

Should not RAM problem be random? The phenomenon I encounter is 100%
reproducible, and I have no blue screen or unexpected crash problem in
normal mode usage.

--
Regards,
Lu Wei
IM:
PGP: 0xA12FEF7592CCE1EA
  #8  
Old February 12th 19, 10:35 AM posted to microsoft.public.windowsxp.general
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default BSOD in Safe mode but can enter normal mode

Lu Wei wrote:
On 2019-2-12 10:05, Paul wrote:
...
You can use Driver Verifier to check for memory
leaks or the like in a driver. But this isn't
happening in regular running mode. And the drivers
that load in Safe Mode, would be a subset of the
ones in Normal Mode. I had one case, where running
Driver Verifier, actually stopped a problem, rather
than allowing analysis of where the problem might be.

Since the drivers that load in Safe Mode are a subset of the ones in
Normal Mode, and I can enter Normal Mode without problem, then the
problem should not relate to a driver, isn't it? And my driver set is
near standard; I only install official drivers except one or two that I
surely know what they are for.

You could do an AV scan. Or, it was an AV product
which damaged something. I don't have any information
there, to indicate what to do next.


I do not have any AV product. My habit of using computer is
conservative: I only use software that truly needed, download them from
official site, check signature if there be one, and periodically
optimize and clean the system. I feel no need for AV software to
deteriorate performance; only worms that actively spread by OS bug (like
Sasser?) could infect me, which AV product could not defend against either.
I've had one case here, where a problem did not respond,
to a Clean Install. Which is pretty scary. Later, it seemed
to be a RAM problem that was at the heart of the matter,
but I'm not 100% convinced that's all of it. It could have
been two problems. The RAM being half of it. The RAM seemed
to be bad on my machine, near where some driver was running.
It would cause a crash after 15GB of writes to disk.

Should not RAM problem be random? The phenomenon I encounter is 100%
reproducible, and I have no blue screen or unexpected crash problem in
normal mode usage.


RAM problems can be "stuck-at faults". That's where
a RAM location is 0 and will never be writeable to 1.
That was the kind of fault I had. The OS didn't load
the files in exactly the same locations on each run,
which changed the symptoms on a daily basis.

Another kind of RAM problem, is random, like bus noise.
If you run a memtest, the location reported as failing,
changes each time. Such conditions arise when the RAM
has not received enough voltage, for the clock speed
it is running at.

You use memtest to check for stuck-at faults.

http://www.memtest.org # downloads are 50% down the page

Prime95 Torture Test (mersenne.org), is slightly better
for finding noise-like faults. Memtest doesn't usually
provide enough stress for that testing purpose.

One full pass of memtest is good enough. I don't believe in
doing multiple passes, because Prime95 will do a good job
of detecting flaky stuff. Four hours of Prime95 is good
enough for me. Some people run it for longer than that.

*******

You can get an offline scanning CD to check for malware.
Normally I would recommend Kaspersky, but I don't know
what's going through their heads today. (I trust them,
but I don't know how their company is suffering from
political conditions, and consequently, how well
their scanning disc is being maintained.)

Bitdefender makes a disc too. As do a couple of other
companies that I haven't used in a while. The first
offline scanner I might have used was FSecure.

If you use an offline scanner, put a copy of EICAR
in one of the disk folders, to check that the scanner
is actually working. It's a text string, and *every*
AV should detect it. An offline AV scanner will
also complain about password protected archives
(which it cannot scan). In fact, some archives
are easily cracked, but the ethics of the situation
demand that they not crack the password, and
"complain" instead :-)

https://en.wikipedia.org/wiki/EICAR_test_file

The Kaspersky offline scanner, tends to fail on
extremely large compressed archives. For example,
the source tarball for Chromium might have 600,000
files in it, and the scanner will stop and error out
if it hits objects that "deep". It doesn't run out
of RAM though. It's hard to tell why it quit. So I
have to keep the source for Firefox, Thunderbird,
and Chromium, from the scanners view.

https://support.kaspersky.com/14229

The rescue CD writes to C: or what it thinks is the
C: it should be using. It leaves a folder at top level
(C:\Kaspersky...) It also uses the pagefile, but cleans
it before reboot.

Operation works in stages.

1) The first stage is after the CD boots, you
click a button to download AV signature updates.
This could take 20 minutes.

2) Once the update is obtained and stored in the
C: folder for the purpose, you can select which
partitions to scan, and what policy you want to
use. (The default is OK.) The scan should put up
warning dialogs, like when it detects EICAR.

At the end, it should give you a summary, and
another opportunity to act on the results.
I've never bothered using the Quarantine function
when scanning with it. I'm only looking for "detections"
when I use it. Like, "is there something on here or
isn't there".

Paul
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 02:51 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.