Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2008 R2 SP1 -- dotNET meltdown


  • Please log in to reply
44 replies to this topic

#31 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 10 December 2018 - 05:36 PM

Problem is that SUR doesn't even reach that prompt you mention. It opens a popup "Preparing Installation" with a sliding bar that crashes after 4-5 seconds with the error window I mentioned. Launching ProcMon just before SUR and stopping it after SUR crashes produces a 60MB file (w/ tons of crap from background apps). Do you want that?

 

Yes but compress the file please.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


BC AdBot (Login to Remove)

 


#32 Aleonymous

Aleonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 11 December 2018 - 03:09 AM

Good morning. Here are the logs:

https://www.dropbox.com/s/ca1esjpf1f5z6gi/CBS.zip?dl=0 (CBS)

https://www.dropbox.com/s/xjaav53q260w6t5/Logfile.zip?dl=0 (ProcMon Logfile.PML)

 

EDIT: I've been getting several "(Windows) explorer stopped working" crashes today. Like 4-5 in the last hour.


Edited by Aleonymous, 11 December 2018 - 05:50 AM.


#33 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 11 December 2018 - 05:54 AM

Hi,

 

Good morning.

 

I coudn't find errors on the logs!

 

My suggestion is to do a Clean Boot including disabling the Antivirus and run SUR in that mode.

 

Its important to run SUR successfully at least one time to make sure there are no other problems that need fixing, the tool checks several things on the Windows Registry, Windows component store, etc. that are critical for the system to work.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#34 Aleonymous

Aleonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 11 December 2018 - 11:13 AM

Clean Boot didn't help (SUR crashed again, same error) -- BUT, I re-downloaded the MSU file and (in a regular boot) it started and completed nicely. It took quite a bit of time, offered to install an update (KB947821 I think) to which I said yes; it took even more time to install, but completed successfully. Here's the generated CBS\CheckSUR.log (apparently "good"):

 

=================================
Checking System Update Readiness.
Binary Version 6.1.7601.22471
Package Version 26.0
2018-12-11 17:55
 
Checking Windows Servicing Packages
 
Checking Package Manifests and Catalogs
 
Checking Package Watchlist
 
Checking Component Watchlist
 
Checking Packages
 
Checking Component Store
(f) CSI Payload File Missing 0x00000000 ServiceModel.mof x86_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.17514_none_c67936fbde6722ba 
(fix) CSI Payload File Missing CSI File Replaced File: ServiceModel.mof From: C:\Windows\winsxs\amd64_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.17514_none_2297d27f96c493f0\ServiceModel.mof
(f) CSI Payload File Missing 0x00000000 ServiceModel.mof x86_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.18532_none_c6617fc7de79418f 
(fix) CSI Payload File Missing CSI File Replaced File: ServiceModel.mof From: C:\Windows\winsxs\amd64_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.17514_none_2297d27f96c493f0\ServiceModel.mof
(f) CSI Payload File Missing 0x00000000 ServiceModel.mof x86_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.22743_none_c6e14ed6f79e13c8 
(fix) CSI Payload File Missing CSI File Replaced File: ServiceModel.mof From: C:\Windows\winsxs\amd64_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.17514_none_2297d27f96c493f0\ServiceModel.mof
 
Summary:
Seconds executed: 848
 Found 3 errors
 Fixed 3 errors
  CSI Payload File Missing Total count: 3
  Fixed: CSI Payload File Missing.  Total count: 3
Customer Experience report successfully uploaded.  Thank you for participating.  For more information, see the Microsoft Customer Experience Improvement Program on the Microsoft web site.


#35 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 11 December 2018 - 11:40 AM

Hi,

 

Good call on re-downloading the file, I didn't thought on that!

 

Yep the SUR tool (KB947821) can take a long time because it does allot of work.

 

The log looks nice, the 3 errors detected got fixed using the replacements provided by us using SFCFIX.

