Discussion:
Crash when I install AV
(too old to reply)
W***@Cowboy.net
2017-08-07 00:04:26 UTC
Permalink
Raw Message
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
David E. Ross
2017-08-07 00:43:23 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.

Where did you get the Windows 7 that you installed?
--
David E. Ross
<http://www.rossde.com/>

President Trump demands loyalty to himself from Republican members
of Congress. I always thought that members of Congress -- House
and Senate -- were required to be loyal to the people of the
United States. In any case, they all swore an oath of office
to be loyal to the Constitution.
Paul
2017-08-07 03:22:11 UTC
Permalink
Raw Message
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.

Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.

For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.

The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.

*******

If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
I can do:

diskpart
list disk
select disk 2
clean all
exit

You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.

The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.

https://en.wikipedia.org/wiki/Host_protected_area

Paul
W***@Cowboy.net
2017-08-07 08:58:26 UTC
Permalink
Raw Message
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -

The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
W***@Cowboy.net
2017-08-08 11:36:34 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
mike
2017-08-08 11:59:34 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
I have an old, never updated, copy of Avira on my TV machine.
Last week it started behaving weirdly. Avira was using 65% of the cpu
for no good reason. I tried all day to delete it without success.
I'm reinstalling windows now. Google avira and you'll find a lot
of unhappy people.
Char Jackson
2017-08-08 14:46:54 UTC
Permalink
Raw Message
Post by mike
I have an old, never updated, copy of Avira on my TV machine.
Last week it started behaving weirdly. Avira was using 65% of the cpu
for no good reason. I tried all day to delete it without success.
I'm reinstalling windows now. Google avira and you'll find a lot
of unhappy people.
Google <almost_anything> and you'll find a lot of unhappy people.

I've been using Avira since somewhere around 2004-2005 and I'm happy
with it, but I don't post about it because it just works. People only
tend to post when something doesn't work, so it should make sense that
there are more complaints than praises out there for Google to see.
--
Char Jackson
Ken Blake
2017-08-08 15:08:24 UTC
Permalink
Raw Message
Post by Char Jackson
Post by mike
I have an old, never updated, copy of Avira on my TV machine.
Last week it started behaving weirdly. Avira was using 65% of the cpu
for no good reason. I tried all day to delete it without success.
I'm reinstalling windows now. Google avira and you'll find a lot
of unhappy people.
Google <almost_anything> and you'll find a lot of unhappy people.
I've been using Avira since somewhere around 2004-2005 and I'm happy
with it, but I don't post about it because it just works. People only
tend to post when something doesn't work, so it should make sense that
there are more complaints than praises out there for Google to see.
A strong ditto to the above!

Or to put it another way, hang around a transmission shop, and you'll
think that all cars have transmission problems.
Paul
2017-08-08 12:18:12 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.

However, that's not absolute proof.

*******

Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.

And, you run the same tests in both cases.

This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".

Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.

Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.

*******

Let's take my current machine.

One year, I put 4x2GB DDR2 in it. Tested it, all is fine.

Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.

I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.

Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).

I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.

*******

Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.

When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.

If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.

While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.

Paul
W***@Cowboy.net
2017-08-08 13:49:59 UTC
Permalink
Raw Message
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.

Maybe I can scout up some RAM to see if problem goes away.
John
Paul
2017-08-08 15:11:06 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
No. Just test what you've got.

We want "proof" it's a good computer.

Paul
GlowingBlueMist
2017-08-08 17:31:56 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
If the RAM tests good you might try the following, even though it
requires a fresh install all over again...

It has been a while since I installed W7 but try booting from a "real"
Microsoft W7 disk or an install ISO file that you yourself burned to a
CD/DVD. I believe Paul (here) can tell you where to get safe a W7
download if needed. Then when it asks something about routine or
advanced install do the advanced. Somewhere in there it allows you to
delete all hard drive partitions as part of the installation and then
tell it to continue with the install.

Reason I mention that is I had heard, however remote it can be, that
there are some virus that can hide in the partition table and keep
re-infecting the PC every time you re-install windows.

Windows will re-create and populate any partitions it thinks is needed
as it continues the install.

I'm sure others here can give you more detailed instructions if you
still need them.

This is one reason the organization I assist uses Darik's Boot and Nuke
program to totally wipe a hard drive on donated equipment prior to
installing a OS. HTTPS://dban.org Hidden partitions are not out of the
realm of possibilities. Running a program like Darik's is time
consuming but on donated equipment one never knows what is on the hard
drive, be it kiddie porn or a hidden virus.

If the boot drive is solid state there are other programs issued by the
solid state drive manufacturers to effectively wipe one of these.
Darik's DBAN program is usually not needed for them and it can actually
reduce the life expectancy of a SSD due to it's multiple reading and
writing of every part of the drive, even blank ones.
Good luck.
Paul
2017-08-08 19:09:36 UTC
Permalink
Raw Message
Post by GlowingBlueMist
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
If the RAM tests good you might try the following, even though it
requires a fresh install all over again...
It has been a while since I installed W7 but try booting from a "real"
Microsoft W7 disk or an install ISO file that you yourself burned to a
CD/DVD. I believe Paul (here) can tell you where to get safe a W7
download if needed. Then when it asks something about routine or
advanced install do the advanced. Somewhere in there it allows you to
delete all hard drive partitions as part of the installation and then
tell it to continue with the install.
Reason I mention that is I had heard, however remote it can be, that
there are some virus that can hide in the partition table and keep
re-infecting the PC every time you re-install windows.
Windows will re-create and populate any partitions it thinks is needed
as it continues the install.
I'm sure others here can give you more detailed instructions if you
still need them.
This is one reason the organization I assist uses Darik's Boot and Nuke
program to totally wipe a hard drive on donated equipment prior to
installing a OS. HTTPS://dban.org Hidden partitions are not out of the
realm of possibilities. Running a program like Darik's is time
consuming but on donated equipment one never knows what is on the hard
drive, be it kiddie porn or a hidden virus.
If the boot drive is solid state there are other programs issued by the
solid state drive manufacturers to effectively wipe one of these.
Darik's DBAN program is usually not needed for them and it can actually
reduce the life expectancy of a SSD due to it's multiple reading and
writing of every part of the drive, even blank ones.
Good luck.
You don't need DBAN to zero a drive.

1) Boot the Win7 installer DVD.
2) Start the Command Prompt instead of doing an install.
3) diskpart
list disk <--- make absolutely certain you know which disk is which!!!
select disk 1 <--- only apply to the target disk!!!
clean all <--- on a 500GB drive, does 500GB of writes, uses zeros.
exit

So there is a "Windows only" solution to zeroing a drive.

That will take a while to run, as it needs to write the
entire drive from end to end, even the MBR.

If you have half a dozen drives you need to zero,
then maybe DBAN is necessary. DBAN excels at erasing
the entire PC. It did such a good job, people used to
post in the DBAN forum, whether there was a way to
recover their "Backup drive" after it got erased too :-)
that's how good it is. If DBAN erases something, no, there
is no recovery procedure. Recuva or Photorec will find
nothing, if the run goes to completion and you didn't hit
the power button.

Paul
GlowingBlueMist
2017-08-09 03:58:38 UTC
Permalink
Raw Message
Post by Paul
Post by GlowingBlueMist
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
If the RAM tests good you might try the following, even though it
requires a fresh install all over again...
It has been a while since I installed W7 but try booting from a "real"
Microsoft W7 disk or an install ISO file that you yourself burned to a
CD/DVD. I believe Paul (here) can tell you where to get safe a W7
download if needed. Then when it asks something about routine or
advanced install do the advanced. Somewhere in there it allows you to
delete all hard drive partitions as part of the installation and then
tell it to continue with the install.
Reason I mention that is I had heard, however remote it can be, that
there are some virus that can hide in the partition table and keep
re-infecting the PC every time you re-install windows.
Windows will re-create and populate any partitions it thinks is needed
as it continues the install.
I'm sure others here can give you more detailed instructions if you
still need them.
This is one reason the organization I assist uses Darik's Boot and
Nuke program to totally wipe a hard drive on donated equipment prior
to installing a OS. HTTPS://dban.org Hidden partitions are not out
of the realm of possibilities. Running a program like Darik's is time
consuming but on donated equipment one never knows what is on the hard
drive, be it kiddie porn or a hidden virus.
If the boot drive is solid state there are other programs issued by
the solid state drive manufacturers to effectively wipe one of these.
Darik's DBAN program is usually not needed for them and it can
actually reduce the life expectancy of a SSD due to it's multiple
reading and writing of every part of the drive, even blank ones.
Good luck.
You don't need DBAN to zero a drive.
1) Boot the Win7 installer DVD.
2) Start the Command Prompt instead of doing an install.
3) diskpart
list disk <--- make absolutely certain you know which disk is which!!!
select disk 1 <--- only apply to the target disk!!!
clean all <--- on a 500GB drive, does 500GB of writes, uses zeros.
exit
So there is a "Windows only" solution to zeroing a drive.
That will take a while to run, as it needs to write the
entire drive from end to end, even the MBR.
If you have half a dozen drives you need to zero,
then maybe DBAN is necessary. DBAN excels at erasing
the entire PC. It did such a good job, people used to
post in the DBAN forum, whether there was a way to
recover their "Backup drive" after it got erased too :-)
that's how good it is. If DBAN erases something, no, there
is no recovery procedure. Recuva or Photorec will find
nothing, if the run goes to completion and you didn't hit
the power button.
Paul
Nice info Paul.
W***@Cowboy.net
2017-08-16 12:00:23 UTC
Permalink
Raw Message
On Tue, 8 Aug 2017 22:58:38 -0500, GlowingBlueMist
Post by GlowingBlueMist
Post by Paul
Post by GlowingBlueMist
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
If the RAM tests good you might try the following, even though it
requires a fresh install all over again...
It has been a while since I installed W7 but try booting from a "real"
Microsoft W7 disk or an install ISO file that you yourself burned to a
CD/DVD. I believe Paul (here) can tell you where to get safe a W7
download if needed. Then when it asks something about routine or
advanced install do the advanced. Somewhere in there it allows you to
delete all hard drive partitions as part of the installation and then
tell it to continue with the install.
Reason I mention that is I had heard, however remote it can be, that
there are some virus that can hide in the partition table and keep
re-infecting the PC every time you re-install windows.
Windows will re-create and populate any partitions it thinks is needed
as it continues the install.
I'm sure others here can give you more detailed instructions if you
still need them.
This is one reason the organization I assist uses Darik's Boot and
Nuke program to totally wipe a hard drive on donated equipment prior
to installing a OS. HTTPS://dban.org Hidden partitions are not out
of the realm of possibilities. Running a program like Darik's is time
consuming but on donated equipment one never knows what is on the hard
drive, be it kiddie porn or a hidden virus.
If the boot drive is solid state there are other programs issued by
the solid state drive manufacturers to effectively wipe one of these.
Darik's DBAN program is usually not needed for them and it can
actually reduce the life expectancy of a SSD due to it's multiple
reading and writing of every part of the drive, even blank ones.
Good luck.
You don't need DBAN to zero a drive.
1) Boot the Win7 installer DVD.
2) Start the Command Prompt instead of doing an install.
3) diskpart
list disk <--- make absolutely certain you know which disk is which!!!
select disk 1 <--- only apply to the target disk!!!
clean all <--- on a 500GB drive, does 500GB of writes, uses zeros.
exit
So there is a "Windows only" solution to zeroing a drive.
That will take a while to run, as it needs to write the
entire drive from end to end, even the MBR.
If you have half a dozen drives you need to zero,
then maybe DBAN is necessary. DBAN excels at erasing
the entire PC. It did such a good job, people used to
post in the DBAN forum, whether there was a way to
recover their "Backup drive" after it got erased too :-)
that's how good it is. If DBAN erases something, no, there
is no recovery procedure. Recuva or Photorec will find
nothing, if the run goes to completion and you didn't hit
the power button.
Paul
Nice info Paul.
Agree.
Well, here I be - back again. Still have the problem.
I tried installing, on the HP Pavillion, a 'fresh' and different
64-bit W7, a Ultimate SP1, with no additional installs, except three
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course. I left the
PC on 24 hours, and found all setups crashed the PC (powered it off),
in a few hours or so. Then I left the same PC on, 24 hours, with no
AV. It has now stayed on now for four days. The PC is a AMD Athlon
64X2 dual core 2.10 GHz with 2GB RAM.
I haven't studied Paul's post yet - I need to of course.
New one on me.
JW
I
Paul
2017-08-16 14:23:37 UTC
Permalink
Raw Message
***@Cowboy.net wrote:
<<snippings...>>
Post by W***@Cowboy.net
Well, here I be - back again. Still have the problem.
I tried installing, on the HP Pavillion, a 'fresh' and different
64-bit W7, a Ultimate SP1, with no additional installs, except three
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course. I left the
PC on 24 hours, and found all setups crashed the PC (powered it off),
in a few hours or so. Then I left the same PC on, 24 hours, with no
AV. It has now stayed on now for four days. The PC is a AMD Athlon
64X2 dual core 2.10 GHz with 2GB RAM.
I haven't studied Paul's post yet - I need to of course.
New one on me.
JW
I
So what we know is, real time AVs tend to scan the
disk at some point. And during the execution of that
scan, the box tipped over.

