Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware disabled laptop monitor


  • Please log in to reply
1 reply to this topic

#1 willigrund

willigrund

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 01 February 2015 - 06:35 PM

Greetings!

 

My daughter's laptop was recently infected with malware coupled with a forge installer while loading a Mine Craft mod.  Nasdaq in the Malware/virus section has graciously cleansed the laptop of infection and referred me to here.  The thread where Nasdaq aided me is here:

 

http://www.bleepingcomputer.com/forums/t/565048/unknown-malware/#entry3614386

 

Now, all that remains is that the laptop's (Dell Inspiron 3520 with Windows 8.1) monitor does not work, even during the boot process.  I am able to use a outboard monitor no problem, but since the infection occurance, the monitor is dark and the mobo speaker beeps 8 times.  The folks at Dell say that indicates a monitor failure and advised me to replace it.  Since this happened at the same time her laptop was taken down by the malware (her friend on a different laptop also had a similar incident, they just reloaded everything and went from there), I believe the monitor is fine and that a setting change was made during the infection.  The infection occurred during her attempting to load the Pixelmon mod with a Forge installer.

 

I tried switching with the keyboard hotkey from the outboard monitor to the flatscreen (no), tried rolling back the driver on the monitor window from the control panel (greyed out), tried to reinstall the driver from Dell's website (no luck and their diagnostic program gets shutdown while scanning her compute saying it's a bad internet connection, despite having a network cable with a cable internet connection).  I tried using the software restore point earlier than the infection with no luck.  I'll include the event log lifted from the driver window of the monitor on the date of the infection in hopes that helps.  I am hoping that the malware just told the windows to shut off the monitor and all I have to do is change a 0x0 to something else...

 

 

Zoe's toy is the child account, Maura is the admin

 

 

Many thanks in advance!!!

 

Now follows monitor driver event log of the date of the infection:

 

Log Name:      System
Source:        Microsoft-Windows-UserPnp
Date:          1/11/2015 4:27:01 PM
Event ID:      20001
Task Category: (7005)
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Zoestoy
Description:
Driver Management concluded the process to install driver monitor.inf_amd64_f403f8ba6ae7e03b\monitor.inf for Device Instance ID DISPLAY\MS_0003\4&DD0618F&0&UID67568640 with the following status: 0x0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-UserPnp" Guid="{96F4A050-7E31-453C-88BE-9634F4E02139}" />
    <EventID>20001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>7005</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-11T21:27:01.163889200Z" />
    <EventRecordID>71336</EventRecordID>
    <Correlation />
    <Execution ProcessID="1764" ThreadID="1772" />
    <Channel>System</Channel>
    <Computer>Zoestoy</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <InstallDeviceID xmlns="http://manifests.microsoft.com/win/2004/08/windows/userpnp">
      <DriverName>monitor.inf_amd64_f403f8ba6ae7e03b\monitor.inf</DriverName>
      <DriverVersion>6.3.9600.16384</DriverVersion>
      <DriverProvider>Microsoft</DriverProvider>
      <DeviceInstanceID>DISPLAY\MS_0003\4&amp;DD0618F&amp;0&amp;UID67568640</DeviceInstanceID>
      <SetupClass>{4D36E96E-E325-11CE-BFC1-08002BE10318}</SetupClass>
      <RebootOption>false</RebootOption>
      <UpgradeDevice>false</UpgradeDevice>
      <IsDriverOEM>false</IsDriverOEM>
      <InstallStatus>0x0</InstallStatus>
      <DriverDescription>Digital Flat Panel (1024x768 60Hz)</DriverDescription>
    </InstallDeviceID>
  </UserData>
</Event>

Log Name:      Microsoft-Windows-Kernel-PnP/Configuration
Source:        Microsoft-Windows-Kernel-PnP
Date:          1/11/2015 4:35:18 PM
Event ID:      400
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Zoestoy
Description:
The description for Event ID 400 from source Microsoft-Windows-Kernel-PnP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

DISPLAY\MS_0003\4&dd0618f&0&UID67568640
monitor.inf
EV_RenderedValue_2.00
06/21/2006
6.3.9600.16384
Microsoft
True
Laptop1024x768x60.Install
16711680
MONITOR\MS_0003
monitor.inf:*PNP09FF:00FF2000
False
0

the message resource is present but the message is not found in the string/message table

