Could this be malware?

[devnulllore]

5 hours ago, BudMan said:

Well you should prob look into the details of each error/warning and look to correct stuff that is not correct.

 

I'm not seeing any dcom 10010 errors, but in mine I see some 10016, which I have just corrected.  Decom permissions can be adjusted..

 

Volmgr 46, points to crash dump file not there? Not created?

http://www.eventid.net/display-eventid-46-source-volmgr-eventno-10647-phase-1.htm

 

Are you disabling swap?? ie your pagefile?

I will do so. The dcomm 10016 is one too. How did you correct it?

[+BudMan MVC]

fixed the permissions on the decom...

 

You will want to look for the specific that was causing yours mine was the Immersive Shell

[xrobwx71]

https://www.sysnative.com/forums/pages/bsodcollectionapp/

 

Try the above and post the results, perhaps it will shed some light on your situation.

 

Also, you can try this too: 

 

https://www.bleepingcomputer.com/forums/t/576333/driver-verifier-bsod-related-windows-10-81-8-7-vista/#entry3707530

 

 

[devnulllore]

10 hours ago, Peresvet said:

TL;DR 6 pages, so sorry if it's been addressed already, but you are missing lots of unallocated space there, ~ 46GB.

It's over provisioning

5 hours ago, BudMan said:

fixed the permissions on the decom...

 

You will want to look for the specific that was causing yours mine was the Immersive Shell

Would you offer instructions on how you fixed the decom error?

[+BudMan MVC]

What is your specific error - do a simple google for the exact error and you will more than likely find multiple hits on how to correct it.. For example.. Here were instructions how to fix an esent error was also seeing.

 

https://answers.microsoft.com/en-us/windows/forum/all/event-viewer-erro-esent-455-since-update-1903/624a2548-06e5-47f4-bb99-76d6412895a0

 

here was specific fix for the 10016 error I was seeing

https://answers.microsoft.com/en-us/windows/forum/windows8_1-performance/error-event-id-10016-distributedcom/130522d2-beac-4495-980a-65e1e3279901

 

Keep in mind the errors I was seeing could be different than what your seeing.

[devnulllore]

Well whatever it is now that is causing the problem I did in fact have malware, ransomware to be exact. For the first time in my life I started using Tor browser and now I am getting ransom notes in my email is anyone familiar with these?

[+Matthew S. Subscriber²]

That has nothing to do with the drive if you were doing clean installs...

[+BudMan MVC]

An email threatening ramsonware is also not ransomware - its just spam..

 

Also the emails saying this is your password, and I know what you did on some p0rn site - send me some crypto - again spam..

[ReAnimation]

I haven't read through the full breadcrumb trial of this thread so apologies if this has already been mentioned, but random crashes/BSOD's can sometimes be caused by bad RAM.

 

Have you tried running memtest 86 on your computer and let it run a full sweep of your RAM?

 

You can download the ISO file (https://www.memtest86.com/) and either burn it to CD, or create a bootable USB memory stick using Rufus (https://rufus.ie/).

 

Depending your computers BIOS setup, you may need to enable legacy boot support to boot from USB media/CD's.  (My motherboard calls it CSM - compatability support module).

 

Once you have the motherboard booting from USB/CD, let memtest run a full sweep.  If its all fine, you can rule out memory issues.

[+BudMan MVC]

he is not actually getting a crash of the system, he explains it as crash of explorer, or just a hang/freeze, etc.

[devnulllore]

2 hours ago, BudMan said:

An email threatening ramsonware is also not ransomware - its just spam..

 

Also the emails saying this is your password, and I know what you did on some p0rn site - send me some crypto - again spam..

What about the fact that the password s they showed were my actual passwords?

 

[+BudMan MVC]

Because some site data was compromised... That had your passwords..

 

1) Hack some site that has emails and passwords

2) use said emails to spam emails saying xyz - proof we have your passwords

3) profit.

https://techcrunch.com/2018/07/12/ransomware-technique-uses-your-real-passwords-to-trick-you/

 

edit:

This is another example of why you use very complex passwords, use different passwords for all sites.. And pay attention to any sites that have been compromised

 

Look into https://haveibeenpwned.com/

 

edit2:  To be honest some help desk guy that works for company xyz, could leverage his access to emails and passwords for such a scheme as well.  Site wouldn't have to have be compromised by outsiders.

 

 

[Jim K Global Moderator]

In addition to the above ... if you do get some emails saying they know your password is (your actual password)... be sure that all sites that you use that password/email combo have been changed.  Don't worry about the "ransom note" email itself ... just start changing passwords (if the password is your actual password) if you haven't already.

 

I've gotten a few of those "ransom note" emails but they contained older passwords of mine.

 

You can also use https://haveibeenpwned.com/ to check your email address vs. data breaches.

[+BudMan MVC]

^very good advice.  While the complexity of the passwords does not help if the site has been compromised.. Using complex passwords can get you out of the habit of using the same password over and over once you start letting your password tool generate them for you..

 

I normally create account on new site with easy to remember and type password, then after account created complex it up to normally the max number of characters they allow, etc.

 

You know I would not be surprised if some of these spammers just send random stuff to emails.. When you send out a billion emails in a day - you prob hit on a few combo's of users that used some common password, etc.  And take the bait.. So just with a user list of say 10 million email address... I could send out saying hey I know your password for facebook, and it was p@55word! send me $$ and I won't do xyz..

 

The reason we get spam is the people sending them are not paying for the sending.. When it cost me say 2 minutes of work to send out 10 million emails, even if I only get .001% hit rate for users that fall for it - hey easy money... Until such time that users wise up and stop falling for this nonsense.. There will be spammers trying to take advantage..

 

Here is a funny example of something in my spam folder, was just going through to see if anything mis marked..   How and the F could anyone fall for such nonsense?

 

Just blows my mind that somewhere, someone is thinking they are going to get 45 million dollars???

[Jim K Global Moderator]

Does anyone else have an issue seeing your attachments (sorry, off topic)?  

 

 

 

I also tried with my phone .. on the Sprint mobile (to make sure my router wasn't blocking something) ... but your attachments don't work for me.

 

Right clicking and selecting "Open image in new tab" gives the following error ...

 

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>5EF1CE48A4FDD3F4</RequestId>
<HostId>
VInyw41A+Zzy/aACyc/tHGTkjdwhbL6QHatXMPPfyN+6i1ErbvjK6/bqcw7NQmHS/QY4fNm7T6A=
</HostId>
</Error>

Weird ...

[+BudMan MVC]

Not sure but I am seeing them.. Your not I take it.

 

edit: just opened in another browser and can see them just fine as well.. Thinking maybe its just you..

[Ve7878]

54 minutes ago, BudMan said:

Not sure but I am seeing them.. Your not I take it.

 

edit: just opened in another browser and can see them just fine as well.. Thinking maybe its just you..

No I'm getting the same as @Jim K here.

[adrynalyne]

9 minutes ago, Vince800 said:

No I'm getting the same as @Jim K here.

Ditto. 

[+Matthew S. Subscriber²]

1 hour ago, BudMan said:

Not sure but I am seeing them.. Your not I take it.

 

edit: just opened in another browser and can see them just fine as well.. Thinking maybe its just you..

Looks like there's actually a file permission issue with the neowin cdn...

[devnulllore]

Ok I checked the  https://haveibeenpwned.com/  site and it says I have been compromised by over 30 sites and they want me to buy a password program. What can I do now? Should I notify my service provider?

[+BudMan MVC]

What does your isp have to do with sites you visit having being compromised?

[Jim K Global Moderator]

22 minutes ago, devnulllore said:

Ok I checked the  https://haveibeenpwned.com/  site and it says I have been compromised by over 30 sites and they want me to buy a password program. What can I do now? Should I notify my service provider?

No..your service provider can't do anything about it.

 

Just be sure your passwords are changed (especially if that email you received contained current password(s) or if the compromised sites revealed currently used password(s)).  Just might be time to go through all your logins and update.

[+BudMan MVC]

So exactly - when I look at my email on the pwnd site.. its listed in 6.. one being Adobe, back in 2013

 

Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text.

 

will just list the text vs screenshot, since there might be an issue with screenshots currently?

 

Anywhoo you see that adobe had problem back in 2013, my email address was listed in there.  My ISP has nothing to do with Adobe's lack of security.. Same goes with your ISP and the sites you have accounts on that have been compromised..

 

And sure they might suggest you use password site or software xyz.. Your free to do that if you wish.. Use of password site/software will allow you to use different passwords for each site much easier then you doing it yourself... Nobody can remember complex passwords, especially once you start using different ones on each and every site you have accounts on.. I am guessing you have way more than 30   If all your sites use different passwords - even if one compromised they only gain access to that site account, and not all of yours since your using different passwords on each site.

[devnulllore]

Ok well now I am just concerned about the browser I use. I use the latest version of chrome. How safe is Chrome in these circumstances? 

[+BudMan MVC]

What does your browser have to do with a site being compromised and the sites incompetence at correctly securing their users passwords/info?

 

Nothing you do or run on your end has anything to do with that... You could use a 120 character complex password, doesn't matter if the site stores it in the clear, or in a easy to reverse hash in their DB, and that DB is gotten by someone.

 

The one thing you can do to help mitigate issues when that happens is use different passwords for each site.

edit: Also the other thing you could do is enable 2FA.. So even of the info is compromised - they would also need to be able to do the 2FA.. That is not fullproof either, but it can help - depending on the MFA the site has enabled and how they have it implemented, etc.