Hacking Attack ? or something else


  1. adeas
    Posts : 1
    Windows 10
       New #1

    Hacking Attack ? or something else


    Yesterday my machine crashed and rebooted , when I investigated the Minidump I read a message in it "This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it."

    It also mentions something about a Windows 8 Driver

    Now, I am not able to assess this information in the minidump as I just do not posess those levels of skills and knowlwdge.

    I guess my question is this; Do I need to do anything about this or is liable to be just a one hit wonder ?

    Gigabyte motherboard
    16 Gig Ram
    Intel Processor
    Windows 10
    Windows Firewall
    Anivirus - Windows Defender
    Anti Malware - Malware Bytes Pro
    Router Firewall On

    Here is the Minidump:
    Code:
    A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00006780bea282d0, Actual security check cookie from the stack
Arg2: 0000d027b95c3a8c, Expected security check cookie
Arg3: ffff2fd846a3c573, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
 
Debugging Details:
------------------
 
 
DUMP_CLASS: 1
 
DUMP_QUALIFIER: 400
 
BUILD_VERSION_STRING:  10.0.15063.674 (WinBuild.160101.0800)
 
SYSTEM_MANUFACTURER:  Gigabyte Technology Co., Ltd.
 
SYSTEM_PRODUCT_NAME:  To be filled by O.E.M.
 
SYSTEM_SKU:  To be filled by O.E.M.
 
SYSTEM_VERSION:  To be filled by O.E.M.
 
BIOS_VENDOR:  American Megatrends Inc.
 
BIOS_VERSION:  F14
 
BIOS_DATE:  01/16/2014
 
BASEBOARD_MANUFACTURER:  Gigabyte Technology Co., Ltd.
 
BASEBOARD_PRODUCT:  H77M-D3H
 
BASEBOARD_VERSION:  To be filled by O.E.M.
 
DUMP_TYPE:  2
 
BUGCHECK_P1: 6780bea282d0
 
BUGCHECK_P2: d027b95c3a8c
 
BUGCHECK_P3: ffff2fd846a3c573
 
BUGCHECK_P4: 0
 
SECURITY_COOKIE:  Expected 0000d027b95c3a8c found 00006780bea282d0
 
CPU_COUNT: 8
 
CPU_MHZ: d40
 
CPU_VENDOR:  GenuineIntel
 
CPU_FAMILY: 6
 
CPU_MODEL: 3a
 
CPU_STEPPING: 9
 
CPU_MICROCODE: 6,3a,9,0 (F,M,S,R)  SIG: 1B'00000000 (cache) 1B'00000000 (init)
 
BLACKBOXBSD: 1 (!blackboxbsd)
 
