![\"dumbest\"](\"https:\/\/www.tungsai.com\/blog\/wp-content\/uploads\/2008\/01\/dumbest.jpg\")
<\/a> <\/p>\nImportant – Errors found in the system<\/strong><\/p>\n During the scan of files which are start automatically at computer startup, a critical errors in system registry were found.<\/strong><\/p>\n 0x01ff0010 irql: 1f SYSVER 0xbf04014<\/strong><\/p>\n NT_Kernel error 1276 (EXCEPTION NOT HANDLED)<\/strong><\/p>\n [ OK ]<\/strong><\/p>\n <\/p>\n So dumb, it’s not even worth commenting how many red lights go off. They just threw a bunch of random windows terminology together! I logged out, then back in, and, the same message popped up again. And again, after a 2nd logout. And again, after a 2nd reboot. I guess maybe they rotate at some random, unknown cycle.<\/p>\n I ran REGEDIT and looked in the Start > Run areas where malware likes to hide; and nothing of note whatsoever there. some NVidia stuff and Pivot Pro, my 3rd party software (Well past its expired trial period), and my AV stuff but nothing weird.<\/p>\n <\/p>\n The thing is, these messages show up as actual APPS running in the Windows Task manager, yet I can find NO registry, DLL, startup, whatever, of what is spawning them! I really think that possibly some key system DLL or exe has been comprimised but I CANNOT tell which. <\/p>\n <\/p>\n The SysInternals program ProcExp.exe verified every single EXE I could see. Besides, I don’t think it does a very good job of showing me every execution thread; because when I opened five explorer windows, it did not indicate any new sub-threads of explorer.exe: (Click to Enlarge)<\/p>\n So this program does not help me.<\/p>\n SIGH!<\/p>\n","protected":false},"excerpt":{"rendered":" The saga of my unknown malware continues. I tried that RunAnalyzer, and it was just so much information that I had no idea what was legitimate and what wasn’t. Sorry, but I don’t have hours to parse through all that information. I will say that it is very interesting though. So, I rebooted, to see… Continue reading Reboot caused new, lamer message to appear<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-95","post","type-post","status-publish","format-standard","hentry","category-windows","entry"],"_links":{"self":[{"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/95","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95"}],"version-history":[{"count":0,"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/95\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tungsai.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/a> <\/p>\n<\/a> <\/p>\n