12/13/05

Wow, it's been over a moth since I last updated. Well, I guess it's a bit understandable, since in the past month, there hasn't been much going on in my IT world... Until today that is.

To bring everyone up to speed, during the last two weeks, I've been prepping for classroom exams (not Microsoft exams) - which I seem to have passed my classes, but I'm not quite sure what grade I'm getting yet. that'll probably be sometime next week.

I have also started to review some material for the 70-270 exam that I want to take sometime here. But, I've only been watching some 270 prep videos, and even that is pretty sparingly.

But, all of this has been going on for a while now... So why would I be posting now? Well... I was working in SUSE and I saw that my HDD activity light on my Windows 2000 machine (Miki-ni) was solid. Figuring that it was just a virus or spyware scan, I let it be. But, after about an hour or two with no change, I decided to VNC into the machine and see what's up. However, I couldn't VNC. I got a "Unable to connect" error. I decided to just KVM over there, but all I got was a black screen (power save wouldn't disengage) after trying and trying to get a signal --and only getting that little blinking green light, I decided to do hard reboot of the machine. Windows was starting normally, I even started to log into the machine, and that's when it happened:
STOPl 0X0000001E (0xC0000006, 0x77FAA4C2, 0x00000000, 0x77FEABA0)
KMODE_EXCEPTION_NOT_HANDLED
If this is the first time you've seen this....

I did a little research (using SUSE) about "KMODE_EXCEPTION_NOT_HANDLED" errors, and the first link that came up was a Microsoft Knowledge Base article about a virus that was cause KMODE blue screen errors. There were other articles, almost all MS-KB articles, but since almost all of them had to do with a driver update failure or virus, I'm pretty worried, especially since I haven't touched my drivers sine the installation of "Ni" almost a year ago.

I'm also a little worried because when I booted into safe mode, and started working, I kept getting "Unknown Hard Error" and haven't been able to launch any applications. I think I'm going to have to boot into safe-mode command-prompt to see if I can get this one fixed.

*cries* (more updates coming soon on this topic)

Update [ Dec. 13 @ 7:45 AM]
After I booted into safe mode - command prompt only, I was able to work just fine. And since I was running an antivirus scan on my HDD, without error, I think that the "Unknown Hard Error" may not have had anything to do with the hardware on the system at all.

Moving right along though... I ran a full Avast! scan of the system, and used compmgmt.msc to run some basic checks on the system, like defragmentation (just an analysis, I didn't actually defrag the drive).

Avast! did report something odd... A few of my compressed files are marked as decompression bombs. I had herd of this term in passing before, but I've never encountered one on my system -heck, I didn't even know the details of a decompression bomb until I did a google on the term.

To keep this short, it seems that a decompression bomb is a sort of primitive "pandora's box" - what happens when you open pandora's box... A hell of a lot of bad crap pours out, and that's exactly what happens with a decompression bomb... An archive that's only a megabyte or two decompresses into gigabytes and gigabytes of data. How is this possible?
5.5*10^8 = 5,500,000,000
Now, it's easy to see how something like that would work out.... I've got 5,500,000,000 characters, all Xs... My file, which is just a few KB in size can quickly decompress into a file size that is impossible for the operating system or antivirus to handle.

The only problem with me having these decompression bombs, is the fact that they are OLDER FILES... One is the kenshin movie that I downloaded years ago, another is one of my MCSE training videos that I downloaded a few months ago... All of the files are video files, but at different dates. I may just be noticing this now (when the OS BSoDs, it's easy to notice the little things that I've ignored many times before) or it could be that a virus did infect my system and modified those files (this would be unlikely).

So, for now, I'm running chkdsk /x /r on the three harddrives (C 40gb, D 100gb, E 250gb) and once I reboot, I'll be running a boot-time antivirus scan (BTW: the scan on C will take place at boot, instead of with the scans of D and E).

Well, I can be fairly certain of one thing... it really doesn't seem to be a hardware problem, and that is good. But there's still a lot of software issues that I have to check before I can even begin to fix the machine.
chants:
O, Almighty Lords of Computers,
please fix my computer at the next reboot!

[ End of Update ]

No comments: