Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Windows 64bit > gdi32.dll program hang (the ghost in the machine)

Reply
Thread Tools

gdi32.dll program hang (the ghost in the machine)

 
 
miso@sushi.com
Guest
Posts: n/a
 
      12-29-2006
I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ).
Every once in a while, my PC gets in this mode where three programs
(Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6
gives me the clue that the problem is due to gdi32.dll.

Two questions:
1)
<http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.html>
claims there is a potential to create a DOS attack using gdi32.dll. Now
I'm not running a server, and I am behind a firewall router, but any
chance there is a virus in gdi32.
2) I've been waiting for sp2 to be released. What are the risks of
installing the beta.

 
Reply With Quote
 
 
 
 
miso@sushi.com
Guest
Posts: n/a
 
      12-29-2006

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ).
> Every once in a while, my PC gets in this mode where three programs
> (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6
> gives me the clue that the problem is due to gdi32.dll.
>
> Two questions:
> 1)
> <http://securitydot.net/vuln/exploits/vulnerabilities/articles/18330/vuln.html>
> claims there is a potential to create a DOS attack using gdi32.dll. Now
> I'm not running a server, and I am behind a firewall router, but any
> chance there is a virus in gdi32.
> 2) I've been waiting for sp2 to be released. What are the risks of
> installing the beta.


Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]"
Deleting the file made the problem go away, but I suspect this wasn't
exactly the problem For one thing, the file was too large to put in the
vault, so I assume it was the full size of my memory, which is around
3+Gbytes. I doubt I downloaded something that big.

 
Reply With Quote
 
 
 
 
Tony Sperling
Guest
Posts: n/a
 
      12-30-2006
It is probably hard to pinpoint an error so precisely. Something points
somewhere specific could mean that is the avenue that brought on the
offensive code, not necessarily where it originates.

A memory dump would be a file the size of the memory, not a part thereof,
and size should not have any relation to anything you downloaded. I suggest
you make Avast run a full scan of your complete system over the course of a
couple of days ( not continuously! ) - and after re-booting too. If it is
something nasty, it may well regenerate itself, after being deleted.

Tony. . .

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>
> (E-Mail Removed) wrote:
> > I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ).
> > Every once in a while, my PC gets in this mode where three programs
> > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6
> > gives me the clue that the problem is due to gdi32.dll.
> >
> > Two questions:
> > 1)
> >

<http://securitydot.net/vuln/exploits.../18330/vuln.ht
ml>
> > claims there is a potential to create a DOS attack using gdi32.dll. Now
> > I'm not running a server, and I am behind a firewall router, but any
> > chance there is a virus in gdi32.
> > 2) I've been waiting for sp2 to be released. What are the risks of
> > installing the beta.

>
> Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]"
> Deleting the file made the problem go away, but I suspect this wasn't
> exactly the problem For one thing, the file was too large to put in the
> vault, so I assume it was the full size of my memory, which is around
> 3+Gbytes. I doubt I downloaded something that big.
>



 
Reply With Quote
 
miso@sushi.com
Guest
Posts: n/a
 
      12-30-2006

Tony Sperling wrote:
> It is probably hard to pinpoint an error so precisely. Something points
> somewhere specific could mean that is the avenue that brought on the
> offensive code, not necessarily where it originates.
>
> A memory dump would be a file the size of the memory, not a part thereof,
> and size should not have any relation to anything you downloaded. I suggest
> you make Avast run a full scan of your complete system over the course of a
> couple of days ( not continuously! ) - and after re-booting too. If it is
> something nasty, it may well regenerate itself, after being deleted.
>
> Tony. . .


The size of the dump file made me draw the same conclusion, but maybe
the virus can attach to the last dump file. Good idea on running the
virus scan to see if it pops up again.

Here are some older threads of mine with the same problem:
[July 31, 2006)
<http://groups.google.com/group/microsoft.public.windows.64bit.general/browse_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62ec09 231767>
[Sept 11, 2006]
<http://groups.google.com/group/microsoft.public.windows.64bit.general/browse_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476851b 0e1fdd>
[Sept 10, 2006]
<http://groups.google.com/group/microsoft.public.windows.64bit.general/browse_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.public .windows.64bit.general+author%3Amiso%40sushi.com&r num=38&hl=en#223c95defd080d1d>

X64 is really stable, but this bug just drives me crazy since it is so
flaky.