if the machine was connected to the Internet, then
they could also be calling home and getting updated
AV definitions. So the network driver gets used
a tiny bit.

I suspect some kind of "health issue" with the
PC, unless you're not telling us something about
the composition of the machine (multiple drives,
malware on the other drives). It's even remotely
possible, if there is a worm on your LAN, living
on another PC, it could be infecting your machine.
If it was Sality for example, the machine would
eventually be a wreck from a software perspective.
So we know just because you haven't noted a complete
meltdown, it's not that.

I like a combination of memtest86+, Prime95 (or
other stress tester that does math with a known
answer), and a disk test utility of some sort
(WDC or Seagate). Just to make sure the machine
is healthy.

Note that some AMD processors from that era, showed
signs of electromigration. People used to overclock
them, and the stable frequency would drop and drop.
And the stable frequency would end up being less
than the nominal frequency. If you run Prime95, that's
a pretty sensitive test for such stability.

You don't have to run Windows for Prime95 either.
You can use a Linux LiveCD and download a copy
from mersenne.org . Running Linux gives a "second opinion"
about your hardware, as if it crashes or icons start
disappearing from the desktop, that means it's flaky
there too. And it's a hardware issue. If Linux
stayed up, and no tests done from there would fail,
then I would be really puzzled.

https://www.mersenne.org/download/

A quiescent PC (no software running, no background
tasks) can sit there for a hundred hours without
crashing. On some hardware issues, just moving the
mouse cursor six inches in that state, and it
immediately crashes (a memory problem). And if you
run Prime95, it can error out in 2 seconds. That's
just to show the time span difference, between
"determined testing" and just looking at the damn
thing from your chair :-) I was getting the bombing
of Prime95 in 2 seconds, on my AthlonXP setup. The
one that was very sensitive to RAM quality. Some
CAS2 RAM fixed that nicely at the time. But I cannot
say I was all that impressed with NVidia at the
time, as their chipset was the issue. Back in those
days, the RAM wasn't connected directly to the
processor, so you couldn't blame AMD for that one.

Paul
David E. Ross
2017-08-16 14:43:47 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
On Tue, 8 Aug 2017 22:58:38 -0500, GlowingBlueMist
Post by GlowingBlueMist
Post by Paul
Post by GlowingBlueMist
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
If the RAM tests good you might try the following, even though it
requires a fresh install all over again...
It has been a while since I installed W7 but try booting from a "real"
Microsoft W7 disk or an install ISO file that you yourself burned to a
CD/DVD. I believe Paul (here) can tell you where to get safe a W7
download if needed. Then when it asks something about routine or
advanced install do the advanced. Somewhere in there it allows you to
delete all hard drive partitions as part of the installation and then
tell it to continue with the install.
Reason I mention that is I had heard, however remote it can be, that
there are some virus that can hide in the partition table and keep
re-infecting the PC every time you re-install windows.
Windows will re-create and populate any partitions it thinks is needed
as it continues the install.
I'm sure others here can give you more detailed instructions if you
still need them.
This is one reason the organization I assist uses Darik's Boot and
Nuke program to totally wipe a hard drive on donated equipment prior
to installing a OS. HTTPS://dban.org Hidden partitions are not out
of the realm of possibilities. Running a program like Darik's is time
consuming but on donated equipment one never knows what is on the hard
drive, be it kiddie porn or a hidden virus.
If the boot drive is solid state there are other programs issued by
the solid state drive manufacturers to effectively wipe one of these.
Darik's DBAN program is usually not needed for them and it can
actually reduce the life expectancy of a SSD due to it's multiple
reading and writing of every part of the drive, even blank ones.
Good luck.
You don't need DBAN to zero a drive.
1) Boot the Win7 installer DVD.
2) Start the Command Prompt instead of doing an install.
3) diskpart
list disk <--- make absolutely certain you know which disk is which!!!
select disk 1 <--- only apply to the target disk!!!
clean all <--- on a 500GB drive, does 500GB of writes, uses zeros.
exit
So there is a "Windows only" solution to zeroing a drive.
That will take a while to run, as it needs to write the
entire drive from end to end, even the MBR.
If you have half a dozen drives you need to zero,
then maybe DBAN is necessary. DBAN excels at erasing
the entire PC. It did such a good job, people used to
post in the DBAN forum, whether there was a way to
recover their "Backup drive" after it got erased too :-)
that's how good it is. If DBAN erases something, no, there
is no recovery procedure. Recuva or Photorec will find
nothing, if the run goes to completion and you didn't hit
the power button.
Paul
Nice info Paul.
Agree.
Well, here I be - back again. Still have the problem.
I tried installing, on the HP Pavillion, a 'fresh' and different
64-bit W7, a Ultimate SP1, with no additional installs, except three
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course. I left the
PC on 24 hours, and found all setups crashed the PC (powered it off),
in a few hours or so. Then I left the same PC on, 24 hours, with no
AV. It has now stayed on now for four days. The PC is a AMD Athlon
64X2 dual core 2.10 GHz with 2GB RAM.
I haven't studied Paul's post yet - I need to of course.
New one on me.
JW
I
You had all three anti-virus applications running at the same time?
That is definitely NOT recommended. Too often, they conflict with each
other. That could cause your crashes.
--
David E. Ross
<http://www.rossde.com/>

