Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

Malware : Gpu based paravirtualization rootkit, all os vulne

March 22, 2017, 7:27 am
$
0
0
Author: cb3
Subject: Gpu based paravirtualization rootkit, all os vulne
Posted: 22 March 2017 at 2:27pm

Hello, this thread is no surprise to me. I have my reasons to be here as well. I want to learn how to validate my machines to hopefully be able to exclude this evilness. Is there any easy way to check whether my machines has been compromised? Unfortunately im not a high end windows admin, I would probably not even be able to tell if my machine is a VM or not unless someone guided me in the right direction

 
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 22, 2017, 8:43 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 22 March 2017 at 3:43pm

Originally posted by Alecajuice Alecajuice wrote:

Ok, so the new driver seems to have solved the high CPU issue, but now I randomly crash with BSOD stopcode DRIVER_POWER_STATE_FAILURE. Is this an issue with the driver I installed?


the dump shows crash related to ACPI issues for Device "VEN_8086&DEV_1901", which is Intel PCIe Controller .

I see there is a BIOS update 1.1.3 for your Dell XPS 15 9560, while you use 1.0.3


maybe this fixes the issue. your dell is a new model, so check for updates more often

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 22, 2017, 8:46 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 22 March 2017 at 3:46pm

Originally posted by GrimKodiak GrimKodiak wrote:

Hello fellow Sysinternals.com forum users,
I would like to ask for your help if I could please MagicAndre1981, as I'm sure you know already I have a problem with my computers CPU.  I have a dual core 3.4Ghz optiplex 745, the CPU% is around 50% use by System.exe, or Description: NT Kernel & System. 

the link is not working. Create a new link and this time only read. maybe someone modified/deleted it already.

Troubleshooting : Win10 freeze/hangs

March 22, 2017, 8:47 am
$
0
0
Author: MagicAndre1981
Subject: Win10 freeze/hangs
Posted: 22 March 2017 at 3:47pm

you should update to v1607 and look if you sill have issues. You still use the November 2015 version of Windows 10.

Development : nm or dumpbin equivalent

March 22, 2017, 8:49 am
$
0
0
Author: MagicAndre1981
Subject: nm or dumpbin equivalent
Posted: 22 March 2017 at 3:49pm

sysinternals has strings.exe utility to do this. You can also use findstr.exe, which is part of Windows.

Miscellaneous Utilities : Update livekd.exe mirror dump to not need kd.exe

March 22, 2017, 8:55 am

Miscellaneous Utilities : Sysmon 6.0 failed to install on Windows 2008

March 22, 2017, 9:01 am
$
0
0
Author: tmoser
Subject: Sysmon 6.0 failed to install on Windows 2008
Posted: 22 March 2017 at 4:01pm

Hi Folks,

Can you please post a link to a version of sysmon that IS COMPATIBLE with Windows Server 2008 (not R2)? We would like to use it with Splunk. I cannot make our IT change Windows 2008 for Windows Server 2012 now.  

Download page says v6.x is compatible only with Windows Server 2012+ and Googling didn't help.

Error Message:
The procedure entry point K32EnumProcesses could not be located in the dynamic link library KERNEL32.dll

Tomas

Process Explorer : PE won't open

March 22, 2017, 10:45 am
$
0
0
Author: richengels
Subject: PE won't open
Posted: 22 March 2017 at 5:45pm

I have similar issue.  Downloaded PE 16.2 today to replace older working version.  Now getting appcrash event when I try to start it.
Log Name:      Application
Source:        Windows Error Reporting
Date:          3/22/2017 1:29:24 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      HomeOffice
Description:
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: procexp64.exe
P2: 16.20.0.0
P3: 5892a9b5
P4: procexp64.exe
P5: 16.20.0.0
P6: 5892a9b5
P7: c0000005
P8: 00000000000635bf
P9: 
P10: 

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_procexp64.exe_4254a96521b5cfa33e6238132b89ad3675297f_9c850a4f_109bc08c

Analysis symbol: 
Rechecking for solution: 0
Report Id: 206dc22c-d473-473e-80da-b5a00cd56203
Report Status: 96
Hashed bucket: 
Event Xml:
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-03-22T17:29:24.951643900Z" />
    <EventRecordID>29188</EventRecordID>
    <Channel>Application</Channel>
    <Computer>HomeOffice</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>APPCRASH</Data>
    <Data>Not available</Data>
    <Data>0</Data>
    <Data>procexp64.exe</Data>
    <Data>16.20.0.0</Data>
    <Data>5892a9b5</Data>
    <Data>procexp64.exe</Data>
    <Data>16.20.0.0</Data>
    <Data>5892a9b5</Data>
    <Data>c0000005</Data>
    <Data>00000000000635bf</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_procexp64.exe_4254a96521b5cfa33e6238132b89ad3675297f_9c850a4f_109bc08c</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>206dc22c-d473-473e-80da-b5a00cd56203</Data>
    <Data>96</Data>
    <Data>
    </Data>
  </EventData>
</Event>
Search

Site Bugs : Searching forum for "delete" produces 500 error

March 22, 2017, 1:26 pm
$
0
0
Author: eyekaygee
Subject: Searching forum for "delete" produces 500 error
Posted: 22 March 2017 at 8:26pm

There seems to be a problem with the forum search engine. When I searched for posts with the string "sdelete" , an error 500 screen loaded.

Site Bugs : Searching forum for "delete" produces 500 error

March 22, 2017, 1:28 pm
$
0
0
Author: eyekaygee
Subject: Searching forum for "delete" produces 500 error
Posted: 22 March 2017 at 8:28pm

UPDATE

I tried searching for "sdelete" again, and the error did not reproduce. Instead, it showed mo original post here. Perhaps the error can be characterized as an error 500 screen dispalys when a search yields 0 results.