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
    <EventID>400</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-11T21:35:18.684011000Z" />
    <EventRecordID>555</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="184" />
    <Channel>Microsoft-Windows-Kernel-PnP/Configuration</Channel>
    <Computer>Zoestoy</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="DeviceInstanceId">DISPLAY\MS_0003\4&amp;dd0618f&amp;0&amp;UID67568640</Data>
    <Data Name="DriverName">monitor.inf</Data>
    <Data Name="ClassGuid">{4D36E96E-E325-11CE-BFC1-08002BE10318}</Data>
    <Data Name="DriverDate">06/21/2006</Data>
    <Data Name="DriverVersion">6.3.9600.16384</Data>
    <Data Name="DriverProvider">Microsoft</Data>
    <Data Name="DriverInbox">true</Data>
    <Data Name="DriverSection">Laptop1024x768x60.Install</Data>
    <Data Name="DriverRank">0xff0000</Data>
    <Data Name="MatchingDeviceId">MONITOR\MS_0003</Data>
    <Data Name="OutrankedDrivers">monitor.inf:*PNP09FF:00FF2000</Data>
    <Data Name="DeviceUpdated">false</Data>
    <Data Name="Status">0x0</Data>
  </EventData>
</Event>

Log Name:      Microsoft-Windows-Kernel-PnP/Configuration
Source:        Microsoft-Windows-Kernel-PnP
Date:          1/11/2015 4:35:18 PM
Event ID:      410
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Zoestoy
Description:
The description for Event ID 410 from source Microsoft-Windows-Kernel-PnP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

DISPLAY\MS_0003\4&dd0618f&0&UID67568640
monitor.inf
EV_RenderedValue_2.00
monitor
0
0

the message resource is present but the message is not found in the string/message table

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-PnP" Guid="{9C205A39-1250-487D-ABD7-E831C6290539}" />
    <EventID>410</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-11T21:35:18.762166100Z" />
    <EventRecordID>556</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="176" />
    <Channel>Microsoft-Windows-Kernel-PnP/Configuration</Channel>
    <Computer>Zoestoy</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="DeviceInstanceId">DISPLAY\MS_0003\4&amp;dd0618f&amp;0&amp;UID67568640</Data>
    <Data Name="DriverName">monitor.inf</Data>
    <Data Name="ClassGuid">{4D36E96E-E325-11CE-BFC1-08002BE10318}</Data>
    <Data Name="ServiceName">monitor</Data>
    <Data Name="LowerFilters">
    </Data>
    <Data Name="UpperFilters">
    </Data>
    <Data Name="Problem">0x0</Data>
    <Data Name="Status">0x0</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-UserPnp
Date:          1/11/2015 4:35:18 PM
Event ID:      20001
Task Category: (7005)
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      Zoestoy
Description:
Driver Management concluded the process to install driver monitor.inf_amd64_f403f8ba6ae7e03b\monitor.inf for Device Instance ID DISPLAY\MS_0003\4&DD0618F&0&UID67568640 with the following status: 0x0.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-UserPnp" Guid="{96F4A050-7E31-453C-88BE-9634F4E02139}" />
    <EventID>20001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>7005</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2015-01-11T21:35:18.887144600Z" />
    <EventRecordID>71385</EventRecordID>
    <Correlation />
    <Execution ProcessID="1692" ThreadID="1700" />
    <Channel>System</Channel>
    <Computer>Zoestoy</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <InstallDeviceID xmlns="http://manifests.microsoft.com/win/2004/08/windows/userpnp">
      <DriverName>monitor.inf_amd64_f403f8ba6ae7e03b\monitor.inf</DriverName>
      <DriverVersion>6.3.9600.16384</DriverVersion>
      <DriverProvider>Microsoft</DriverProvider>
      <DeviceInstanceID>DISPLAY\MS_0003\4&amp;DD0618F&amp;0&amp;UID67568640</DeviceInstanceID>
      <SetupClass>{4D36E96E-E325-11CE-BFC1-08002BE10318}</SetupClass>
      <RebootOption>false</RebootOption>
      <UpgradeDevice>false</UpgradeDevice>
      <IsDriverOEM>false</IsDriverOEM>
      <InstallStatus>0x0</InstallStatus>
      <DriverDescription>Digital Flat Panel (1024x768 60Hz)</DriverDescription>
    </InstallDeviceID>
  </UserData>
</Event>

 

 



BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 PM

Posted 02 February 2015 - 11:42 PM

Hi, according to the beep code from Dell, the problem comes from the LCD itself as it means requires a replacement.


Tekken
 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users