Windows 8 and 8.1 Forums


BSOD: Due to CNET download of WinRar

  1. #1


    Posts : 2
    Windows 8

    BSOD: Due to CNET download of WinRar


    Hello friends,
    This past weekend (Sat: 3/15, I believe-- perhaps Sunday), I was gearing up to wrap-up grading and work for Spring Break. I enjoy taking many breaks when I grade, and was attempting to download a version of WinRar-- unfortunately, the version of WinRar I downloaded was from CNET, which has a Trojan attached to it. Even if it does not-- this was somehow the catalyst for me receiving a Trojan on my laptop along with SpyWare.
    I spent most of the day fixing the problem. The trojan was associated with a program called Search Agnet, I think-- I cannot remember right now. I will update details that I remember on this matter. I successfully removed the trojan and the spyware after several hours of stress. But I am unsure if I fixed the problem completely.
    -----------------------------
    So today as I came in, my laptop showed the BSOD and gave me the Kernel_Data_Inpage_Error message.
    It did give me a memory dump file. This happened a second time and gave me another memory dump file. How can I upload the memory dump files to this message-- it won't let me upload them? I have the laptop in Safe Mode and it is functioning correctly. How can I fix this error?
    Cheers,
    Jesse J. R. Jennings

      My System SpecsSystem Spec

  2. #2


    Posts : 22,576
    64-bit Windows 10


    Hello Jesse, and welcome to Eight Forums.

    Please read the instructions here: Blue Screen of Death (BSOD) Posting Instructions, and post back with the needed information. One of our BSOD experts should be by afterwards to further help.
      My System SpecsSystem Spec

  3. #3


    Posts : 2
    Windows 8


    Brink,
    I apologize for not following the instructions initially. Here are my Dump files in a zipped folder. Save me Brink! You are my only hope!
    Cheers,
    Jesse J. R. Jennings

    I apologize for not including this earlier. But during one of the errors one of the files came up: WER-91640-0.sysdata.xml
      My System SpecsSystem Spec

  4. #4


    Posts : 5,139
    Win8.1Pro - Finally!!!


    Unfortunately, the upload is incomplete. Please rerun the application and let it run for at least 15 minutes (or until the app itself tells you that it's done). Then zip it up and upload it.

    Also, as this is a confirmed infection, I'd strongly suggest that you perform additional scans with an independent scanner in order to be sure that you're not still infected. If you don't have it, I'd suggest the free version of MalwareBytes: https://www.malwarebytes.org/free/ There are other free scanners listed here: Free Online AntiMalware Resources

    Here's what I got from the 2 memory dumps that made it into the uploaded files.....

    It appears that you have AVG and McAfee installed. Please uninstall both, then install a fresh copy of the latest Win8 comapatible version of the one that you choose to use. Only use one antivirus and one firewall at a time - otherwise they will compete with each other and may even allow virus' onto your system.

    If all of this doesn't stop the BSOD's, please run Driver Verifier according to these instructions: Driver Verifier Settings