After the 12 August tragedy in Charlottesville, Virginia, President
Trump issued an evasive, equivocating statement. This is quite
understandable. After all, Trump did not want to alienate his
core supporters, many of whom are white supremacists. Trump's
staff tried to explain away his statement and put a positive light
on it, but they were merely putting lipstick on a pig.

Only after pressure from his own Republican party did Trump denounce
the KKK, neo-Nazis, and white supremacists as criminalson 14 August.
His delay in backtracking his prior equivocation makes me doubt his
sincerity. All doubt was erased when Trump appeared to backtrack
again, returning to his prior equivocation on Tuesday, 15 August.
Mike Easter
2017-08-16 16:16:50 UTC
Permalink
Raw Message
Post by David E. Ross
Post by W***@Cowboy.net
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course.
You had all three anti-virus applications running at the same time?
--
Mike Easter
W***@Cowboy.net
2017-08-16 19:04:06 UTC
Permalink
Raw Message
Post by David E. Ross
Post by W***@Cowboy.net
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course.
You had all three anti-virus applications running at the same time?
one at a time
Mike Easter
2017-08-16 21:00:58 UTC
Permalink
Raw Message
Post by Mike Easter
Mike Easter
Post by David E. Ross
Post by W***@Cowboy.net
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course.
You had all three anti-virus applications running at the same time?
one at a time
Yeah, I was trying to point that 'one at a time of course' out to DER.
--
Mike Easter
David E. Ross
2017-08-16 21:28:14 UTC
Permalink
Raw Message
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course.
You had all three anti-virus applications running at the same time?
one at a time
Okay. Then tell us which one was running when you get your crash.
--
David E. Ross
<http://www.rossde.com/>

After the 12 August tragedy in Charlottesville, Virginia, President
Trump issued an evasive, equivocating statement. This is quite
understandable. After all, Trump did not want to alienate his
core supporters, many of whom are white supremacists. Trump's
staff tried to explain away his statement and put a positive light
on it, but they were merely putting lipstick on a pig.