Miscellaneous Utilities : sdelete appropriate for SSD drives

March 22, 2017, 1:30 pm
$
0
0
Author: eyekaygee
Subject: sdelete appropriate for SSD drives
Posted: 22 March 2017 at 8:30pm

Is Sysinternals' Sdelete 2.0 utility appropriate for modern SSD drives?

Internals : Sysmon 6.1

March 22, 2017, 7:04 pm
$
0
0
Author: srmarco
Subject: Sysmon 6.1
Posted: 23 March 2017 at 2:04am

Hola
 
    I was just trying to install sysmon 6.1 on "Windows Server 2008 Enterprise" and present this ERROR. The OS is support.?
 
Faulting application Sysmon64.exe, version 6.1.0.0, time stamp 0x58bf0351, faulting module KERNEL32.dll!K32EnumProcesses, version 6.0.6002.24065, time stamp 0x589caa46, exception code 0xc0000139, fault offset 0x00000000000b65d8, process id 0x1754, application start time 0x01d2a35cd375e5e6.
 
Application popup: Sysmon64.exe - Entry Point Not Found : The procedure entry point K32EnumProcesses could not be located in the dynamic link library KERNEL32.dll.
 
Marco Díaz.
Gracias.

Process Explorer : How to get data from .ost file?

March 23, 2017, 1:43 am

BgInfo : Migrate BGInfo 4.16 to 4.20 Error ADODB 0x800A0BB9

March 23, 2017, 6:15 am
$
0
0
Author: jojo67140
Subject: Migrate BGInfo 4.16 to 4.20 Error ADODB 0x800A0BB9
Posted: 23 March 2017 at 1:15pm

Unfortunately the version posted as "new" (Published: February 17, 2017) is the same version v4.21 with no bug fixes !

All versions after the old v4.16 are not working for :
- Update Database (only INSERT works !)
- Windeows Versions above Win7 indicates version Windows NT6.2...

If only this 2 bugs were resolved it would be a great step forward !

Cry

Internals : Can I packaged sysinternals to deploy internally

March 23, 2017, 6:42 am
$
0
0
Author: Mark_E
Subject: Can I packaged sysinternals to deploy internally
Posted: 23 March 2017 at 1:42pm

Am I able to packaged Sysinternals into an MSI that will allow me to deploy certain tools the company's computers via SCCM?  I understand that Sysinternals allows for deployment to internal company's computers, but I'm not sure if they can be repackaged into an MSI. 
Search

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

March 23, 2017, 9:44 am
$
0
0
Author: GrimKodiak
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 23 March 2017 at 4:44pm

Hi MagicAndre1981
https://1drv.ms/u/s!Aqbr801_QU43jBKZ9RLuRNN6BTsh
theres the link and its still there maybe copy paste it if the hyperlink is not working
cause is in my first post the link is not complete so I copy pasted it and it was still there.
thanks

PsTools : Psexec and PSEXESVC service

March 23, 2017, 10:49 am
$
0
0
Author: NedBalzer
Subject: Psexec and PSEXESVC service
Posted: 23 March 2017 at 5:49pm

I am having a similar issue. I have a production SSIS package on server1 which psexec's a batch file on server2.  This has been working fine for months, until 3/22/17, when suddenly it stopped working. On server1, when I test the command from a command window, elevated to server admin, psexec64.exe is unable to start PSEXESVC on server2. I get the response "Could not start PSEXESVC on [server2]: %1 is not a valid Win32 application." Afterwards I can see that the PSEXESVC still exists in the service list on Server2. I can delete it with the sc.exe delete PSEXESVC command, but when I try again, the same thing happens.

Does this indicate a corrupt installation somewhere? I presume that the reason the temp service is not removed from server2 is because it never successfully started; what other reasons might cause it not to get deleted?

Any other suggestions? I have worked on this unsuccessfully for about a day and a half so far, and am very frustrated.

Thanks.

-- Ned

Miscellaneous Utilities : DebugView doesn't capture loadersnaps output

March 23, 2017, 6:16 pm
$
0
0
Author: RyanMolden
Subject: DebugView doesn't capture loadersnaps output
Posted: 24 March 2017 at 1:16am

When I enable LoaderSnaps via gflags DebugView doesn't capture them, why? Are they not using a normal debug output channel?

Utilities Suggestions : How to Repair Outlook PST Free of Cost?

March 23, 2017, 11:33 pm
$
0
0
Author: albert458
Subject: How to Repair Outlook PST Free of Cost?
Posted: 24 March 2017 at 6:33am

Hello everyone,
I used a tool that can easily recover Outlook PST file freeof cost and I want to share my experience with you. You can also rid ofcorruption issues with this utility. As you know scanpst.exe is free utilitythat is provided by Microsoft but I searched one more utility that can recoverOutlook PST files free of cost. You can search Softaken Outlook PST RepairTool. This is a free Outlook Recovery tool to recover Outlook PST file.Download this free of cost.

Process Explorer : A really dumb question????

March 24, 2017, 12:50 am
$
0
0
Author: dajazzmanrmr
Subject: A really dumb question????
Posted: 24 March 2017 at 7:50am

I have downloaded and installed Process explorer, and executed it following the installation. I closed it out to execute it from scratch and I can't find a thing. I use to use (cntrl alt del to execute task manager, and that still works, but I can't find a way to execute Process Explorer, what am I missing?
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>