 
CUSTOMER_CRASH_COUNT:  1
 
DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
 
BUGCHECK_STR:  0xF7
 
PROCESS_NAME:  svchost.exe
 
CURRENT_IRQL:  2
 
ANALYSIS_SESSION_HOST:  ALISTAIR-PC
 
ANALYSIS_SESSION_TIME:  11-15-2017 13:35:02.0996
 
ANALYSIS_VERSION: 10.0.17016.1000 amd64fre
 
LAST_CONTROL_TRANSFER:  from fffff8007e25b905 to fffff8007e1ed580
 
STACK_TEXT:  
ffffe080`b5fd2f88 fffff800`7e25b905 : 00000000`000000f7 00006780`bea282d0 0000d027`b95c3a8c ffff2fd8`46a3c573 : nt!KeBugCheckEx
ffffe080`b5fd2f90 fffff800`7e0ea550 : ffffb684`327cc000 ffffe080`b5fd3010 00000000`00000000 ffffa464`00000000 : nt!_report_gsfailure+0x25
ffffe080`b5fd2fd0 fffff800`7e0ea3fe : 00000000`00000100 ffffb684`327cd8c0 00000000`00000000 ffffe080`b5fd3198 : nt!MiIdentifyPfn+0x100
ffffe080`b5fd30a0 fffff800`7e52de1a : 00000000`00000000 ffffb684`327cd380 ffffb684`327cc000 fffff800`7e0e8763 : nt!MiIdentifyPfnWrapper+0x3e
ffffe080`b5fd30d0 fffff800`7e52d92f : ffffb684`2a221080 00000000`00000001 ffffe080`b5fd32b4 ffffb684`327cc000 : nt!PfpPfnPrioRequest+0xca
ffffe080`b5fd3150 fffff800`7e52bb8e : 00000000`0000004f ffffa45b`42193e60 000000ae`ad87a008 00000000`00000200 : nt!PfQuerySuperfetchInformation+0x2bf
ffffe080`b5fd3280 fffff800`7e52b83b : 00000000`00000000 00000000`00000000 00000000`00000008 000000ae`ad87d250 : nt!ExpQuerySystemInformation+0x22e
ffffe080`b5fd3ac0 fffff800`7e1f8413 : ffffb684`2a221080 00000000`00000000 00000000`00000000 00007ff9`f4754d50 : nt!NtQuerySystemInformation+0x2b
ffffe080`b5fd3b00 00007ffa`02bf5a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
000000ae`ad879ef8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`02bf5a64
 
 
THREAD_SHA1_HASH_MOD_FUNC:  0621696229749f19418dfeecf88f4c3d2bd5058e
 
THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  1e0bc3642c40aa307336c381675ee4a94c42db8e
 
THREAD_SHA1_HASH_MOD:  9f457f347057f10e1df248e166a3e95e6570ecfe
 
FOLLOWUP_IP: 
nt!_report_gsfailure+25
fffff800`7e25b905 cc              int     3
 
FAULT_INSTR_CODE:  cccccccc
 
SYMBOL_STACK_INDEX:  1
 
SYMBOL_NAME:  nt!_report_gsfailure+25
 
FOLLOWUP_NAME:  MachineOwner
 
MODULE_NAME: nt
 
IMAGE_NAME:  ntkrnlmp.exe
 
DEBUG_FLR_IMAGE_TIMESTAMP:  59cdf43a
 
IMAGE_VERSION:  10.0.15063.674
 
STACK_COMMAND:  .thread ; .cxr ; kb
 
BUCKET_ID_FUNC_OFFSET:  25
 
FAILURE_BUCKET_ID:  0xF7_MISSING_GSFRAME_nt!_report_gsfailure
 
BUCKET_ID:  0xF7_MISSING_GSFRAME_nt!_report_gsfailure
 
PRIMARY_PROBLEM_CLASS:  0xF7_MISSING_GSFRAME_nt!_report_gsfailure
 
TARGET_TIME:  2017-11-15T01:37:43.000Z
 
OSBUILD:  15063
 
OSSERVICEPACK:  674
 
SERVICEPACK_NUMBER: 0
 
OS_REVISION: 0
 
SUITE_MASK:  272
 
PRODUCT_TYPE:  1
 
OSPLATFORM_TYPE:  x64
 
OSNAME:  Windows 10
 
OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
 
OS_LOCALE:  
 
USER_LCID:  0
 
OSBUILD_TIMESTAMP:  2017-09-29 17:20:26
 
BUILDDATESTAMP_STR:  160101.0800
 
BUILDLAB_STR:  WinBuild
 
BUILDOSVER_STR:  10.0.15063.674
 
ANALYSIS_SESSION_ELAPSED_TIME:  db0
 
ANALYSIS_SOURCE:  KM
 
FAILURE_ID_HASH_STRING:  km:0xf7_missing_gsframe_nt!_report_gsfailure
 
FAILURE_ID_HASH:  {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
 
Followup:     MachineOwner
---------
 
6: kd> !blackboxbsd
Version: 136
Product type: 1
 
Auto advanced boot: FALSE
Advanced boot menu timeout: 30
Last boot succeeded: TRUE
Last boot shutdown: FALSE
Sleep in progrees: FALSE
 
Power button timestamp: 0
System running: TRUE
Connected standby in progress: FALSE
User shutdown in progress: FALSE
System shutdown in progress: FALSE
Sleep in progress: 0
Connected standby scenario instance id: 0
Connected standby entry reason: 0
Connected standby exit reason: 0
System sleep transitions to on: 3
Last reference time: 0x1d35da598cd4c10
Last reference time checksum: 0x15f1626a
Last update boot id: 46
 
Boot attempt count: 1
Last boot checkpoint: TRUE
Checksum: 0x34
Last boot id: 46
Last successful shutdown boot id: 45
Last reported abnormal shutdown boot id: 44
 
Error info boot id: 0
Error info repeat count: 0
Error info other error count: 0
Error info code: 0
Error info other error count: 0
 
Power button last press time: 0
Power button cumulative press count: 0
Power button last press boot id: 0
Power button last power watchdog stage: 0
Power button watchdog armed: FALSE
Power button shutdown in progress: FALSE
Power button last release time: 0
Power button cumulative release count: 0
Power button last release boot id: 0
Power button error count: 0
Power button current connected standby phase: 0
Power button transition latest checkpoint id: 0
Power button transition latest checkpoint type: 0
Power button transition latest checkpoint sequence number: 0
6: kd> kb
# RetAddr           : Args to Child                                                           : Call Site
00 fffff800`7e25b905 : 00000000`000000f7 00006780`bea282d0 0000d027`b95c3a8c ffff2fd8`46a3c573 : nt!KeBugCheckEx
01 fffff800`7e0ea550 : ffffb684`327cc000 ffffe080`b5fd3010 00000000`00000000 ffffa464`00000000 : nt!_report_gsfailure+0x25
02 fffff800`7e0ea3fe : 00000000`00000100 ffffb684`327cd8c0 00000000`00000000 ffffe080`b5fd3198 : nt!MiIdentifyPfn+0x100
03 fffff800`7e52de1a : 00000000`00000000 ffffb684`327cd380 ffffb684`327cc000 fffff800`7e0e8763 : nt!MiIdentifyPfnWrapper+0x3e
04 fffff800`7e52d92f : ffffb684`2a221080 00000000`00000001 ffffe080`b5fd32b4 ffffb684`327cc000 : nt!PfpPfnPrioRequest+0xca
05 fffff800`7e52bb8e : 00000000`0000004f ffffa45b`42193e60 000000ae`ad87a008 00000000`00000200 : nt!PfQuerySuperfetchInformation+0x2bf
06 fffff800`7e52b83b : 00000000`00000000 00000000`00000000 00000000`00000008 000000ae`ad87d250 : nt!ExpQuerySystemInformation+0x22e
07 fffff800`7e1f8413 : ffffb684`2a221080 00000000`00000000 00000000`00000000 00007ff9`f4754d50 : nt!NtQuerySystemInformation+0x2b
08 00007ffa`02bf5a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
09 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`02bf5a64
    Last edited by Brink; 15 Nov 2017 at 19:01. Reason: code box
      My Computer
    Quote Quote

  3. Masterchiefxx17
    Posts : 516
    Windows 10 Professional 64bit
       New #2

    I'd wait to see if it happens again before diving deeper into the problem.

    Make sure you get all of your drivers from the manufacturer, not some random website.
      My Computer
    Quote Quote

 

  Related Discussions
FBI Hacking Warning.
in AntiVirus, Firewalls and System Security

FBI says Russians hacked hundreds of thousands of home and office routers | Technology | The Guardian
Remote hacking
in AntiVirus, Firewalls and System Security

I believe I am being remotely monitored. My task manager spikes whenever this person uses their computer and I have very odd programs running. I have a dell windows 10 upgraded from 7. Can someone lead me thru steps on how to find it and eliminate...
Right that does it... whoever it is from Microsoft that keeps hacking into my PC and removing YTD video downloader - pack it in!
Hey everyone, I am one of the biggest contributors to BleachBit (FOSS rival of CCleaner) and I am trying to hack up a cleaner for Edge. Been looking around some directories for an hour and a half and I stumbled upon the...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 05:08.
Find Us




Windows 10 Forums