PDA

View Full Version : File Scan Crashes System



XPCrasher
2017-11-05, 00:22
Over time I have accumulated many utilities from around the net. I recently started scanning the executable and dll's of each utility with SB-S&D. On some files, Windows gives up the ghost with a BSOD. The executables/dll's that crash Windows, always crash Windows. The ones that don't crash Windows never do. So the issue is quite repeatable. In either case, the files seem to run well. If possible I will upload the BSOD.

So my question is this: Why would SB-S&D crash, or XP, while SB-S&D is scanning a file? Any thoughts on this?

So why don't I just shut up and delete the files and have a few beers or something... I have thought about this a little bit. Primarily, most of these files are useful from time to time, and if possible I would like to keep them. But danger is lurking.

First, Danger Will Robinson, DANGER!!! Some time last year I download what I thought might be a useful utility call SysInternals from somewhere on the net. Likely CNET. I did not use SysInternals til early summer of this year around May. Unfortunately it brought along an uninvited guest that was unknown to SB-S&D or N360, (they both burped up a message saying so) and was able to rewrite Teatimer as well as destroying N360. Very mean.

I was only able to figure out where the problem was after I discovered the single file scan feature on Spybot. I scanned SysInternals executable and XP crashed with a BSOD. After reboot I scanned again, and twice more. I was convinced. I did a mil grade erase ( I had already discovered that the only way to get rid of the bug after its activation was this way) reloaded the ghost copy, booted to logon, shutdown and then into safe mode, and deleted that folder. On reboot I scanned a couple of other utilities and four failed with a BSOD. Unfortunately, I deleted them as well. Because of that, I can't say that the SysInternals program was contaminated 100%. Only 99.9%. My system as been solid as a rock since early September. You know I am happy after 3 months or so of tinkering, scan after scan, mil grade erase after...

Some interesting things though. None of these files were captured by SB-S&D or N360 on standard scans. One of the files , 2xExplorer, I had been using for many years and has been seen by SB-S&D many times, yet failed exhaustively with the single scan feature. One cad program, Inkscape, did not fail while compressed, but failed when extracted. Also, recently Piriform announced the freeware CClean install executable had been hijacked and rewritten and was data mining. I researched System Internals and found out it is suite of utilities owned by Microsoft. I went to Microsoft and downloaded directly the particular program I was using Process Explorer (procexp.exe) from them and it passed the Spybot scan. I have used it for six weeks or so with no problems.

So I am inclined to think that all may not be infected, but I have to live with the fact that they are, at the least, data mining, and yet may cause instability in certain cases.

Thanks.

PS. Backups rule.

Zenobia
2017-11-06, 06:40
I've been searching the forums and elsewhere for anything similar. Unfortunately I haven't been able to find much of anything similar to your problem.

As an aside, Microsoft support for Windows XP ended in 2014. For your own safety you perhaps would like to consider an alternative.
https://forums.spybot.info/showthread.php?425-UPDATED-WINDOWS-Your-first-line-of-defense&p=439680&viewfull=1#post439680
The Windows XP - Elephant in the Room topic in that post lists alternatives.

I did find some posts that mention complaints with the single file scan, however I can't find anything referencing it causing a bsod:
https://forums.spybot.info/showthread.php?61484-missing-feature-in-spybot
The post says that the single file scan was hidden in 1.6.2. You might have known to register it, or installed the components. Or if you perhaps still have Spybot 1.6 you might want to upgrade to Spybot 1.6.2. You can click help, then about up top to check the version number.

If you do have Spybot 1.6 and would like to upgrade to Spybot 1.6.2 then you'd need to uninstall, and Spybot 1.6.2 can be downloaded from here:
https://www.safer-networking.org/mirrors162/
If you wish to continue having the single file scanner, this post outlines how to get it during installation:
https://forums.spybot.info/showthread.php?52780-Right-Click-Scan-1-6-2&p=343373&viewfull=1#post343373
Some of the links contained in the post are outdated due to age, so this is the 'relevant to you' part:

So at the fresh install of Spybot:
1. select the language, the click OK,
2. then click Next,
3. accept the license agreement, click next,
4. select the destination location, click next,
5. then select components, TICK THE CHECKBOX IN FRONT OF "EXPLORER FILE SCAN PLUGIN (IN FILE CONTEXT MENU)

Then perform the other installation steps.

Best regards
Sandra
Team Spybot


I see the attachment wasn't able to be uploaded. Not sure I can help with the bsod and single file scan due to not being able to find similar info, but I could search the forums for anything similar, and hope some info comes up. :)
You could upload your attachment somewhere else, then post a link so I could see it. Somewhere like Imgur, maybe:
https://imgur.com/