homepage Welcome to WebmasterWorld Guest from 54.196.199.117
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
Forum Library, Charter, Moderators: bill

Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10) Forum

    
W2K Blue Screen
exception not handled
grandpa




msg:3295286
 12:23 pm on Mar 28, 2007 (gmt 0)

I'm getting a KMODE_EXCEPTION_NOT_HANDLED in Win32k.sys. It ONLY happens when using CRTL-P on the Netscape browser.
(I know, then don't do that)

I wrote down the specifics and found the problem in the MS database, but... the indications reported there don't match what I see here. They do indicate a virus (Backdoor.NTHack), but the specifics just don't show up on my machine, so I'm hesitant to start tinkering with my registry.

Additionally, I've run two complete virus scans and nothing turns up. I'm beginning to think Netscape is the real culprit. Any thoughts about that before I continue? My next step will be to remove and re-install Netscape.

 

rj87uk




msg:3295343
 1:34 pm on Mar 28, 2007 (gmt 0)

I have no idea about the technical stuff, but have you tried Nod32? Its not a free one tho.

grandpa




msg:3295372
 1:47 pm on Mar 28, 2007 (gmt 0)

No, I use Kaspersky, which has been good to me so far. Two nights ago (the day before the problem surfaced) I experienced a few problems with my FTP program that were new. I'm taking a wild guess that something may have piggybacked its way in at that time. The firewall is always up, but I've allowed some programs, including FTP, to run as safe since I'm the only one to use them. I any event, virus scans revealed no problems, so I'm exploring other possibilities. I haven't ruled out a virus, I just don't see any real evidence of one.

bill




msg:3296029
 6:04 am on Mar 29, 2007 (gmt 0)

Well, the first things a lot of the good virii do today is to target your AV. However, Kapersky isn't really among the mainstream. I wouldn't discount the virus possibility.

Have you tried reverting to an earlier system backup?

kaled




msg:3296190
 11:47 am on Mar 29, 2007 (gmt 0)

Sounds like it may be a faulty key logger (not a virus).

In order to set up a system-wide keyboard hook, a DLL must have been installed or modified.

1) DO NOT DO ANYTHING THAT REQUIRES A PASSWORD.
2) Go through the task list and close down everything non-essential (write down the names of each and ignore svchost.exe). You can Google process names for info.
3) Try Netscape again. If it's ok, the theory must be assumed correct.

At this point, what to do depends on your knowledge, you may try anti-spyware.

NOTE
CTRL-P is presumably used to print the page. I have assumed that selecting the menu item using the mouse is ok.

Kaled.

grandpa




msg:3296534
 4:57 pm on Mar 29, 2007 (gmt 0)

That is a correct assumption that Ctrl-P is to print, and that the print worked fine from the menu. I like the faulty keylogger idea, except, it only affected Netscape? Why not FF, or IE, or Opera? To answer my own question, NS was set as the default browser.

I've removed all traces of Netscape. I've checked some of my system DLL's for authenticity. There isn't a recent enough backup that I would consider using today - meaning the backup/restore solution was pretty much of a waste of time. I'm going to find a better solution for that.

Bottom line for this problem, I think NS was corrupted and the indications were similar to an infection. I'll be monitoring closely over the next several days, and I'm still digging thru the system.

kaled




msg:3296604
 5:56 pm on Mar 29, 2007 (gmt 0)

Most browsers would install their own (local) keyboard hooks. Netscape might be unique in failing due a fault in its own keyboard hook handlers. I've never tried installing system-wide hooks for keyboards or anything else but it is normally necessary to pass the hooked message through to the next hook in the chain. This is likely to be where it goes wrong. It may be significant that you are using 2000 rather than XP - I believe hook handling was adjusted to avoid crashes.

Kaled.

encyclo




msg:3296611
 6:09 pm on Mar 29, 2007 (gmt 0)

Which version of Netscape are we talking about?

grandpa




msg:3296863
 10:40 pm on Mar 29, 2007 (gmt 0)

The Deleted Version :) I want to say 8.01 or was it 8.1.

I installed the 8.0 version, and followed up with their next day fix, no manual upgrades since that time.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Windows OS (XP/NT/Vista/Windows 7/8/9/10)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved