Windows 10: Hacking Attack ? or something else

Discus and support Hacking Attack ? or something else in AntiVirus, Firewalls and System Security to solve the problem; Yesterday my machine crashed and rebooted , when I investigated the Minidump I read a message in it "This is the classic "buffer overrun" hacking... Discussion in 'AntiVirus, Firewalls and System Security' started by adeas, Nov 15, 2017.

  1. ADEAS
    adeas Win User

    Hacking Attack ? or something else


    Yesterday my machine crashed and rebooted , when I investigated the Minidump I read a message in it "This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it."

    It also mentions something about a Windows 8 Driver

    Now, I am not able to assess this information in the minidump as I just do not posess those levels of skills and knowlwdge.

    I guess my question is this; Do I need to do anything about this or is liable to be just a one hit wonder ?

    Gigabyte motherboard
    16 Gig Ram
    Intel Processor
    Windows 10
    Windows Firewall
    Anivirus - Windows Defender
    Anti Malware - Malware Bytes Pro
    Router Firewall On

    Here is the Minidump:
    Code: A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and bugcheck call is the one that overran its local variable(s). Arguments: Arg1: 00006780bea282d0, Actual security check cookie from the stack Arg2: 0000d027b95c3a8c, Expected security check cookie Arg3: ffff2fd846a3c573, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 10.0.15063.674 (WinBuild.160101.0800) SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd. SYSTEM_PRODUCT_NAME: To be filled by O.E.M. SYSTEM_SKU: To be filled by O.E.M. SYSTEM_VERSION: To be filled by O.E.M. BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: F14 BIOS_DATE: 01/16/2014 BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd. BASEBOARD_PRODUCT: H77M-D3H BASEBOARD_VERSION: To be filled by O.E.M. DUMP_TYPE: 2 BUGCHECK_P1: 6780bea282d0 BUGCHECK_P2: d027b95c3a8c BUGCHECK_P3: ffff2fd846a3c573 BUGCHECK_P4: 0 SECURITY_COOKIE: Expected 0000d027b95c3a8c found 00006780bea282d0 CPU_COUNT: 8 CPU_MHZ: d40 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3a CPU_STEPPING: 9 CPU_MICROCODE: 6,3a,9,0 (F,M,S,R) SIG: 1B'00000000 (cache) 1B'00000000 (init) BLACKBOXBSD: 1 (!blackboxbsd) CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: 0xF7 PROCESS_NAME: svchost.exe CURRENT_IRQL: 2 ANALYSIS_SESSION_HOST: ALISTAIR-PC ANALYSIS_SESSION_TIME: 11-15-2017 13:35:02.0996 ANALYSIS_VERSION: 10.0.17016.1000 amd64fre LAST_CONTROL_TRANSFER: from fffff8007e25b905 to fffff8007e1ed580 STACK_TEXT: ffffe080`b5fd2f88 fffff800`7e25b905 : 00000000`000000f7 00006780`bea282d0 0000d027`b95c3a8c ffff2fd8`46a3c573 : nt!KeBugCheckEx ffffe080`b5fd2f90 fffff800`7e0ea550 : ffffb684`327cc000 ffffe080`b5fd3010 00000000`00000000 ffffa464`00000000 : nt!_report_gsfailure+0x25 ffffe080`b5fd2fd0 fffff800`7e0ea3fe : 00000000`00000100 ffffb684`327cd8c0 00000000`00000000 ffffe080`b5fd3198 : nt!MiIdentifyPfn+0x100 ffffe080`b5fd30a0 fffff800`7e52de1a : 00000000`00000000 ffffb684`327cd380 ffffb684`327cc000 fffff800`7e0e8763 : nt!MiIdentifyPfnWrapper+0x3e ffffe080`b5fd30d0 fffff800`7e52d92f : ffffb684`2a221080 00000000`00000001 ffffe080`b5fd32b4 ffffb684`327cc000 : nt!PfpPfnPrioRequest+0xca ffffe080`b5fd3150 fffff800`7e52bb8e : 00000000`0000004f ffffa45b`42193e60 000000ae`ad87a008 00000000`00000200 : nt!PfQuerySuperfetchInformation+0x2bf ffffe080`b5fd3280 fffff800`7e52b83b : 00000000`00000000 00000000`00000000 00000000`00000008 000000ae`ad87d250 : nt!ExpQuerySystemInformation+0x22e ffffe080`b5fd3ac0 fffff800`7e1f8413 : ffffb684`2a221080 00000000`00000000 00000000`00000000 00007ff9`f4754d50 : nt!NtQuerySystemInformation+0x2b ffffe080`b5fd3b00 00007ffa`02bf5a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 000000ae`ad879ef8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`02bf5a64 THREAD_SHA1_HASH_MOD_FUNC: 0621696229749f19418dfeecf88f4c3d2bd5058e THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1e0bc3642c40aa307336c381675ee4a94c42db8e THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe FOLLOWUP_IP: nt!_report_gsfailure+25 fffff800`7e25b905 cc int 3 FAULT_INSTR_CODE: cccccccc SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!_report_gsfailure+25 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 59cdf43a IMAGE_VERSION: 10.0.15063.674 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 25 FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure PRIMARY_PROBLEM_CLASS: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure TARGET_TIME: 2017-11-15T01:37:43.000Z OSBUILD: 15063 OSSERVICEPACK: 674 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2017-09-29 17:20:26 BUILDDATESTAMP_STR: 160101.0800 BUILDLAB_STR: WinBuild BUILDOSVER_STR: 10.0.15063.674 ANALYSIS_SESSION_ELAPSED_TIME: db0 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nt!_report_gsfailure FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84} Followup: MachineOwner --------- 6: kd> !blackboxbsd Version: 136 Product type: 1 Auto advanced boot: FALSE Advanced boot menu timeout: 30 Last boot succeeded: TRUE Last boot shutdown: FALSE Sleep in progrees: FALSE Power button timestamp: 0 System running: TRUE Connected standby in progress: FALSE User shutdown in progress: FALSE System shutdown in progress: FALSE Sleep in progress: 0 Connected standby scenario instance id: 0 Connected standby entry reason: 0 Connected standby exit reason: 0 System sleep transitions to on: 3 Last reference time: 0x1d35da598cd4c10 Last reference time checksum: 0x15f1626a Last update boot id: 46 Boot attempt count: 1 Last boot checkpoint: TRUE Checksum: 0x34 Last boot id: 46 Last successful shutdown boot id: 45 Last reported abnormal shutdown boot id: 44 Error info boot id: 0 Error info repeat count: 0 Error info other error count: 0 Error info code: 0 Error info other error count: 0 Power button last press time: 0 Power button cumulative press count: 0 Power button last press boot id: 0 Power button last power watchdog stage: 0 Power button watchdog armed: FALSE Power button shutdown in progress: FALSE Power button last release time: 0 Power button cumulative release count: 0 Power button last release boot id: 0 Power button error count: 0 Power button current connected standby phase: 0 Power button transition latest checkpoint id: 0 Power button transition latest checkpoint type: 0 Power button transition latest checkpoint sequence number: 0 6: kd> kb # RetAddr : Args to Child : Call Site 00 fffff800`7e25b905 : 00000000`000000f7 00006780`bea282d0 0000d027`b95c3a8c ffff2fd8`46a3c573 : nt!KeBugCheckEx 01 fffff800`7e0ea550 : ffffb684`327cc000 ffffe080`b5fd3010 00000000`00000000 ffffa464`00000000 : nt!_report_gsfailure+0x25 02 fffff800`7e0ea3fe : 00000000`00000100 ffffb684`327cd8c0 00000000`00000000 ffffe080`b5fd3198 : nt!MiIdentifyPfn+0x100 03 fffff800`7e52de1a : 00000000`00000000 ffffb684`327cd380 ffffb684`327cc000 fffff800`7e0e8763 : nt!MiIdentifyPfnWrapper+0x3e 04 fffff800`7e52d92f : ffffb684`2a221080 00000000`00000001 ffffe080`b5fd32b4 ffffb684`327cc000 : nt!PfpPfnPrioRequest+0xca 05 fffff800`7e52bb8e : 00000000`0000004f ffffa45b`42193e60 000000ae`ad87a008 00000000`00000200 : nt!PfQuerySuperfetchInformation+0x2bf 06 fffff800`7e52b83b : 00000000`00000000 00000000`00000000 00000000`00000008 000000ae`ad87d250 : nt!ExpQuerySystemInformation+0x22e 07 fffff800`7e1f8413 : ffffb684`2a221080 00000000`00000000 00000000`00000000 00007ff9`f4754d50 : nt!NtQuerySystemInformation+0x2b 08 00007ffa`02bf5a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 09 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`02bf5a64[/quote]

    :)
     
    adeas, Nov 15, 2017
    #1
  2. JAMESHARRIS7
    JamesHarris7 Win User

    Update or Hack Attack

    I’m getting a popup message that says:





    “We’ve got an update for you

    Windows is a service and updates are a normal part of keeping it running securely. We need your help installing this one.”



