Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual errors.


  • Please log in to reply
6 replies to this topic

#1 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,236 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:19 PM

Posted 20 November 2014 - 06:17 PM

Hi People.

 

I hope someone can shed some light on this for me, as it is very unusual set of errors.

 

Machine is Win7x64 HP Optiplex. First up comes an error from Kaspersky;

 

-----------------------------------------------------

20/11/2014 10:47:32 AM               Object corrupted             Corrupted           C:\Documents and Settings\instrument\Downloads\VMware-player-5.0.2-1031769.exe/vmci.cat.40182DFB_F442_44E6_8020_0A2D08B2E86C    

-----------------------------------------------------

 

So, this is strange because VMWare has not been installed in this machine, so the object shouldn't decompress in a way the scanner can detect this. The signature of the file is fine and it checks out to scans.

 

and then there are these three errors in the same time period;

 

--------------------------------------------------------------------------------------

Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

Faulting module name: igdumd32.dll, version: 8.15.10.2639, time stamp: 0x4f29a518

Exception code: 0xc0000005

Fault offset: 0x0027cac8

Faulting process id: 0x1030

Faulting application start time: 0x01d003ab2c8bb40c

Faulting application path: C:\Windows\system32\DllHost.exe

Faulting module path: C:\Windows\system32\igdumd32.dll

Report Id: 6a54cf79-6f9e-11e4-bd46-001018eb07b7

 

Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

Faulting module name: igdumd32.dll, version: 8.15.10.2639, time stamp: 0x4f29a518

Exception code: 0xc0000005

Fault offset: 0x0027cac8

Faulting process id: 0xc68

Faulting application start time: 0x01d003ab0ea4617c

Faulting application path: C:\Windows\system32\DllHost.exe

Faulting module path: C:\Windows\system32\igdumd32.dll

Report Id: 5403e219-6f9e-11e4-bd46-001018eb07b7

 

Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc6b7

Faulting module name: igdumd32.dll, version: 8.15.10.2639, time stamp: 0x4f29a518

Exception code: 0xc0000005

Fault offset: 0x0027cac8

Faulting process id: 0x1268

Faulting application start time: 0x01d003aaa28c63b3

Faulting application path: C:\Windows\system32\DllHost.exe

Faulting module path: C:\Windows\system32\igdumd32.dll

Report Id: e85963be-6f9d-11e4-bd46-001018eb07b7

---------------------------------------------------------------------------------------------------------

 

The second I saw these alarm bells went off as dllhost.exe is a Vista file, and on checking igdumd31.dll I can see it is also a Vista driver. But both of the files check out and are legit. I looked through the logs and this isn't something that has been going on for ages, it's a new error, so it seems unlikely to me that HP installed the wrong driver for the machine on setup.

 

I recently saw a dllhost.exe error here on another Win7 machine, I wonder if these are related?

 

What the hell is going on?



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:19 AM

Posted 20 November 2014 - 06:39 PM

Hi,
 

Hi People.
 
I hope someone can shed some light on this for me, as it is very unusual set of errors.
 
Machine is Win7x64 HP Optiplex. First up comes an error from Kaspersky;
 
-----------------------------------------------------
20/11/2014 10:47:32 AM               Object corrupted             Corrupted           C:\Documents and Settings\instrument\Downloads\VMware-player-5.0.2-1031769.exe/vmci.cat.40182DFB_F442_44E6_8020_0A2D08B2E86C    
-----------------------------------------------------
 
So, this is strange because VMWare has not been installed in this machine, so the object shouldn't decompress in a way the scanner can detect this. The signature of the file is fine and it checks out to scans.

 
Some setups are compressed using know methods and this allow the Antivirus scanners to scan the files inside, in this case the scanner doesn't like the format of the .cat file inside for some reason.

 

The others seems related to the graphic driver so I would suggest an update of the driver.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,236 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:19 PM

Posted 20 November 2014 - 06:59 PM

Hi,
 

-----------------------------------------------------
20/11/2014 10:47:32 AM               Object corrupted             Corrupted           C:\Documents and Settings\instrument\Downloads\VMware-player-5.0.2-1031769.exe/vmci.cat.40182DFB_F442_44E6_8020_0A2D08B2E86C    
-----------------------------------------------------
 
So, this is strange because VMWare has not been installed in this machine, so the object shouldn't decompress in a way the scanner can detect this. The signature of the file is fine and it checks out to scans.

 
Some setups are compressed using know methods and this allow the Antivirus scanners to scan the files inside, in this case the scanner doesn't like the format of the .cat file inside for some reason.

Thanks for confirming this suspicion in relation to scanning. Though the file has been present and un-accessed for years, maybe the file was corrupted via bad sectors, fragmentation or file system corruption.

 

The others seems related to the graphic driver so I would suggest an update of the driver.

Yes, it is obvious to update the driver. But that doesn't explain why there are legit MS Vista only system files in this Win7 pc that have only become an error now, after years of functioning fine.

 

But now checking another Win7 machine I can see this dllhost.exe present also... I'm not sure when this was introduced to Win7. Systemlookup needs updating on this also...



#4 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,236 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:19 PM

Posted 20 November 2014 - 07:03 PM

Hmmmm, maybe this is all just simple file corruption... I'm going to check the filesystem and hard drive.

 

Cheers SleepyDude



#5 TsVk!

TsVk!

    penguin farmer

  • Topic Starter

  • Members
  • 6,236 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:01:19 PM

Posted 20 November 2014 - 09:05 PM

Yup, corrupt sectors...



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:19 AM

Posted 21 November 2014 - 04:26 AM

Yup, corrupt sectors...

 

:thumbup2:


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 technonymous

technonymous

  • Members
  • 2,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:19 PM

Posted 21 November 2014 - 07:57 PM

The dllhost.exe error is probably generated during that download from the ASP website with crappy VBScript, JScript, or PerlScript in it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users