Only after pressure from his own Republican party did Trump denounce
the KKK, neo-Nazis, and white supremacists as criminalson 14 August.
His delay in backtracking his prior equivocation makes me doubt his
sincerity. All doubt was erased when Trump appeared to backtrack
again, returning to his prior equivocation on Tuesday, 15 August.
Paul in Houston TX
2017-08-16 18:04:12 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
On Tue, 8 Aug 2017 22:58:38 -0500, GlowingBlueMist
Post by GlowingBlueMist
Post by Paul
Post by GlowingBlueMist
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
If the RAM tests good you might try the following, even though it
requires a fresh install all over again...
It has been a while since I installed W7 but try booting from a "real"
Microsoft W7 disk or an install ISO file that you yourself burned to a
CD/DVD. I believe Paul (here) can tell you where to get safe a W7
download if needed. Then when it asks something about routine or
advanced install do the advanced. Somewhere in there it allows you to
delete all hard drive partitions as part of the installation and then
tell it to continue with the install.
Reason I mention that is I had heard, however remote it can be, that
there are some virus that can hide in the partition table and keep
re-infecting the PC every time you re-install windows.
Windows will re-create and populate any partitions it thinks is needed
as it continues the install.
I'm sure others here can give you more detailed instructions if you
still need them.
This is one reason the organization I assist uses Darik's Boot and
Nuke program to totally wipe a hard drive on donated equipment prior
to installing a OS. HTTPS://dban.org Hidden partitions are not out
of the realm of possibilities. Running a program like Darik's is time
consuming but on donated equipment one never knows what is on the hard
drive, be it kiddie porn or a hidden virus.
If the boot drive is solid state there are other programs issued by
the solid state drive manufacturers to effectively wipe one of these.
Darik's DBAN program is usually not needed for them and it can
actually reduce the life expectancy of a SSD due to it's multiple
reading and writing of every part of the drive, even blank ones.
Good luck.
You don't need DBAN to zero a drive.
1) Boot the Win7 installer DVD.
2) Start the Command Prompt instead of doing an install.
3) diskpart
list disk <--- make absolutely certain you know which disk is which!!!
select disk 1 <--- only apply to the target disk!!!
clean all <--- on a 500GB drive, does 500GB of writes, uses zeros.
exit
So there is a "Windows only" solution to zeroing a drive.
That will take a while to run, as it needs to write the
entire drive from end to end, even the MBR.
If you have half a dozen drives you need to zero,
then maybe DBAN is necessary. DBAN excels at erasing
the entire PC. It did such a good job, people used to
post in the DBAN forum, whether there was a way to
recover their "Backup drive" after it got erased too :-)
that's how good it is. If DBAN erases something, no, there
is no recovery procedure. Recuva or Photorec will find
nothing, if the run goes to completion and you didn't hit
the power button.
Paul
Nice info Paul.
Agree.
Well, here I be - back again. Still have the problem.
I tried installing, on the HP Pavillion, a 'fresh' and different
64-bit W7, a Ultimate SP1, with no additional installs, except three
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course. I left the
PC on 24 hours, and found all setups crashed the PC (powered it off),
in a few hours or so. Then I left the same PC on, 24 hours, with no
AV. It has now stayed on now for four days. The PC is a AMD Athlon
64X2 dual core 2.10 GHz with 2GB RAM.
I haven't studied Paul's post yet - I need to of course.
New one on me.
JW
I
Did you run the stress tests?
First, open the case, clean out all the dust, reseat every cable, plug,
and ram chip, make sure the fans are good, THEN run the stress tests.
W***@Cowboy.net
2017-08-18 23:15:33 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
On Tue, 8 Aug 2017 22:58:38 -0500, GlowingBlueMist
Post by GlowingBlueMist
Post by Paul
Post by GlowingBlueMist
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Post by W***@Cowboy.net
Post by Paul
Post by David E. Ross
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Your new installation might include malware. There are some malware
that will crash a system if an anti-virus application is detected.
This, of course, is often part of malware design: kill the anti-virus
before the anti-virus kills the virus.
Where did you get the Windows 7 that you installed?
Got a suspicious looking disk with the machine. which by the way, I
did not find. It and the machine came from an acquaintance at an old
folks group I joined. Hmmmm.
.
Post by Paul
If you did an upgrade install, migrating installed programs
from Vista to Win7, then the malware might have already been
in Vista.
Upgrade/Repair installs (i.e. run Setup.exe off the inserted
Win7 DVD, while Vista is booted), they can take care of trivial
forms of malware (like an adware perhaps, or clean out a few
left over registry entries that the adware used). But generally
an Upgrade install cannot fix everything.
For peace of mind, if the status of the machine was unknown
and you found it sitting on the curb, you'd do a "Clean" install
by booting the Win7 DVD and doing the install from there.
Hi Paul -
The Vista is gone, but I shud redo the W7 install without preserving
the Vista data etc. I shuda thought of that. I had not experienced
anything like this before.
JW
Post by Paul
The install process generally gives you some information
about what it is going to keep. A clean install will tell you
that user data will be lost, and all programs will need to be
re-installed. But that process also cleans house of any
malware that might have been there.
*******
If I want to be absolutely certain about a hard drive,
I boot the installer DVD and select the option to use
Command Prompt (instead of installing). From there,
diskpart
list disk
select disk 2
clean all
exit
You have to be careful, to identify the disks and only
erase the desired disk. In my example, disk 2 would be
the third disk down in the Disk Management table. You
can list the partitions on the disk, for confirmation
of what partitions are on there.
The "clean all" command writes every sector on the disk
with zeros. The only way it's going to miss any area of
the disk, is if a Host Protected Area (HPA) is present.
Working with HPAs is a PITA, due to hardware restrictions.
My current machine is a lucky one, in that the IDE cable
is HPA-capable, and I can follow the recipe here to
check or remove stuff like this. All my SATA ports are
locked. I use an IDE to SATA adapter (dongle), to do HPA work
on SATA drives. Some OEM computing products, use an HPA
and a special boot loader, to multiplex five partitions
into a four slot partition table, and a crafty individual
could hide malware in the maintenance partition (so it
gets muxed in when a special key is pressed at startup).
But that's a pretty obscure straw-man.
https://en.wikipedia.org/wiki/Host_protected_area
Paul
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed Avira
, and then undid it and installed Avast, the PC went into crash mode.
IE, it powered off both times..
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
JW
That's pretty good proof of an AV problem.
However, that's not absolute proof.
*******
Any time you get a computer in hand, whether it's
fresh from the production line, or it's been sitting
in the garage for ten years... you test it.
And, you run the same tests in both cases.
This is called "acceptance testing". It's your
way of proving "yes, this is a computer, it's not
a brick".
Not only must you do such a test when a computer
arrives on your bench. You must also test it
yearly (at least do a memory test). When memory fails
here, it might be every 1.5 years or so when I see
trouble. So once a year, you could give it a test
overnight and see whether anything has changed.
Good memory can go bad. I had a stick of Crucial
Ballistix blow out on me, and one chip went completely
nuts. And it wasn't overvolted or abused either.
When tested with memtest86+, the errors scrolled
off the screen, because each and every long-word
was bad. (One byte lane, coming out of one completely-nuts
chip, ensured a never ending scroll of errors.)
So there I had one good branded RAM (before Micron
ran into trouble), just blow up on me one day. Kablooie.
One of my first problems, was finding a DIMM pattern
in the sockets, so the machine would stay up long
enough to load memtest :-) For that problem, I
needed a GOOD DIMM in low memory, so the memtest86+
floppy could boot. Then if the BAD DIMM was up high,
after a few seconds, the test would hit that bad chip.
I had to keep flipping stuff around in the slots,
until I could get the test to start.
*******
Let's take my current machine.
One year, I put 4x2GB DDR2 in it. Tested it, all is fine.
Much later, I'm seeing problems. The problem seems to
"move" from one day to the next, as if something is loading
in a different place in RAM, with respect to a problem area.
The computer went from healthy, to almost unusable.
I finally manage to catch a memory error with memtest86+.
Adjusting Vnb this time is not helping.
Now, normally I test the sticks one at a time, so I know
exactly which one to replace. When tested individually,
or in pairs, I *cannot* detect a problem with this set of
sticks. I can only see a memory error when all four sticks
are plugged in (power or bus loading makes a difference).
I ended up replacing all four sticks, so I could be
sure of fixing it. Ran another memory test. It's clean
again.
*******
Chancea are, your analysis is sufficient, and this is
just an AV problem. But you should also run memtest86+
for peace of mind. Even letting it run for one full pass
is enough. That might take a couple hours.
When tested that way, without additional work, around
1MB of RAM is not tested. This is the E810 reserved
region. Memtest86+ asks the BIOS for info about reserved
areas, and then it's not supposed to trample on stuff
the BIOS is using. And that amounts to around 1MB or
so.
If you really want to know whether every byte is good,
you put two sticks in single channel mode (put the sticks
on the same channel), run memtest86+. Then, if it passes,
you shut down, and swap the two DIMMs in single channel
mode. This causes the high memory DIMM to become the
low memory DIMM and vice versa. The low memory DIMM
is the one that isn't fully tested. But when swapped as
the high memory DIMM, the test on that run covers everything.
You must use two sticks, to guarantee the high memory DIMM
has no reservations on it. If you insert just one stick
in the computer, and run memtest86+, then the bottom
1MB is reserved and testing is not 100% complete.
While memtest86+ comes pretty close to testing all RAM,
you have to do a little extra work if you expect complete
test coverage. I think you can see, how memory in the BIOS
area that was defective, would be a wee bit difficult
to isolate.
Paul
Interesting.
Maybe I can scout up some RAM to see if problem goes away.
John
If the RAM tests good you might try the following, even though it
requires a fresh install all over again...
It has been a while since I installed W7 but try booting from a "real"
Microsoft W7 disk or an install ISO file that you yourself burned to a
CD/DVD. I believe Paul (here) can tell you where to get safe a W7
download if needed. Then when it asks something about routine or
advanced install do the advanced. Somewhere in there it allows you to
delete all hard drive partitions as part of the installation and then
tell it to continue with the install.
Reason I mention that is I had heard, however remote it can be, that
there are some virus that can hide in the partition table and keep
re-infecting the PC every time you re-install windows.
Windows will re-create and populate any partitions it thinks is needed
as it continues the install.
I'm sure others here can give you more detailed instructions if you
still need them.
This is one reason the organization I assist uses Darik's Boot and
Nuke program to totally wipe a hard drive on donated equipment prior
to installing a OS. HTTPS://dban.org Hidden partitions are not out
of the realm of possibilities. Running a program like Darik's is time
consuming but on donated equipment one never knows what is on the hard
drive, be it kiddie porn or a hidden virus.
If the boot drive is solid state there are other programs issued by
the solid state drive manufacturers to effectively wipe one of these.
Darik's DBAN program is usually not needed for them and it can
actually reduce the life expectancy of a SSD due to it's multiple
reading and writing of every part of the drive, even blank ones.
Good luck.
You don't need DBAN to zero a drive.
1) Boot the Win7 installer DVD.
2) Start the Command Prompt instead of doing an install.
3) diskpart
list disk <--- make absolutely certain you know which disk is which!!!
select disk 1 <--- only apply to the target disk!!!
clean all <--- on a 500GB drive, does 500GB of writes, uses zeros.
exit
So there is a "Windows only" solution to zeroing a drive.
That will take a while to run, as it needs to write the
entire drive from end to end, even the MBR.
If you have half a dozen drives you need to zero,
then maybe DBAN is necessary. DBAN excels at erasing
the entire PC. It did such a good job, people used to
post in the DBAN forum, whether there was a way to
recover their "Backup drive" after it got erased too :-)
that's how good it is. If DBAN erases something, no, there
is no recovery procedure. Recuva or Photorec will find
nothing, if the run goes to completion and you didn't hit
the power button.
Paul
Nice info Paul.
Agree.
Well, here I be - back again. Still have the problem.
I tried installing, on the HP Pavillion, a 'fresh' and different
64-bit W7, a Ultimate SP1, with no additional installs, except three
AVs - AVAST, ARIVA, and KASPERSKY one at a time of course. I left the
PC on 24 hours, and found all setups crashed the PC (powered it off),
in a few hours or so. Then I left the same PC on, 24 hours, with no
AV. It has now stayed on now for four days. The PC is a AMD Athlon
64X2 dual core 2.10 GHz with 2GB RAM.
I haven't studied Paul's post yet - I need to of course.
New one on me.
JW
I
Well guess what?
I swapped out the two 1GB Ram cards for two spares I had. Said PC has
been on for some 72 hours continuously even with Avast installed. Has
yet to shut down. Problem solved.
Thanks
JW
Paul
2017-08-19 00:43:51 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Well guess what?
I swapped out the two 1GB Ram cards for two spares I had. Said PC has
been on for some 72 hours continuously even with Avast installed. Has
yet to shut down. Problem solved.
Thanks
JW
I'd sleep better, if I knew you also tested the
new installed RAM with memtest86+ :-)