>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) ups.com...
> >
> > (E-Mail Removed) wrote:
> > > I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ).
> > > Every once in a while, my PC gets in this mode where three programs
> > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6
> > > gives me the clue that the problem is due to gdi32.dll.
> > >
> > > Two questions:
> > > 1)
> > >

> <http://securitydot.net/vuln/exploits.../18330/vuln.ht
> ml>
> > > claims there is a potential to create a DOS attack using gdi32.dll. Now
> > > I'm not running a server, and I am behind a firewall router, but any
> > > chance there is a virus in gdi32.
> > > 2) I've been waiting for sp2 to be released. What are the risks of
> > > installing the beta.

> >
> > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]"
> > Deleting the file made the problem go away, but I suspect this wasn't
> > exactly the problem For one thing, the file was too large to put in the
> > vault, so I assume it was the full size of my memory, which is around
> > 3+Gbytes. I doubt I downloaded something that big.
> >


 
Reply With Quote
 
Tony Sperling
Guest
Posts: n/a
 
      12-30-2006
I'm not sure what benefit a Virus could possibly have from doing that. More
likely - if there is a Virus, it trips a process which triggers a memory
dump and the Virus gets dumped along with everything else, but this is not
where it performs it's feat, I believe it will effectively be disabled
there. The danger is to find it there (where it is harmless!) and thinking
you got rid of it. In the mean-time it sits and waits quietly somewhere
else. Nobody really knows what a Virus is doing - or why, sometimes they
wait for one specific event (a date, or a certain chain of characters in the
keyboard buffer?) this sets it off and it lands in a dump file, the original
going back to sleep, the only thing a Virus Scanner can do is scan for API
and System Calls that would be typical for a Virus to want to utilize!
Whatever the scanner finds, a lot of it has to be false alarms - we just
don't know which ones they are. Personally, I've noticed that Avast finds an
inordinate amount of one specific type of Virus (Trojan's!). If I was using
something else, it would probably just be a different type of Virus, and
most of anything they find will be false alarms.

Windows Defender is not Virus-Centric, but it does some very impressive
scanning, and sometimes finds suspicious things that other's don't find.
Most likely then it is a false alarm, but you have an option to go looking.
I suggest you could install that and run it in tandem with Avast.

Anyway, I think the behaviour you are seeing is looking more like a
spyware/malware problem, than an actual Virus???

I was being terrorised by one nasty thing called "NewDotNet", Recovering to
a Restore Point helped for a while, but it came back and I ended up doing a
fresh install. Defender was the only thing that found it - nothing could
remove it. Not sure what your options are, but try and find out what it
really is or you'll be stabbing at shadows.

(One option is to mail the dump file to Avast - they are a helpfull lot, but
I'm not sure that they can do anything helpfull with it?)


Tony. . .



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>
> Tony Sperling wrote:
> > It is probably hard to pinpoint an error so precisely. Something points
> > somewhere specific could mean that is the avenue that brought on the
> > offensive code, not necessarily where it originates.
> >
> > A memory dump would be a file the size of the memory, not a part

thereof,
> > and size should not have any relation to anything you downloaded. I

suggest
> > you make Avast run a full scan of your complete system over the course

of a
> > couple of days ( not continuously! ) - and after re-booting too. If it

is
> > something nasty, it may well regenerate itself, after being deleted.
> >
> > Tony. . .

>
> The size of the dump file made me draw the same conclusion, but maybe
> the virus can attach to the last dump file. Good idea on running the
> virus scan to see if it pops up again.
>
> Here are some older threads of mine with the same problem:
> [July 31, 2006)
>

<http://groups.google.com/group/micro....general/brows
e_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62
ec09231767>
> [Sept 11, 2006]
>

<http://groups.google.com/group/micro....general/brows
e_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476
851b0e1fdd>
> [Sept 10, 2006]
>

<http://groups.google.com/group/micro....general/brows
e_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.pu
blic.windows.64bit.general+author%3Amiso%40sushi.c om&rnum=38&hl=en#223c95def
d080d1d>
>
> X64 is really stable, but this bug just drives me crazy since it is so
> flaky.
>
>
> >
> > <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) ups.com...
> > >
> > > (E-Mail Removed) wrote:
> > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64 4400 ).
> > > > Every once in a while, my PC gets in this mode where three programs
> > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop 6
> > > > gives me the clue that the problem is due to gdi32.dll.
> > > >
> > > > Two questions:
> > > > 1)
> > > >

> >

<http://securitydot.net/vuln/exploits.../18330/vuln.ht
> > ml>
> > > > claims there is a potential to create a DOS attack using gdi32.dll.

