Thread: Back from the brink

  1. #1
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607

    Back from the brink

    Well here I am after another fun re-install of W7 x64. For some strange reason all my apps started crashing with appcrash in kernelbase.dll. Google was of little help and although I scanned and removed everything possible including 1 rootkit....it still would not come back.

    Why is it that no matter how much experience I gain in software there is always some virus out there that can baffle me and bring my system down enough to require a reinstall?

    And...through this experience all I can say is the Windows registry is still just as much of a hackfest mess as it was when it was conceived. Actually it's probably far worse now.

  2. #2
    Registered User
    Join Date
    Jun 2005
    Posts
    6,815
    Quote Originally Posted by VirtualAce View Post
    Why is it that no matter how much experience I gain in software there is always some virus out there that can baffle me and bring my system down enough to require a reinstall?
    From your description, an additional possibility is that you browse too many questionable sites, download and install too much untrustworthy programs, and/or click too many of those links you receive in spam email from Nigerian princes.

    That suggests you need to get out more
    Right 98% of the time, and don't care about the other 3%.

    If I seem grumpy or unhelpful in reply to you, or tell you you need to demonstrate more effort before you can expect help, it is likely you deserve it. Suck it up, Buttercup, and read this, this, and this before posting again.

  3. #3
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    Hehe. Actually my wife's system is dead right now (blown caps) and she was playing some facebook game when the virus scanner went crazy. She blocked it but I'm sure the damage was done. The logs of both Comodo and Avira did not really show any extremely dangerous activity. I really am at a loss as to what happened. I even tried running sfc to restore the default system dlls and it did not work. It is possible, although not plausible, that I actually had some corrupted files due to bad shutdowns. That does not makes sense...but it is all I can come up with. Some of the supposed rootkits might be due to my gaming habit which tends to install all types of malware-esque nefarious pieces of trash like Securom, Tages, etc. I actually prefer the 'always online' DRM as opposed to the 'fill my system with horrid pieces of software I cannot remove' approach.

    I was doing Direct3D and XNA coding the night before it all died so I know everything worked not 10 hours before this all happened. It had to have occurred either on Facebook or perhaps on boot up when my wife started the system.

    I probably could have fired up WinDbg to find out exactly how and where MSVS C# and C++ were crashing and why the event log was saying it was due to kernelbase.dll.....but I opted to re-install instead.

  4. #4
    Registered User
    Join Date
    Nov 2010
    Location
    Long Beach, CA
    Posts
    5,909
    Quote Originally Posted by VirtualAce View Post
    Why is it that no matter how much experience I gain in software there is always some virus out there that can baffle me and bring my system down enough to require a reinstall?
    Umm...because your increased experience results in increased confidence, which leads you to think you can wade deeper into the kinky, twisted, dangerous pr0n sites to satisfy your sick desires ?

    EDIT: I guess grumpy beat me to the porn joke. Stupid work getting in the way of fun.

  5. #5
    Registered User rogster001's Avatar
    Join Date
    Aug 2006
    Location
    Liverpool UK
    Posts
    1,472
    I like the note about experience 'familiarity breeds contempt?' . I like to think i browse with one eye open, but am proably complacent, - have yet to be brought down by anything - other than as virtualace says, bad shutdowns - which i used to sneer at -unplugging computer when couldnt be arsed waiting but hey - after a reinstall its a lesson learnt, patience, shutdown properly, and that includes the damn usbs or peripherals, i went green once after a foray into 'hacking' when i thought i had been properly done by my own messing around, on some silly rail network site, just to see, - wont be doing that again, dont like bad internet stuff.
    Last edited by rogster001; 10-12-2012 at 03:29 PM.
    Thought for the day:
    "Are you sure your sanity chip is fully screwed in sir?" (Kryten)
    FLTK: "The most fun you can have with your clothes on."

    Stroustrup:
    "If I had thought of it and had some marketing sense every computer and just about any gadget would have had a little 'C++ Inside' sticker on it'"

  6. #6
    Registered User
    Join Date
    Jun 2005
    Posts
    6,815
    Anduril, I didn't mention the p-word

    I will also point out that one of the ways to destabilise many systems is developing non-trivial software on it.

    Ironically enough, there are a number of developer kits (and associated runtimes for distribution to users) that are designed to make it easier to develop, package, and distribute software, but those developer kits or runtimes often destabilise systems in some ways (incompatibilities with particular service packs, DLL hell, etc).