Paul
W***@Cowboy.net
2017-08-19 08:35:33 UTC
Permalink
Raw Message
Post by Paul
Post by W***@Cowboy.net
Well guess what?
I swapped out the two 1GB Ram cards for two spares I had. Said PC has
been on for some 72 hours continuously even with Avast installed. Has
yet to shut down. Problem solved.
Thanks
JW
I'd sleep better, if I knew you also tested the
new installed RAM with memtest86+ :-)
Paul
Can do
JW
W***@Cowboy.net
2017-08-19 09:38:53 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Post by Paul
Post by W***@Cowboy.net
Well guess what?
I swapped out the two 1GB Ram cards for two spares I had. Said PC has
been on for some 72 hours continuously even with Avast installed. Has
yet to shut down. Problem solved.
Thanks
JW
I'd sleep better, if I knew you also tested the
new installed RAM with memtest86+ :-)
Paul
Can do
JW
Been a while since I ran a memtest86. Not sure how it should behave.
Anyway, I downloaded V4.3.7, and ran it from a CD. Showed no errors -
tried all menu choices, including #4.
Thanks for your interest.
JW
Mayayana
2017-08-19 12:42:59 UTC
Permalink
Raw Message
<***@Cowboy.net> wrote

| Well guess what?
| I swapped out the two 1GB Ram cards for two spares I had. Said PC has
| been on for some 72 hours continuously even with Avast installed. Has
| yet to shut down. Problem solved.


