Crash Memory Dump

Discussion in 'General Returnil discussions' started by caspian, Jan 25, 2010.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am wondering if this has something to do with Returnil. I keep getting this ever so often. The screen turns blue and it says that windows has been stopped....crash memory dump, or something like that. Is this from downloading more than Returnil can handle? My operating system is Vista 64 bit
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    You could use this tool from Nirsoft to show you the blue screen again and note what is causing the problem.
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am not sure if I have enough knowledge to use this but I will give it a try. Thanks!
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi caspian,
    Please check your system event logs for a critical event at the same time for anything related to RVS. Please let me know the text.

    Thanks
    Mike
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am embarrassed to say that I do not know how to do that. But I will google it and see if I can figure it out. Thanks

    A question though. When I get a crash memory dump while returnil is active, does that nullify the protection that Returnil would ordinarily offer? I mean is everything still returned to normal after restart? Or could malware get through?

    Oh I did notice one ting. Keyscrambler was listed in the blue screen but it just had some numbers listed after it.
     
  6. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    If the virtualization is active, you can verify whether it is still functional in the face of a BSOD by looking in your %system%\Windows\minidump folder. If no minidump file exists for the time of the BSOD, then virtualization is working and why it is often difficult to obtain minidump and kernel memory dump files for analysis.

    This is why I asked you to check for the issue in the Event Viewer. This seems to indicate that the cause of the critical stop is Keyscrambler and not RVS, but it is impossible to say for certain until getting a better look at the error text.

    Mike
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I found the event viewer in the control panel. However, I haven't the slightest idea what I am looking out.

    But I did get an update titled "Windows Vista Hotfix QFE960884 update resolves an issue with the system crashing when a 1394 storage device is connected". I always have my external hard drive connected. And I usually have a USB stick plugged in as well. So I guess that was the problem. Thanks for the input.
     
Thread Status:
Not open for further replies.