    Followed by icons for “Restart Now”, “Pick a time”, and “Snooze”.



    Is this a legitimate Windows update or is this a hack attack?
     
    JamesHarris7, Nov 15, 2017
    #2
  3. DAVEM121
    DaveM121 Win User
    Update or Hack Attack

    Hi James, if the popup you are seeing is like the one on the link below, that is a legitimate Update Notification from Microsoft

    The update has already downloaded onto your system and is awaiting installation

    Imgur

    This will be a big update and will take time to install, so pick a time that suits your routine . . .
     
    DaveM121, Nov 15, 2017
    #3
  4. MASTERCHIEFXX17
    Masterchiefxx17 Win User

    Hacking Attack ? or something else

    I'd wait to see if it happens again before diving deeper into the problem.

    Make sure you get all of your drivers from the manufacturer, not some random website.
     
    Masterchiefxx17, Nov 15, 2017
    #4
Thema:

Hacking Attack ? or something else

Loading...

  1. Hacking Attack ? or something else - Similar Threads - Hacking Attack something

  2. False positive? Or something else?

    in Windows 10 Gaming
    False positive? Or something else?: I made the mistake of downloading something that had this virus, and I deleted the files within the folders that were affected by it originally It was a .Zip I extracted, if that matters and re-scanned my computer using Microsoft Defender Antivirus The default one and it said...

  3. Virus, bug or something else ?

    in Windows 10 Software and Apps
    Virus, bug or something else ?: Hi so here is my problemsit started 5 days agoall the problems exept the 3rd :1st : Only 1 app work that mean if I open google chrome it work but if I open like discord, discord won't work, I can't click and I can hardly use my keybord and I need to close google chrome to...

  4. Virus, bug or something else ?

    in Windows 10 Gaming
    Virus, bug or something else ?: Hi so here is my problemsit started 5 days agoall the problems exept the 3rd :1st : Only 1 app work that mean if I open google chrome it work but if I open like discord, discord won't work, I can't click and I can hardly use my keybord and I need to close google chrome to...

  5. Virus, bug or something else ?

    in AntiVirus, Firewalls and System Security
    Virus, bug or something else ?: Hi so here is my problemsit started 5 days agoall the problems exept the 3rd :1st : Only 1 app work that mean if I open google chrome it work but if I open like discord, discord won't work, I can't click and I can hardly use my keybord and I need to close google chrome to...

  6. Malwarebytes Hacked by SolarWinds Attackers

    in AntiVirus, Firewalls and System Security
    Malwarebytes Hacked by SolarWinds Attackers: Excerpts: US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year. Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn't use any of...

  7. Was I hacked or something?

    in Windows 10 Ask Insider
    Was I hacked or something?: I called up Microsoft support because I got this license will expire soon notification. Then the guy told me to open windows powershell admin and type slmgr /ipk then what I think was a product key. Then another slmgr with something else, I can't really remember, I think it...

  8. Corrupt files or something else?

    in Windows 10 Ask Insider
    Corrupt files or something else?: [ATTACH] submitted by /u/keyzeyy [link] [comments] https://www.reddit.com/r/Windows10/comments/e8p9e3/corrupt_files_or_something_else/

  9. Bad CPU or Something Else???

    in Windows 10 Drivers and Hardware
    Bad CPU or Something Else???: Hi all, I am having this issue with an old PC that I was trying to resurrect as an "Internet Browsing/Youtube" computer for our house guest and the specs of the PC is Intel Core 2 X6800 + Asus P5Q (Latest BIOS 2209) + 8GB RAM + 240GB SSD. Installed Windows 10 Pro (1909)...

  10. is this a driver problem or something else

    in Windows 10 Drivers and Hardware
    is this a driver problem or something else: After upgrade from Windows 7 to 10 , the HDMI port on my HP pavilion HPE 1230-c desktop no longer works. Other than buying a new PC (not happening) is there a solution?...