Crash Memory Dump

[caspian]

I am wondering if this has something to do with Returnil. I keep getting this ever so often. The screen turns blue and it says that windows has been stopped....crash memory dump, or something like that. Is this from downloading more than Returnil can handle? My operating system is Vista 64 bit

[Meriadoc]

You could use this tool from Nirsoft to show you the blue screen again and note what is causing the problem.

Quote:

* Automatically scans your current minidump folder and displays the list of all crash dumps, including crash dump date/time and crash details.
* Allows you to view a blue screen which is very similar to the one that Windows displayed during the crash.
* BlueScreenView enumerates the memory addresses inside the stack of the crash, and find all drivers/modules that might be involved in the crash.
* BlueScreenView also allows you to work with another instance of Windows, simply by choosing the right minidump folder (In Advanced Options).
* BlueScreenView automatically locate the drivers appeared in the crash dump, and extract their version resource information, including product name, file version, company, and file description.

[caspian]

I am not sure if I have enough knowledge to use this but I will give it a try. Thanks!

[Coldmoon]

Hi caspian,
Please check your system event logs for a critical event at the same time for anything related to RVS. Please let me know the text.

Thanks
Mike

[caspian]

I am embarrassed to say that I do not know how to do that. But I will google it and see if I can figure it out. Thanks

A question though. When I get a crash memory dump while returnil is active, does that nullify the protection that Returnil would ordinarily offer? I mean is everything still returned to normal after restart? Or could malware get through?

Oh I did notice one ting. Keyscrambler was listed in the blue screen but it just had some numbers listed after it.

[Coldmoon]

Quote:

When I get a crash memory dump while returnil is active, does that nullify the protection that Returnil would ordinarily offer?

If the virtualization is active, you can verify whether it is still functional in the face of a BSOD by looking in your %system%\Windows\minidump folder. If no minidump file exists for the time of the BSOD, then virtualization is working and why it is often difficult to obtain minidump and kernel memory dump files for analysis.

Quote:

Oh I did notice one ting. Keyscrambler was listed in the blue screen but it just had some numbers listed after it.

This is why I asked you to check for the issue in the Event Viewer. This seems to indicate that the cause of the critical stop is Keyscrambler and not RVS, but it is impossible to say for certain until getting a better look at the error text.

Mike

[caspian]

I found the event viewer in the control panel. However, I haven't the slightest idea what I am looking out.

But I did get an update titled "Windows Vista Hotfix QFE960884 update resolves an issue with the system crashing when a 1394 storage device is connected". I always have my external hard drive connected. And I usually have a USB stick plugged in as well. So I guess that was the problem. Thanks for the input.