You might also try putting them back. I've run into
problems with RAM before, taken them out one at
a time to find the culprit, then eventually ended up
with all of them going back, concluding that at least
one of them was a tiny bit loose. A good, tight
connection is *so* important with the parts inside
the case. And moving a machine in transport can
loosen those connections.
Paul
2017-08-19 16:35:15 UTC
Permalink
Raw Message
Post by Mayayana
| Well guess what?
| I swapped out the two 1GB Ram cards for two spares I had. Said PC has
| been on for some 72 hours continuously even with Avast installed. Has
| yet to shut down. Problem solved.
You might also try putting them back. I've run into
problems with RAM before, taken them out one at
a time to find the culprit, then eventually ended up
with all of them going back, concluding that at least
one of them was a tiny bit loose. A good, tight
connection is *so* important with the parts inside
the case. And moving a machine in transport can
loosen those connections.
The thickness of multi-layer PCBs, isn't controlled that tightly.

When the press operator inspects their laminate collection, they
have to pick and choose laminates, to get the correct overall
dimension. On controlled impedance products, there isn't a lot
of maneuvering room when it comes to thickness (each layer
thickness also has to be controlled, to meet the measured
electrical impedance target). A "test coupon" on the edge
of a larger PCB assembly, is where a TDR is connected to
measure the impedance. The test coupon is a means to accept
or reject a PCB lot, for electrical performance.

We had to reject one shipment of finished blanks at work,
because they'd managed to go more than 10% over the
specified thickness (too fat!). They can also err in the other
direction, and make things too thin. Usually, a too-thin
item, it's a "purposeful" error. The person making the
product (blank), knows what they're doing, and they've done
this when compromising on some other requirement.
Fabrication requires the operator of the press, to
trade all the requirements, and stay within the tolerance
envelope, so the customer won't be pissed off with them.
I've seen DIMMs like that, and the surface finish and
reflectivity tells me non-standard (unusual) material
choices were made. Maybe the dielectric constant was
quite different or something. And this is still a fiberglass
and resin based product, but something is different about it.

We had a local representative, who would come in, and in
a two hour lecture, attempt to explain all this stuff.
But it's pretty hard to cover everything the guy knows, in
two hours. So he's only able to give a rough feel for
the job he does. Basically, when you send him a design,
that dude is adjusting *everything* :-( No aspect of
the job you send him, is "untouched". Everything is
translated, and fed through a $5000 piece of software,
to meet the spec, rather than the actual data in the
design file shipped. Very unsettling. If the plot file
said to make a copper track 5 mils wide, he'd adjust it and
make it 5.2 mils wide. You'd need a microscope to
see these corrections. He does an ERC check to make
sure no modification he's made, caused a short circuit.

I had one of these twits, *erase* something they noticed
in a design. Now, normally I would reward such a person
with a "good catch" verbal award. Except, he didn't phone
me. He didn't warn me. That there was a short circuit in the
color keys... It looked like a photo-plotter error. A second
company, upon receiving the design, phoned me immediately
and warned me. And sure enough, I could see the plotter error.
(The plotter uses a light, an aperture wheel, and "flashes"
light patterns on to a photo-resist. The wrong aperture
had been selected by the software.)

So when you get a DIMM or a motherboard, that something
is out of the ordinary, "wee willy adjuster" could've done it.
I don't consider this a good engineering workflow, but
what are you going to do ? They're all doing this,
so you cannot punish all of them for messing around.

We did actually put some of these shops on the banned list.
It all depended on what sort of grief they caused.

*******

The edge of the DIMM, the finish has varied from
one generation to another.

Ones shaped like this (seen on DDR2 and DDR3 here)

| |
|__|

those are likely to be making poor contact because they're
not actually fully seated. It's difficult to get a satisfying
"click" from the latches with those. Those hurt your
fingers to install, especially when the heat spreader
doesn't have an area suitable for fingers to push on.
So maybe one end is riding high.

The older ones, the edge-card had a finish like this.
This is considered "optional" in terms of a JEDEC spec.
They don't have to do this. This involves more process
steps, although with NC machines, it's just time on the
machine. They have to mill a profile, put the keying
slot on the thing, so some amount of NC is still required.
The square edge in the above one, can be covered by milling
the entire edge.

{ {
{ |
\/

The contacts in the socket, don't have any spring action
to them. (Not like the contacts in an RJ-45.) There's no
compliance to them that I can see. And the finish
on the top of the contact, when mixed with the squared
DIMM profile (the top one), had better deflect the DIMM
so it doesn't catch on a contact. That's called
"connector capture" - the design has to encourage the
items to mate, so they don't bind and stuff gets
broken. Mechanical engineers do overall tolerance analysis,
to make sure stuff like that works.

It's been a long time, since I saw an actual "bend" to
a contact in a memory slot. Nothing like that has happened
to me recently. The bent pin (a slight bend, not a 90
degree failure like in a male IDE connector), was long enough
ago, I can't even tell you what generation of RAM that was.
Could have been SDRAM, or FPM/EDO or earlier, it was that long ago.

I can't see how you could bend something like that, back
into place. At least, if the contacts are as stiff as
the modern ones are. It's bound to continue to
stick out and get in the way.

Paul
W***@Cowboy.net
2017-08-19 21:53:31 UTC
Permalink
Raw Message
On Sat, 19 Aug 2017 08:42:59 -0400, "Mayayana"
Post by Mayayana
| Well guess what?
| I swapped out the two 1GB Ram cards for two spares I had. Said PC has
| been on for some 72 hours continuously even with Avast installed. Has
| yet to shut down. Problem solved.
You might also try putting them back. I've run into
problems with RAM before, taken them out one at
a time to find the culprit, then eventually ended up
with all of them going back, concluding that at least
one of them was a tiny bit loose. A good, tight
connection is *so* important with the parts inside
the case. And moving a machine in transport can
loosen those connections.
Okay
JW

VanguardLH
2017-08-08 22:09:51 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
Well, I still have a problem. As I said, I wiped the hard drive
(format) and re-did the W7 install. As soon as I then installed
Avira , and then undid it and installed Avast, the PC went into crash
mode. IE, it powered off both times..
From where did you download the Avira installer? Did you download the
latest version available from Avira's own web site?