Now
> > > > I'm not running a server, and I am behind a firewall router, but any
> > > > chance there is a virus in gdi32.
> > > > 2) I've been waiting for sp2 to be released. What are the risks of
> > > > installing the beta.
> > >
> > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]"
> > > Deleting the file made the problem go away, but I suspect this wasn't
> > > exactly the problem For one thing, the file was too large to put in

the
> > > vault, so I assume it was the full size of my memory, which is around
> > > 3+Gbytes. I doubt I downloaded something that big.
> > >

>



 
Reply With Quote
 
Dshai
Guest
Posts: n/a
 
      12-30-2006
Tony, for future reference on NewDotNet, AdAware will find and disable it as
well as identifying the registry keys that "control" it, this allows you to
delete said keys and effectively rid yourself of the pest without a
format/reload.

Dshai

"Tony Sperling" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I'm not sure what benefit a Virus could possibly have from doing that.
> More
> likely - if there is a Virus, it trips a process which triggers a memory
> dump and the Virus gets dumped along with everything else, but this is not
> where it performs it's feat, I believe it will effectively be disabled
> there. The danger is to find it there (where it is harmless!) and thinking
> you got rid of it. In the mean-time it sits and waits quietly somewhere
> else. Nobody really knows what a Virus is doing - or why, sometimes they
> wait for one specific event (a date, or a certain chain of characters in
> the
> keyboard buffer?) this sets it off and it lands in a dump file, the
> original
> going back to sleep, the only thing a Virus Scanner can do is scan for API
> and System Calls that would be typical for a Virus to want to utilize!
> Whatever the scanner finds, a lot of it has to be false alarms - we just
> don't know which ones they are. Personally, I've noticed that Avast finds
> an
> inordinate amount of one specific type of Virus (Trojan's!). If I was
> using
> something else, it would probably just be a different type of Virus, and
> most of anything they find will be false alarms.
>
> Windows Defender is not Virus-Centric, but it does some very impressive
> scanning, and sometimes finds suspicious things that other's don't find.
> Most likely then it is a false alarm, but you have an option to go
> looking.
> I suggest you could install that and run it in tandem with Avast.
>
> Anyway, I think the behaviour you are seeing is looking more like a
> spyware/malware problem, than an actual Virus???
>
> I was being terrorised by one nasty thing called "NewDotNet", Recovering
> to
> a Restore Point helped for a while, but it came back and I ended up doing
> a
> fresh install. Defender was the only thing that found it - nothing could
> remove it. Not sure what your options are, but try and find out what it
> really is or you'll be stabbing at shadows.
>
> (One option is to mail the dump file to Avast - they are a helpfull lot,
> but
> I'm not sure that they can do anything helpfull with it?)
>
>
> Tony. . .
>
>
>
> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
>>
>> Tony Sperling wrote:
>> > It is probably hard to pinpoint an error so precisely. Something points
>> > somewhere specific could mean that is the avenue that brought on the
>> > offensive code, not necessarily where it originates.
>> >
>> > A memory dump would be a file the size of the memory, not a part

> thereof,
>> > and size should not have any relation to anything you downloaded. I

> suggest
>> > you make Avast run a full scan of your complete system over the course

> of a
>> > couple of days ( not continuously! ) - and after re-booting too. If it

> is
>> > something nasty, it may well regenerate itself, after being deleted.
>> >
>> > Tony. . .

>>
>> The size of the dump file made me draw the same conclusion, but maybe
>> the virus can attach to the last dump file. Good idea on running the
>> virus scan to see if it pops up again.
>>
>> Here are some older threads of mine with the same problem:
>> [July 31, 2006)
>>

> <http://groups.google.com/group/micro....general/brows
> e_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62
> ec09231767>
>> [Sept 11, 2006]
>>

> <http://groups.google.com/group/micro....general/brows
> e_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476
> 851b0e1fdd>
>> [Sept 10, 2006]
>>

> <http://groups.google.com/group/micro....general/brows
> e_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.pu
> blic.windows.64bit.general+author%3Amiso%40sushi.c om&rnum=38&hl=en#223c95def
> d080d1d>
>>
>> X64 is really stable, but this bug just drives me crazy since it is so
>> flaky.
>>
>>
>> >
>> > <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed) ups.com...
>> > >
>> > > (E-Mail Removed) wrote:
>> > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64
>> > > > 4400 ).
>> > > > Every once in a while, my PC gets in this mode where three programs
>> > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only Photoshop
>> > > > 6
>> > > > gives me the clue that the problem is due to gdi32.dll.
>> > > >
>> > > > Two questions:
>> > > > 1)
>> > > >
>> >

> <http://securitydot.net/vuln/exploits.../18330/vuln.ht
>> > ml>
>> > > > claims there is a potential to create a DOS attack using gdi32.dll.

> Now
>> > > > I'm not running a server, and I am behind a firewall router, but
>> > > > any
>> > > > chance there is a virus in gdi32.
>> > > > 2) I've been waiting for sp2 to be released. What are the risks of
>> > > > installing the beta.
>> > >
>> > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]"
>> > > Deleting the file made the problem go away, but I suspect this wasn't
>> > > exactly the problem For one thing, the file was too large to put in

> the
>> > > vault, so I assume it was the full size of my memory, which is around
>> > > 3+Gbytes. I doubt I downloaded something that big.
>> > >

>>

>
>



 
Reply With Quote
 
Tony Sperling
Guest
Posts: n/a
 
      12-30-2006
Well, thank YOU! This is the only kind of malware that ever brought my
machine (any of them) to it's knees. It was silent for a long time, maybe a
year, then started playing tricks with the i-net connection. As a last
attempt I tried deleting it manually and that completely broke my
connection and nothing could bring it back up.

O.K. - AdAware it is then!

Since Defender recognised it, I assume it will stop it and protect you, but
once it is inside? This is certainly good news on the threshold of a new
year!


Tony. . .


"Dshai" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Tony, for future reference on NewDotNet, AdAware will find and disable it

as
> well as identifying the registry keys that "control" it, this allows you

to
> delete said keys and effectively rid yourself of the pest without a
> format/reload.
>
> Dshai
>
> "Tony Sperling" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I'm not sure what benefit a Virus could possibly have from doing that.
> > More
> > likely - if there is a Virus, it trips a process which triggers a memory
> > dump and the Virus gets dumped along with everything else, but this is

not
> > where it performs it's feat, I believe it will effectively be disabled
> > there. The danger is to find it there (where it is harmless!) and

thinking
> > you got rid of it. In the mean-time it sits and waits quietly somewhere
> > else. Nobody really knows what a Virus is doing - or why, sometimes they
> > wait for one specific event (a date, or a certain chain of characters in
> > the
> > keyboard buffer?) this sets it off and it lands in a dump file, the
> > original
> > going back to sleep, the only thing a Virus Scanner can do is scan for

API
> > and System Calls that would be typical for a Virus to want to utilize!
> > Whatever the scanner finds, a lot of it has to be false alarms - we just
> > don't know which ones they are. Personally, I've noticed that Avast

finds
> > an
> > inordinate amount of one specific type of Virus (Trojan's!). If I was
> > using
> > something else, it would probably just be a different type of Virus, and
> > most of anything they find will be false alarms.
> >
> > Windows Defender is not Virus-Centric, but it does some very impressive
> > scanning, and sometimes finds suspicious things that other's don't find.
> > Most likely then it is a false alarm, but you have an option to go
> > looking.
> > I suggest you could install that and run it in tandem with Avast.
> >
> > Anyway, I think the behaviour you are seeing is looking more like a
> > spyware/malware problem, than an actual Virus???
> >
> > I was being terrorised by one nasty thing called "NewDotNet", Recovering
> > to
> > a Restore Point helped for a while, but it came back and I ended up

doing
> > a
> > fresh install. Defender was the only thing that found it - nothing could
> > remove it. Not sure what your options are, but try and find out what it
> > really is or you'll be stabbing at shadows.
> >
> > (One option is to mail the dump file to Avast - they are a helpfull lot,
> > but
> > I'm not sure that they can do anything helpfull with it?)
> >
> >
> > Tony. . .
> >
> >
> >
> > <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed) oups.com...
> >>
> >> Tony Sperling wrote:
> >> > It is probably hard to pinpoint an error so precisely. Something

points
> >> > somewhere specific could mean that is the avenue that brought on the
> >> > offensive code, not necessarily where it originates.
> >> >
> >> > A memory dump would be a file the size of the memory, not a part