 

The problem with the exe's continues? could it be also a problem of a corrupted download?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#36 Aleonymous

Aleonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 11 December 2018 - 12:29 PM

Problems with EXEs persist. I redownloaded both of the ones that I found not working (CCleaner [regular] installer and Viber [it apparently installs right, but won't launch]), and no joy :(

 

Also, the Language icon is still gone from the Taskbar. Trying a regedit mod I found (EDIT: It worked :) )

This method will enable the startup service required for language bar:
1. Go to Registry editor by typing ‘regedit’ in Run dialog box. Go to the following location,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2. Right Click on blank space in right side, select New String Value.
3. Again right click on newly created value and press modify, then type “ctfmon”=”CTFMON.EXE”
4. Press OK, restart your computer. Now you can see the language bar in vista or Windows 7.

Edited by Aleonymous, 11 December 2018 - 12:33 PM.


#37 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 11 December 2018 - 01:51 PM

Anything recorded on the Windows Event Viewer when you start Viber?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#38 Aleonymous

Aleonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 11 December 2018 - 03:18 PM

There's millions of logs though, so what/where exactly would I'd be looking? I searched in recent (past hour) errors related to the failing applications. I can't find something about Viber (only 2week old entries), but, the CCleaner error is indeed logged (Administrative Events\Application Error) multiple times; here's some details:

Faulting application name: ccsetup550.exe, version: 5.50.0.6911, time stamp: 0x5682fc79
Faulting module name: asdk.dll, version: 18.1.97.0, time stamp: 0x5b1a913d
Exception code: 0x40000015
Fault offset: 0x000b08a0
Faulting process id: 0xd34
Faulting application start time: 0x01d49175e5f942df
Faulting application path: C:\Users\Administrator\Desktop\HDD crisis\OS failing\ccsetup550.exe
Faulting module path: C:\Users\ADMINI~1\AppData\Local\Temp\1\nsyF6DE.tmp\a\asdk.dll
Report Id: 263a841b-fd69-11e8-abf7-0022159edfd5


#39 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 11 December 2018 - 03:53 PM

Hi,

 

I think you can ignore that error from CCleaner because I found similar reports on-line from other users, it seems something fails when the program tries offers to install Avast Antivirus besides CCleaner! seems that the problem started with the 550 installer...

 

The other OS problems you initial report are solved?

 

  • 1. Can't open Server Manager (MMC could not create the snap-in, CLSID: FX:{18ea...8fbb})
  • 2. Can't access Windows Features On/Off toggles

 

If you create a new user with Administrator privileges and run the programs on the new user the problem remains?


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#40 Aleonymous

Aleonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 12 December 2018 - 06:41 AM

Yes, those two issues (Server Manager and Windows Features) are solved, after that SFCFix you sent me. Thanks again for that! :)

 

I will try creating a new Admin user and test-run these programs (Viber, actually) and report back.



#41 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 12 December 2018 - 08:23 AM

Ok, thanks.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#42 Aleonymous

Aleonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 13 December 2018 - 07:38 AM

No joy :(

 

I created a new Admin account and...

1. Viber won't even install. The installer aborts midway saying "something caused a problem" :)

2. I found a new program that won't run: PDFsam (split and merge) basic. I reinstalled it (as it was Java-based, and I suspected the Java re-install broke it), but no good. I glimpse the splash-screen on startup for a fraction of a second, and then it just goes away (no message/popup, no error on EventViewer logs etc).



#43 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 13 December 2018 - 08:31 AM

Hi,

 

This may help https://pdfsam.org/pdfsam-basic/debug-pdfsam-basic-doesnt-start/1842/

 

 

Let me know the output you get.


Edited by SleepyDude, 13 December 2018 - 08:32 AM.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#44 Aleonymous

Aleonymous
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 13 December 2018 - 08:54 AM

Thanks for that, I didn't check... Obviously something wrong with java. Looks line a(nother) re-install is due, as I can't access Java settings from Control Panel either...

C:\Program Files\Java\jre1.8.0_191\lib\rt.jar: invalid LOC header (bad signature)
Error occurred during initialization of VM
java.lang.NoClassDefFoundError: sun/misc/JavaLangRefAccess
        at java.lang.ref.Reference.<clinit>(Unknown Source)
 
Press any key to continue . . .


#45 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:54 PM

Posted 13 December 2018 - 09:06 AM

It seems to indicate a bad file! remove Java completely and make sure the folder C:\Program Files\Java is empty then re-install Java.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users