BSOD: Stop error code: 0xF4_smss.exe CRITICAL_OBJECT_TERMINATION

aleksaym

New Member
Crash date: Sun Dec 9 18:32:22.186 2018 (UTC + 5:00)
Stop error code: 0xF4_smss.exe
CRITICAL_OBJECT_TERMINATION
Process name: smss.exe
Probably caused by: Unknown_Image

"SFC /Scannow" - without any problems.

Please help me.
see att: minidumps, and logs, config, etc.. at zip-file
 

Attachments

  • SB-10_12_2018_140923,03.zip
    1.4 MB · Views: 149

kemical

Windows Forum Admin
Staff member
Premium Supporter
Hi,
looking over your dump file driver stack I noticed the apps posted below:

3a753ba.sys Fri Jun 8 02:46:24 2018: This is taken from the driver stack list could be malware.

Please run something like Malwarebytes to check.

aksfridge.sys Thu Jul 11 02:33:17 2013: Relates to a product called Aladin security? It is known for causing bsod's, please remove to test. (or the very least update)

spiderg3.sys Wed May 16 05:29:40 2018: Looks like another security application? Whilst some will run alongside each other nicely other apps can clash.

Try removing them all and just use something like Defender and malwarebytes. See if the bsod's stop.
 

aleksaym

New Member
Hi, kemical

aksfridge.sys - Aladdin HASP for app - 1C. It can't work without this driver.
spiderg3.sys - antivirus Dr.Web
what you think about dwprot.sys? it's dr.web too.
I'll try removing

3a753ba.sys - ?
295c214.sys - in other dump
How can I see the path of this file?
 

kemical

Windows Forum Admin
Staff member
Premium Supporter
How can I see the path of this file?
You could try doing a search but usually drivers which appear like the above is malware.

Do you have any more dump files? The more we see the better really.

Can you give more details on when the bsod occurs (does it coincide with you going online for example or is just random)

Have you recently updated anything?

Third party AV apps are usually a good place to start when tracking down bsod's hence my suggestion.

Did you try the Malwarebytes scan?

Another good AV to scan your system with is Eset's online scanner:
Online Malware Detection
 

aleksaym

New Member
  1. Now, I have 9 dump files (see att).
  2. just random. People work with ONLY one app - 1Cv8 by ViTerminalXP (on win7)
  3. Yes, I recently updated AV app - Dr.Web (from ver.6 to ver.11.5) - 01 dec 2018, and BSOD began everyday! random.
  4. No, I didn't try Malwarebytes scan because I'm afraid conflict with Dr.Web. And I'm afraid that scanning will slow down PC very much.
(people work now).
But I'll try it's possible.
5) Online scanner I'll try too as it's possible.
 

Attachments

  • SERVBUH-11_12_2018_134329,53.zip
    1.6 MB · Views: 130

kemical

Windows Forum Admin
Staff member
Premium Supporter
Yes, I recently updated AV app - Dr.Web (from ver.6 to ver.11.5) - 01 dec 2018, and BSOD began everyday! random.
Try rolling back or remove application entirely.

Thank you for the dump files, I still feel however that Dr Web is the culprit.
 

aleksaym

New Member
  1. ESET Online scanner found "C:\Windows\System32\Tasks\7534351e-f5a2-584f-34001120040e6b58 PowerShell/Agent.AS trojan "
  2. + I run cmd with icacls %WinDir%\Tasks /grant:r *S-1-5-11:RX
(Task Exploit)
3) Dr.Web still working.
Watching...
 

kemical

Windows Forum Admin
Staff member
Premium Supporter
ESET Online scanner found "C:\Windows\System32\Tasks\7534351e-f5a2-584f-34001120040e6b58 PowerShell/Agent.AS trojan "
I would run the scanner a second time just to make sure the trojan has gone.

Any changes regarding the bsod?
 

aleksaym

New Member
I would run the scanner a second time just to make sure the trojan has gone.

Any changes regarding the bsod?
But I have new BSOD. (see att) and I see 3f9f029.sys (like 3a753ba.sys or 295c214.sys ) in this dump
I run the scanner a second time. Result: no problems.
 

Attachments

  • 121318-12183-01.dmp
    312.3 KB · Views: 224

kemical

Windows Forum Admin
Staff member
Premium Supporter
Hi,
dump file is exactly the same as earlier dumps.

The cause of this I'm pretty sure is Dr Web AV. You need to remove it to test this theory plus it's not stopping you from getting infected as the trojan proves.

As I said several times try removing it and using the apps outlined earlier.
 

kemical

Windows Forum Admin
Staff member
Premium Supporter
Your very welcome!

Glad to hear your issue is hopefully resolved but if not please post back.
 
Top