Same queries regarding from where you obtained Avast and its version.

After uninstalling Avira (which you said already exhibited defects so
that taints a subsequent AV install) and BEFORE installing another
anti-virus program (Avast), did you reboot the computer? A full (cold)
reboot, not a hybrid or hibernate reload.
Post by W***@Cowboy.net
I re-did the same W7 install, and tried free AVG, and lo. it has not
crashed yet after 24 hours. Task Manager says AVG is indeed running.
What do you think now?
FYI: AVG was acquired by Avast.

https://press.avast.com/avast-closes-acquisition-of-avg-technologies
Mike Easter
2017-08-07 00:49:45 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
As a generality, AV ware puts more demands on the system; uses more
resources. If something about your hardware/software situation puts it
'on the edge', then the AV could conceivably push it over.

What does 'new PC with Vista' mean? It is an old system but new to you?
What is this hardware brand name and modelno and such info as CPU and ram?
--
Mike Easter
VanguardLH
2017-08-07 02:21:25 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine. Then I installed free Avira. Seemed to install
fine. But then suddenly the PC would shut off, much like if it had a
short. I had a H of a time getting started again. Tried uninstalling
Avira in favor of Avast - same thing. Now it sits with no anti virus,
but it is not crashing. What do you suppose???
Your description looks like you got a used PC donated to you, and it had
Vista already installed (and whatever else the donor had previously
installed knowingly or unknowingly) along with whatever pollution or
corruption was already in place. When you "tried" Windows 7, did you do
an upgrade from Vista to 7 or did you do a fresh install of 7 (which
means the partition got wiped in a reformat before the OS installed)?
If you're not going to multi-boot to other operating systems on the same
PC or you have no preferences to 7 residing in 1 or 2 partitions for a
fresh install, have the Win7 setup program delete all partitions and let
it create the ones it wants (recovery and OS partitions). The exception
would be to leave the recovery partition if you want it available to
restore the PC back to the factory state (assuming this was some branded
PC rather than a home-built); however, that means the restore from that
recovery partition would take it back to the factory-time Vista image.

Is there just one partition in one HDD or SSD or are there more
partitions on one HDD/SSD or multiple HDDs/SSDs? Other than the OS
partition to wipe in a fresh install of 7, were the other partitions
wiped, too? Did you start fresh with 7 or did you evolve from a
polluted setup?

Unless you spend a LOT of time to disinfect and cleanup a used PC to
make sure it is clean, upgrading to the next OS from an unknown state
means you don't know what you end up with.
Paul in Houston TX
2017-08-07 02:58:36 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Can you start in Safe Mode with the anti virus turned off?
It almost sounds like the added load of full time anti virus
is too much for the ram or power supply.
Paul
2017-08-07 03:44:50 UTC
Permalink
Raw Message
Post by W***@Cowboy.net
This seems weird!
I was give this new PC with Vista on it. I thought to try w7 on it.
All seemed fine. I added several apps, like MS Office, and some
games. Still fine.
Then I installed free Avira. Seemed to install fine. But then
suddenly the PC would shut off, much like if it had a short. I had a
H of a time getting started again.
Tried uninstalling Avira in favor of Avast - same thing.
Now it sits with no anti virus, but it is not crashing.
What do you suppose???
JW
Offline scan ?

http://support.kaspersky.com/8092#block2

More than one AV company, makes an offline scanning
disc. You boot the CD, the tool gets an AV definition
update, and then you get to choose a partition to be scanned.

It's not going to identify everything, but it might find
the more trivial stuff. For example, I hide (in plain sight)
a copy of the EICAR test virus, for the offline scanner
to detect, so I can be assured it's actually working.
As the short text string on this page, is one of the
signatures the offline scanner will have in its 100MB
database.

https://en.wikipedia.org/wiki/EICAR_test_file

*******

An offline scan, all it can do is "signature analysis".

Scanners are available which do online scans. For example,
Malwarebytes makes a free on-demand scanner, and it checks
for "hooks", code "touching" things that it should not. So
that's a different kind of scan, and works best if the
infected OS is running. Malwarebytes on-demand is similar
to the offline scanners, in that it will want to download
some up-to-date definitions before the scan starts.

With Malwarebytes, you don't want "trial mode", you just
want the on-demand scanner. The hardest part, is getting
just the function you want.

*******

Even brand-new computers should be "tested" by the user.
The memtest86+ is used to sweep just about all of the
DIMMs (misses around 1MB of stuff or so). If you're good,
you can test pairs of DIMMs, in single channel mode, swap
the DIMMs (swap the Low and High DIMM) and test every stinking
byte. But most people aren't quite that thorough, and just
leave th box bolted together while doing an "acceptance"
test. The purpose of these tests, is to prove
"it's really a computer, and not a crashing random number generator".

http://www.memtest.org/ (scroll half-way down to the downloads)

I also like to run Prime95 in Torture Test mode, to make
sure the CPU is stable. For example, I can boot a Linux DVD,
and run MPrime from there, so that no Windows OS is necessary.
I might run this for four to sixteen hours, and it runs on all
cores. Modern versions of this code, use AVX, but some users
don't really want it to do that.

https://www.mersenne.org/download/

For video card testing, there aren't really a lot of good
choices for that. You can use 3DMark, some version of that
in demo mode, to exercise a video card. And maybe that will
warm it up enough to test that the card isn't flaky. While
there is Furmark, I don't think it's quite like Prime95,
and it probably isn't checking the veracity of operation.
You'd be relying on a driver crash, to flag that maybe
something wasn't completely kosher. Modern video card
drivers "de-tune" Furmark on purpose, to avoid burning
up the video card. The driver can recognize the Furmark
method of testing, and modify it a bit so it doesn't
cook the card.

Once you've verified the hardware on your "new" computer,
*then* you can return to your anti-malware adventures.

Paul
Loading...