> > thereof,
> >> > and size should not have any relation to anything you downloaded. I

> > suggest
> >> > you make Avast run a full scan of your complete system over the

course
> > of a
> >> > couple of days ( not continuously! ) - and after re-booting too. If

it
> > is
> >> > something nasty, it may well regenerate itself, after being deleted.
> >> >
> >> > Tony. . .
> >>
> >> The size of the dump file made me draw the same conclusion, but maybe
> >> the virus can attach to the last dump file. Good idea on running the
> >> virus scan to see if it pops up again.
> >>
> >> Here are some older threads of mine with the same problem:
> >> [July 31, 2006)
> >>

> >

<http://groups.google.com/group/micro....general/brows
> >

e_frm/thread/2d3ca32209438ff0/d15c62ec09231767?lnk=st&q=&rnum=3&hl=en#d15c62
> > ec09231767>
> >> [Sept 11, 2006]
> >>

> >

<http://groups.google.com/group/micro....general/brows
> >

e_frm/thread/178c95b4549e2886/2be476851b0e1fdd?lnk=st&q=&rnum=9&hl=en#2be476
> > 851b0e1fdd>
> >> [Sept 10, 2006]
> >>

> >

<http://groups.google.com/group/micro....general/brows
> >

e_frm/thread/e9dc73dfc54f94e1/223c95defd080d1d?lnk=st&q=group%3Amicrosoft.pu
> >

blic.windows.64bit.general+author%3Amiso%40sushi.c om&rnum=38&hl=en#223c95def
> > d080d1d>
> >>
> >> X64 is really stable, but this bug just drives me crazy since it is so
> >> flaky.
> >>
> >>
> >> >
> >> > <(E-Mail Removed)> wrote in message
> >> > news:(E-Mail Removed) ups.com...
> >> > >
> >> > > (E-Mail Removed) wrote:
> >> > > > I've got this periodic problem with gdi32.dll on X64 (AMD 64
> >> > > > 4400 ).
> >> > > > Every once in a while, my PC gets in this mode where three

programs
> >> > > > (Open Office Calc, Photoshop 6, and Vuescan) crash. Only

Photoshop
> >> > > > 6
> >> > > > gives me the clue that the problem is due to gdi32.dll.
> >> > > >
> >> > > > Two questions:
> >> > > > 1)
> >> > > >
> >> >

> >

<http://securitydot.net/vuln/exploits.../18330/vuln.ht
> >> > ml>
> >> > > > claims there is a potential to create a DOS attack using

gdi32.dll.
> > Now
> >> > > > I'm not running a server, and I am behind a firewall router, but
> >> > > > any
> >> > > > chance there is a virus in gdi32.
> >> > > > 2) I've been waiting for sp2 to be released. What are the risks

of
> >> > > > installing the beta.
> >> > >
> >> > > Avast found a virus in memory.dmp. Virus was "Win32:Agent-SG [Trj]"
> >> > > Deleting the file made the problem go away, but I suspect this

wasn't
> >> > > exactly the problem For one thing, the file was too large to put in

> > the
> >> > > vault, so I assume it was the full size of my memory, which is

around
> >> > > 3+Gbytes. I doubt I downloaded something that big.
> >> > >
> >>

> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Producting Ghost bootable CD with ghost image on BertieBigBollox@gmail.com Computer Support 0 09-19-2007 10:26 AM
I used ghost to mirror my C: drive, worked fine, but now when I double-click C: in 'my computer' it opens Ghost. wtf??? jeff Computer Support 7 05-08-2005 07:23 PM
subprocess 'wait' method causes .py program to hang. Earl Eiland Python 1 03-19-2005 06:10 PM
Java program hang,how to do problem determination Victor Zhang Java 0 02-06-2004 05:19 AM
How to make a bootable Ghost CD with Norton Ghost 2003 van A+ Certification 2 10-14-2003 07:53 PM



Advertisments