    Analysis:
    The following is for informational purposes only.
    Code:
    **************************Thu Mar 20 11:57:10.494 2014 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\John\SysnativeBSODApps\032014-29046-01.dmp]
    Windows 8 Kernel Version 9200 MP (4 procs) Free x64
    Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
    System Uptime:0 days 0:20:15.209
    Probably caused by :ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+24cc6 )
    BugCheck 7A, {4, 0, fffffa8003a8d610, 7521ed74}
    BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
    Arguments: 
    Arg1: 0000000000000004, lock type that was held (value 1,2,3, or PTE address)
    Arg2: 0000000000000000, error status (normally i/o status code)
    Arg3: fffffa8003a8d610, current process (virtual address for lock type 3, or PTE)
    Arg4: 000000007521ed74, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
    BUGCHECK_STR:  0x7a_0
    PROCESS_NAME:  mcagent.exe
    FAILURE_BUCKET_ID: 0x7a_0_nt!_??_::FNODOBFM::_string_
    CPUID:        "Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz"
    MaxSpeed:     2600
    CurrentSpeed: 2594
      BIOS Version                  K55A.406
      BIOS Release Date             11/08/2012
      Manufacturer                  ASUSTeK COMPUTER INC.
      Product Name                  K55A
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu Mar 20 11:35:00.047 2014 (UTC - 4:00)**************************
    Loading Dump File [C:\Users\John\SysnativeBSODApps\032014-23421-01.dmp]
    Windows 8 Kernel Version 9200 MP (4 procs) Free x64
    Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
    System Uptime:0 days 11:28:25.248
    Probably caused by :ntkrnlmp.exe ( nt! ?? ::FNODOBFM::`string'+24cc6 )
    BugCheck 7A, {4, 0, fffffa8008c92e80, 31513ac05c}
    BugCheck Info: KERNEL_DATA_INPAGE_ERROR (7a)
    Arguments: 
    Arg1: 0000000000000004, lock type that was held (value 1,2,3, or PTE address)
    Arg2: 0000000000000000, error status (normally i/o status code)
    Arg3: fffffa8008c92e80, current process (virtual address for lock type 3, or PTE)
    Arg4: 00000031513ac05c, virtual address that could not be in-paged (or PTE contents if arg1 is a PTE address)
    BUGCHECK_STR:  0x7a_0
    PROCESS_NAME:  avgcsrva.exe
    FAILURE_BUCKET_ID: 0x7a_0_nt!_??_::FNODOBFM::_string_
    CPUID:        "Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz"
    MaxSpeed:     2600
    CurrentSpeed: 2594
      BIOS Version                  K55A.406
      BIOS Release Date             11/08/2012
      Manufacturer                  ASUSTeK COMPUTER INC.
      Product Name                  K55A
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    
    3rd Party Drivers:
    The following is for information purposes only.
    Any drivers in red should be updated or removed from your system. And should have been discussed in the body of my post.
    Code:
    **************************Thu Mar 20 11:57:10.494 2014 (UTC - 4:00)**************************
    ASMMAP64.sys                Thu Jul  2 05:13:26 2009 (4A4C7A36)
    atkwmiacpi64.sys            Tue Sep  6 21:44:52 2011 (4E66CC94)
    AiCharger.sys               Thu Sep 22 22:04:40 2011 (4E7BE938)
    GEARAspiWDM.sys             Thu May  3 15:56:17 2012 (4FA2E2E1)
    AsHIDSwitch64.sys           Wed May 30 22:38:32 2012 (4FC6D9A8)
    Rt630x64.sys                Tue Jun 12 09:37:53 2012 (4FD74631)
    IntcDAud.sys                Tue Jun 19 10:40:51 2012 (4FE08F73)
    HECIx64.sys                 Mon Jul  2 18:14:58 2012 (4FF21D62)
    RtsBaStor.sys               Tue Jul  3 01:55:21 2012 (4FF28949)
    iaStorA.sys                 Mon Jul  9 16:42:33 2012 (4FFB4239)
    dump_iaStorA.sys            Mon Jul  9 16:42:33 2012 (4FFB4239)
    RTKVHD64.sys                Tue Jul 17 09:11:37 2012 (50056489)
    igdkmd64.sys                Tue Jul 31 18:05:35 2012 (501856AF)
    kbfiltr.sys                 Wed Aug  1 23:22:22 2012 (5019F26E)
    athw8x.sys                  Thu Aug 16 03:01:18 2012 (502C9ABE)
    AsusTP.sys                  Mon Oct 29 14:23:54 2012 (508EC9BA)
    intelppm.sys                Mon Nov  5 22:55:02 2012 (50988A16)
    mfehidk.sys                 Tue Jan 15 13:21:15 2013 (50F59E1B)
    mfewfpk.sys                 Tue Jan 15 13:21:30 2013 (50F59E2A)
    mfeapfk.sys                 Tue Jan 15 13:21:56 2013 (50F59E44)
    mfeavfk.sys                 Tue Jan 15 13:22:16 2013 (50F59E58)
    mfefirek.sys                Tue Jan 15 13:24:04 2013 (50F59EC4)
    cfwids.sys                  Tue Jan 15 13:24:37 2013 (50F59EE5)
    avgrkx64.sys                Mon Sep  9 18:42:59 2013 (522E4EF3)
    avgmfx64.sys                Mon Sep 30 18:49:53 2013 (524A0011)
    avgwfpa.sys                 Mon Oct 21 16:28:13 2013 (52658E5D)
    avgloga.sys                 Thu Oct 31 17:49:41 2013 (5272D075)
    avgdiska.sys                Mon Nov 25 15:47:16 2013 (5293B754)
    avgidsdrivera.sys           Mon Nov 25 15:47:17 2013 (5293B755)
    avgidsha.sys                Mon Nov 25 15:47:18 2013 (5293B756)
    ииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииииии``
    **************************Thu Mar 20 11:35:00.047 2014 (UTC - 4:00)**************************
    avgldx64.sys                Thu Oct 31 18:00:14 2013 (5272D2EE)
    