    In the MS-DOS days, I was stepping through a failing program in an IDE. The first time through, it crashed the IDE. I duly restarted, and tried to step through again ... and it overwrote the boot sector on my C drive. Fortunately, I was able to recover (enough know-how and good backups). Looking at the offending code after I recovered it (I printed it out, rather than running it) .... well, let's just say I learned a lot about pointer molestation that day.
    Right 98% of the time, and don't care about the other 3%.

    If I seem grumpy or unhelpful in reply to you, or tell you you need to demonstrate more effort before you can expect help, it is likely you deserve it. Suck it up, Buttercup, and read this, this, and this before posting again.

  7. #7
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    Ok everyone time to fall down on the floor laughing at me. This is really bad...I mean really bad.

    I just figured out what the heck was going on while debugging my app again. Remember I said the night before this happened I was debugging Direct3D? Well I set Direct3D to use the debug runtimes, set the output to the third notch over AND told it to break on allocID 300. This is b/c prior outputs showed that allocID 300 was leaked and I wanted to see what was leaking. Well I never found it and had to go to bed. However....I failed to set Direct3D back to release and remove the allocID.

    So....the reason MSVS 2010 was not working but 2008 and 2005 were is b/c 2010 uses WPF under the hood which uses Direct3D. The reason my Steam games were not working is b/c they all use Direct3D in some form or another. IE: The crash was occurring b/c Direct3D was firing off a hard breakpoint which gives no information in release mode but does cause the application to crash (IE: APPCRASH) pretty hard with no apparent reason.

    So in short I reinstalled Windows today b/c I'm a complete and utter moron. The system was acting fine otherwise b/c....newsflash it was fine for the most part. The viruses in quarantine were quarantined by my anti virus program and did not affect the system. The only true issue I found was the rootkit but other than that the system was fine.

    So now you can laugh me out of the forum b/c I'm going to go hang my head in shame.


    Bad Direct3D developer......oh so bad......

    EDIT:
    Normally being able to reproduce behavior is a good thing. In this case it is not. Just to test it I set Direct3D to debug and set allocID to 300 and started MSVS 2010. Guess what. Crashed hard in kernelbase.dll. I go to Steam and try to play games....crash. Change Direct3D back to retail or release and remove the allocID...everything works as expected.

    This is probably the worst mistake I have ever made. OMG. There are no words. Major facepalm here.
    Last edited by VirtualAce; 10-12-2012 at 11:43 PM.

  8. #8
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Quote Originally Posted by VirtualAce View Post
    I just figured out what the heck was going on while debugging my app again. Remember I said the night before this happened I was debugging Direct3D? Well I set Direct3D to use the debug runtimes, set the output to the third notch over AND told it to break on allocID 300. This is b/c prior outputs showed that allocID 300 was leaked and I wanted to see what was leaking. Well I never found it and had to go to bed. However....I failed to set Direct3D back to release and remove the allocID.

    So....the reason MSVS 2010 was not working but 2008 and 2005 were is b/c 2010 uses WPF under the hood which uses Direct3D. The reason my Steam games were not working is b/c they all use Direct3D in some form or another. IE: The crash was occurring b/c Direct3D was firing off a hard breakpoint which gives no information in release mode but does cause the application to crash (IE: APPCRASH) pretty hard with no apparent reason.

    So in short I reinstalled Windows today b/c I'm a complete and utter moron. The system was acting fine otherwise b/c....newsflash it was fine for the most part. The viruses in quarantine were quarantined by my anti virus program and did not affect the system. The only true issue I found was the rootkit but other than that the system was fine.
    I feel better now.

  9. #9
    Registered /usr
    Join Date
    Aug 2001
    Location
    Newport, South Wales, UK
    Posts
    1,273
    Would this not have been one of those wonderful problems that the oft-maligned feature known as "System Restore" could have fixed?

  10. #10
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    Nope System Restore did not fix it. Nothing fixed it. I worked for hours before re-installing. Re-installing was my last resort b/c I really did not want to. One simple look at the Direct3D control panel would have fixed my issue. Live and learn.

  11. #11
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    O_o

    This sort of thing is why everyone who manages a "Windows" system needs to spend a few months with the administrator tools Microsoft publishes for systems builders.

    I'm serious. (I don't want this to devolve into a flame war. This is a legitimate show of gratitude from one developer to another.) Microsoft may do some wonky things, but the system builder tools are fantastic. I'd bet money more time was spent waiting on "System Restore" than would have taken to rebuild the system with the "Deployment" tools and a relevant image ready at arms length.

    If you've never used them, you absolutely can add incremental games or utilities to the image. (At least, you have been able to do so from the "Windows XP" release.) It isn't a "rebuild the image from scratch every time you download a new Steam game" situation or anything.

    Soma

  12. #12
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    Quote Originally Posted by grumpy View Post
    From your description, an additional possibility is that you browse too many questionable sites, download and install too much untrustworthy programs, and/or click too many of those links you receive in spam email from Nigerian princes.
    From those World of Warcraft days I got the impression, that a Windows install with Flash and Adobe PDF Reader that is only updated once a week (a good cycle for a non-computer person) has to be considered to be compromised. You don't even need to do anything but surfing normal sites with ad banners. Your account will be robbed in less than this week if a vulnerability comes out.

    There is a saying: Adobe has 2 Product lines: Photoshop and Malware hosts.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  13. #13
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    Yes you can browse any type of site now and get malware or viruses. The good thing is though that most are not as intrusive or disastrous as they used to be. The trend now is to hide them and allow them to transmit data to secret servers. In the old days it the trend was trash your system but those are relatively easy to fix. The 'guerilla warfare' type malware and viruses today are not so simple to fix and they can transmit your personal data all over the web.

    It makes me wonder though. Let's say you write a virus and it just so happens to be successful and connect to your server every time....which we know is bunk. How many times have you coded sockets and knew the server was there yet the darn thing would not connect? So let's say it connects 50% of the time (given you keep your server up at all times) and trasmits data from a keylogger. Who is really going to go through all the garbly gook from thousands of systems across the world just to see what info they can steal? Do you realize what kind of undertaking that would be? Heck I don't even like reading XML files longer than 200 lines much less text files or binary files that are ten thousand lines long. I think it is far more worrisome to log into various online shops and type in your bank card data and have it stolen there than some program listening to every single keystroke that you type and then attempting to send that across the world to some hopefully existent server....if it even connected in the first place.

  14. #14
    Registered User
    Join Date
    Jun 2005
    Posts
    6,815
    Quote Originally Posted by VirtualAce View Post
    Who is really going to go through all the garbly gook from thousands of systems across the world just to see what info they can steal?
    Someone who has the computing resources and inexpensive people resources to do that, and who has something to gain by doing it.

    Espionage (whether corporate, industrial, government sponsored, or even individually sponsored) is like that. If it is technically possible, and the possible gains exceed the costs of doing it, then there is potential someone will do it.

    There will also be people (or organisations) who will try, only to give up if it proves the gain is less than the cost.
    Right 98% of the time, and don't care about the other 3%.

    If I seem grumpy or unhelpful in reply to you, or tell you you need to demonstrate more effort before you can expect help, it is likely you deserve it. Suck it up, Buttercup, and read this, this, and this before posting again.

  15. #15
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Worst virus I ever got was one that seemingly managed to flash over my BIOS (or maybe I'm just nuts) because before it even got to the post screens basically the second I pressed the power button a red screen with yellow text would pop up that said "I GOT UR COMPUTER" and from there would just hang. I ended up having to throw that computer away after I pulled the CMOS to try to reset it and it just stopped posting when I put it back. Luckily it was quite old at that point, anyway.
    Last edited by SlyMaelstrom; 10-16-2012 at 08:13 AM.
    Sent from my iPadŽ

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. DNF back again?
    By bernt in forum General Discussions
    Replies: 0
    Last Post: 09-03-2010, 01:43 PM
  2. C is back on top
    By idelovski in forum Tech Board
    Replies: 12
    Last Post: 04-10-2010, 07:45 AM
  3. Some woman back ended my car today, and back hurts
    By Terrance in forum A Brief History of Cprogramming.com
    Replies: 19
    Last Post: 08-20-2003, 12:42 AM
  4. Back on
    By Govtcheez in forum A Brief History of Cprogramming.com
    Replies: 21
    Last Post: 01-23-2003, 04:22 PM
  5. I am back
    By NANO in forum C++ Programming
    Replies: 0
    Last Post: 06-24-2002, 11:00 AM