    http://www.carrona.org/drivers/driver.php?id=ASMMAP64.sys
    http://www.carrona.org/drivers/driver.php?id=atkwmiacpi64.sys
    http://www.carrona.org/drivers/driver.php?id=AiCharger.sys
    http://www.carrona.org/drivers/driver.php?id=GEARAspiWDM.sys
    http://www.carrona.org/drivers/driver.php?id=AsHIDSwitch64.sys
    http://www.carrona.org/drivers/driver.php?id=Rt630x64.sys
    http://www.carrona.org/drivers/driver.php?id=IntcDAud.sys
    http://www.carrona.org/drivers/driver.php?id=HECIx64.sys
    http://www.carrona.org/drivers/driver.php?id=RtsBaStor.sys
    http://www.carrona.org/drivers/driver.php?id=iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=dump_iaStorA.sys
    http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
    http://www.carrona.org/drivers/driver.php?id=igdkmd64.sys
    http://www.carrona.org/drivers/driver.php?id=kbfiltr.sys
    http://www.carrona.org/drivers/driver.php?id=athw8x.sys
    http://www.carrona.org/drivers/driver.php?id=AsusTP.sys
    http://www.carrona.org/drivers/driver.php?id=intelppm.sys
    http://www.carrona.org/drivers/driver.php?id=mfehidk.sys
    http://www.carrona.org/drivers/driver.php?id=mfewfpk.sys
    http://www.carrona.org/drivers/driver.php?id=mfeapfk.sys
    http://www.carrona.org/drivers/driver.php?id=mfeavfk.sys
    http://www.carrona.org/drivers/driver.php?id=mfefirek.sys
    http://www.carrona.org/drivers/driver.php?id=cfwids.sys
    http://www.carrona.org/drivers/driver.php?id=avgrkx64.sys
    http://www.carrona.org/drivers/driver.php?id=avgmfx64.sys
    http://www.carrona.org/drivers/driver.php?id=avgwfpa.sys
    http://www.carrona.org/drivers/driver.php?id=avgloga.sys
    http://www.carrona.org/drivers/driver.php?id=avgdiska.sys
    http://www.carrona.org/drivers/driver.php?id=avgidsdrivera.sys
    http://www.carrona.org/drivers/driver.php?id=avgidsha.sys
    http://www.carrona.org/drivers/driver.php?id=avgldx64.sys
      My System SpecsSystem Spec

  5. #5


    Posts : 660
    windows 8.1


    Both your dumpfiles are STOP 0x0000007A: KERNEL_DATA_INPAGE_ERROR
    Usual causes:
    Memory, Paging file corruption, File system, Hard drive, Cabling, Virus infection, Improperly seated cards, BIOS, Bad motherboard, Missing Service Pack.

    You mentioned you caught a virusinfection are you sure you succesfully removed the virus.
    You did not mentioned the steps you did.
    Did you run Anti-Malwarbytes, TdssKiller , any other ?

    Analyzing the dumpfiles one mentioned avgcsrva.exe ( part of AVG), the other mentioned mcagent.exe (McAfee).
    I assume that you first used AVG and now use McAfee.

    The driverlist taken from the latest dumpfile shows still many drivers related to AVG.
    Please use the AVGRemover from http://www.avg.com/us-en/utilities to completely uninstall all leftovers of AVG.


    Please also update these older drivers to windows 8.1 compatibility. Links are included to assist in looking up the source of the drivers. If unable to find an update, please remove (un-install) the program responsible for that driver. DO NOT manually delete/rename the driver as it may make the system unbootable! :

    ASMMAP64 Thu Jul 02 11:13:26 2009 (4a4c7a36) 0000ceab ASMMAP64.sys
    Driver Description: LENOVO ATK Hotkey ATK0101 ACPI UTILITY (also found in Asus systems)
    Driver Update Site: Lenovo Support - Home (US)


    atkwmiacpi64 Wed Sep 07 03:44:52 2011 (4e66cc94) 000056b5 atkwmiacpi64.sys
    Driver Description: ATK WMIACPI Utility
    Driver Update Site: http://support.asus.com/download/download.aspx

    AiCharger Fri Sep 23 04:04:40 2011 (4e7be938) 0000a877 AiCharger.sys
    Likely BSOD cause - haven't seen recently (15Jan2013)
    Driver Update Site: ASUSTeK Computer Inc. -Support- Drivers and Download P6T

    If all of this doesn't stop the BSOD's, please run Driver Verifier according to these instructions: Driver Verifier Settings.

    Because also hardware related issues can cause STOP 0x0000007A: KERNEL_DATA_INPAGE_ERROR , you can also run these free hardware diagnostics: Hardware Diagnostics.
      My System SpecsSystem Spec

BSOD: Due to CNET download of WinRar
Related Threads
Solved WINRAR and UAC in Software and Apps
Hi guys, I get errors when I try to extract .zip files using WinRAR so I tried the right click Run as Administrator and it worked fine. Unfortunately when I use WinRAR context menus the Run as Administrator option is not possible. So I went into Properties>Compatibility>Settings and checked...
July 15, Help Net Security Ц (International) CNET attacked by Russian hackers, user database stolen. CBS Interactive confirmed that media Web site CNET was compromised after attackers claiming affiliation with the Russian hacker group W0rm stated that they were able to obtain databases containing...
WinRAR VS 7zip in Software and Apps
Hello, I was wondering what is the best compression software. I am looking for the following: -Fast at opening ZIP files -Fast at compressing ZIP files -Fast and extracting ZIP files
Solved Winrar x64 in Software and Apps
Hi I am running Windows 8 Pro x64 and have problems regarding installation of Winrar x64 version 4.20 and 4.11. Well the problem is that it wont start the installation at all. Nothing happens when i double-click to install the app and event viewer isnt recording the event at all. Anyone got an...
I have a few interesting pictures to share with the EightForums community, about Microsoft's Windows 8 game plans. You might find some witty info, but that's all up to you... :dance: http://img5.imageshack.us/img5/5594/alleyesonapple540x302.png ...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook