Question PC gives random BSOD after allowing a threat in Windows 11 (Wondershare software) — even in Linux it hangs and restarts ?

[stransen007]

Hi there everyone

2 months ago, I allowed a threat in Windows security (A crack from Wondershare I dunno exactly which software of Wondershare that was). Now it gives me random BSOD stop codes like "MEMORY_MANAGEMENT," "Page Fault in Non-Paged Area," and etc..

I believe that threat made my PC this way, because now even in Linux distros, my PC will hang and restart.

I'm guessing maybe that virus is stored in my SSD or maybe in the bios (I've updated the bios and have no chance on it).

MEMORY.DMP

Here are the details of MEMORY.DMP

Spoiler: MEMORY.DMP

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 000000000000888a, Internal memory management structures (likely the PTE or PFN) are corrupt.
Arg2: ffffd08d6d67d1e0
Arg3: ffffe50000030058
Arg4: ffffc200050d8130

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 3015

Key : Analysis.Elapsed.mSec
Value: 3660

Key : Analysis.IO.Other.Mb
Value: 9

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 30

Key : Analysis.Init.CPU.mSec
Value: 311

Key : Analysis.Init.Elapsed.mSec
Value: 86555

Key : Analysis.Memory.CommitPeak.Mb
Value: 97

Key : Bugcheck.Code.KiBugCheckData
Value: 0x1a

Key : Bugcheck.Code.LegacyAPI
Value: 0x1a

Key : Bugcheck.Code.TargetModel
Value: 0x1a

Key : Dump.Attributes.AsUlong
Value: 1000

Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key : Dump.Attributes.ErrorCode
Value: 0

Key : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key : Dump.Attributes.ProgressPercentage
Value: 100

Key : Failure.Bucket
Value: 0x1a_888a_nt!MiHandleTransitionFault

Key : Failure.Hash
Value: {96e3be60-7925-a8c2-9aba-381b0f1145b1}

Key : Hypervisor.Enlightenments.Value
Value: 0

Key : Hypervisor.Enlightenments.ValueHex
Value: 0

Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 0

Key : Hypervisor.Flags.ApicEnlightened
Value: 0

Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1

Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key : Hypervisor.Flags.CpuManager
Value: 0

Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0

Key : Hypervisor.Flags.Epf
Value: 0

Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0

Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 0

Key : Hypervisor.Flags.MaxBankNumber
Value: 0

Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0

Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0

Key : Hypervisor.Flags.Phase0InitDone
Value: 0

Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key : Hypervisor.Flags.RootScheduler
Value: 0

Key : Hypervisor.Flags.SynicAvailable
Value: 0

Key : Hypervisor.Flags.UseQpcBias
Value: 0

Key : Hypervisor.Flags.Value
Value: 16777216

Key : Hypervisor.Flags.ValueHex
Value: 1000000

Key : Hypervisor.Flags.VpAssistPage
Value: 0

Key : Hypervisor.Flags.VsmAvailable
Value: 0

Key : Hypervisor.RootFlags.AccessStats
Value: 0

Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0

Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0

Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0

Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key : Hypervisor.RootFlags.IsHyperV
Value: 0

Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0

Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0

Key : Hypervisor.RootFlags.MceEnlightened
Value: 0

Key : Hypervisor.RootFlags.Nested
Value: 0

Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0

Key : Hypervisor.RootFlags.Value
Value: 0

Key : Hypervisor.RootFlags.ValueHex
Value: 0

Key : SecureKernel.HalpHvciEnabled
Value: 0

Key : WER.OS.Branch
Value: ni_release_svc_prod3

Key : WER.OS.Version
Value: 10.0.22621.2506


BUGCHECK_CODE: 1a

BUGCHECK_P1: 888a

BUGCHECK_P2: ffffd08d6d67d1e0

BUGCHECK_P3: ffffe50000030058

BUGCHECK_P4: ffffc200050d8130

FILE_IN_CAB: MEMORY.DMP

DUMP_FILE_ATTRIBUTES: 0x1000

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME: amdfendrsr.exe

STACK_TEXT:
ffff8001`454a7668 fffff806`84eb2acf : 00000000`0000001a 00000000`0000888a ffffd08d`6d67d1e0 ffffe500`00030058 : nt!KeBugCheckEx
ffff8001`454a7670 fffff806`84cf9726 : ffff8001`454a78e0 ffffd08d`6d67d1e0 ffffc200`050ea190 00000000`00000000 : nt!MiHandleTransitionFault+0x1b8b7f
ffff8001`454a76f0 fffff806`84cff773 : ffff8001`454a78e0 ffffe572`b9403f80 ffffc200`050ea190 00000000`00000000 : nt!MiResolveTransitionFault+0x156
ffff8001`454a77b0 fffff806`84c32e3a : ffff8001`454a78e0 00000000`00000000 ffff8001`454a78b8 00000000`00000000 : nt!MiResolveProtoPteFault+0x7a3
ffff8001`454a7880 fffff806`84c30002 : ffffb08e`a6f0b700 00000000`00000000 00000000`c0000016 00000000`00000000 : nt!MiDispatchFault+0x3ca
ffff8001`454a79c0 fffff806`84e2917e : ffffb08e`a6f4b080 000001fc`2c5b0000 00000000`15a3c000 ffffb08e`a6f0b080 : nt!MmAccessFault+0x152
ffff8001`454a7ae0 00007ff9`093ae20c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x37e
00000048`7a6fe388 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`093ae20c


SYMBOL_NAME: nt!MiHandleTransitionFault+1b8b7f

MODULE_NAME: nt

STACK_COMMAND: .cxr; .ecxr ; kb

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID_FUNC_OFFSET: 1b8b7f

FAILURE_BUCKET_ID: 0x1a_888a_nt!MiHandleTransitionFault

OS_VERSION: 10.0.22621.2506

BUILDLAB_STR: ni_release_svc_prod3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {96e3be60-7925-a8c2-9aba-381b0f1145b1}

Followup: MachineOwner
---------

My Specs.

CPU: Ryzen 3 1200
GPU: RX 570 4GB
Motherboard: Asus Prime B350M-E
RAM: 8GB DDR4
SSD: PNY CS111 240GB

---

---

 

[Colif]

Have you clean installed windows as if that crack is still on PC it could be doing all sorts of damage. Could be cause of BSOD.

I'm guessing maybe that virus is stored in my SSD or maybe in the bios (I've updated the bios and have no chance on it).

most virus don't work on linux. I doubt any work on two different OS. What that does show is its likely hardware and not software to blame.

It could be the ssd if you run both OS offf it?

Windows sees two things as memory: Ram and page file. Page file is on C drive
Page fault in no paged area could be a driver error
two memory related errors could mean drivers, or need to look at ssd.

 

[Bob.B]

Hi there everyone

2 months ago, I allowed a threat in Windows security (A crack from Wondershare I dunno exactly which software of Wondershare that was). Now it gives me random BSOD stop codes like "MEMORY_MANAGEMENT," "Page Fault in Non-Paged Area," and etc..

I believe that threat made my PC this way, because now even in Linux distros, my PC will hang and restart.

I'm guessing maybe that virus is stored in my SSD or maybe in the bios (I've updated the bios and have no chance on it).

MEMORY.DMP

Here are the details of MEMORY.DMP

Spoiler: MEMORY.DMP

3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 000000000000888a, Internal memory management structures (likely the PTE or PFN) are corrupt.
Arg2: ffffd08d6d67d1e0
Arg3: ffffe50000030058
Arg4: ffffc200050d8130

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 3015

Key : Analysis.Elapsed.mSec
Value: 3660

Key : Analysis.IO.Other.Mb
Value: 9

Key : Analysis.IO.Read.Mb
Value: 0

Key : Analysis.IO.Write.Mb
Value: 30

Key : Analysis.Init.CPU.mSec
Value: 311

Key : Analysis.Init.Elapsed.mSec
Value: 86555

Key : Analysis.Memory.CommitPeak.Mb
Value: 97

Key : Bugcheck.Code.KiBugCheckData
Value: 0x1a

Key : Bugcheck.Code.LegacyAPI
Value: 0x1a

Key : Bugcheck.Code.TargetModel
Value: 0x1a

Key : Dump.Attributes.AsUlong
Value: 1000

Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key : Dump.Attributes.ErrorCode
Value: 0

Key : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key : Dump.Attributes.ProgressPercentage
Value: 100

Key : Failure.Bucket
Value: 0x1a_888a_nt!MiHandleTransitionFault

Key : Failure.Hash
Value: {96e3be60-7925-a8c2-9aba-381b0f1145b1}

Key : Hypervisor.Enlightenments.Value
Value: 0

Key : Hypervisor.Enlightenments.ValueHex
Value: 0

Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 0

Key : Hypervisor.Flags.ApicEnlightened
Value: 0

Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1

Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key : Hypervisor.Flags.CpuManager
Value: 0

Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0

Key : Hypervisor.Flags.Epf
Value: 0

Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0

Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 0

Key : Hypervisor.Flags.MaxBankNumber
Value: 0

Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0

Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0

Key : Hypervisor.Flags.Phase0InitDone
Value: 0

Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key : Hypervisor.Flags.RootScheduler
Value: 0

Key : Hypervisor.Flags.SynicAvailable
Value: 0

Key : Hypervisor.Flags.UseQpcBias
Value: 0

Key : Hypervisor.Flags.Value
Value: 16777216

Key : Hypervisor.Flags.ValueHex
Value: 1000000

Key : Hypervisor.Flags.VpAssistPage
Value: 0

Key : Hypervisor.Flags.VsmAvailable
Value: 0

Key : Hypervisor.RootFlags.AccessStats
Value: 0

Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0

Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0

Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0

Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key : Hypervisor.RootFlags.IsHyperV
Value: 0

Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0

Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0

Key : Hypervisor.RootFlags.MceEnlightened
Value: 0

Key : Hypervisor.RootFlags.Nested
Value: 0

Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0

Key : Hypervisor.RootFlags.Value
Value: 0

Key : Hypervisor.RootFlags.ValueHex
Value: 0

Key : SecureKernel.HalpHvciEnabled
Value: 0

Key : WER.OS.Branch
Value: ni_release_svc_prod3

Key : WER.OS.Version
Value: 10.0.22621.2506


BUGCHECK_CODE: 1a

BUGCHECK_P1: 888a

BUGCHECK_P2: ffffd08d6d67d1e0

BUGCHECK_P3: ffffe50000030058

BUGCHECK_P4: ffffc200050d8130

FILE_IN_CAB: MEMORY.DMP

DUMP_FILE_ATTRIBUTES: 0x1000

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME: amdfendrsr.exe

STACK_TEXT:
ffff8001`454a7668 fffff806`84eb2acf : 00000000`0000001a 00000000`0000888a ffffd08d`6d67d1e0 ffffe500`00030058 : nt!KeBugCheckEx
ffff8001`454a7670 fffff806`84cf9726 : ffff8001`454a78e0 ffffd08d`6d67d1e0 ffffc200`050ea190 00000000`00000000 : nt!MiHandleTransitionFault+0x1b8b7f
ffff8001`454a76f0 fffff806`84cff773 : ffff8001`454a78e0 ffffe572`b9403f80 ffffc200`050ea190 00000000`00000000 : nt!MiResolveTransitionFault+0x156
ffff8001`454a77b0 fffff806`84c32e3a : ffff8001`454a78e0 00000000`00000000 ffff8001`454a78b8 00000000`00000000 : nt!MiResolveProtoPteFault+0x7a3
ffff8001`454a7880 fffff806`84c30002 : ffffb08e`a6f0b700 00000000`00000000 00000000`c0000016 00000000`00000000 : nt!MiDispatchFault+0x3ca
ffff8001`454a79c0 fffff806`84e2917e : ffffb08e`a6f4b080 000001fc`2c5b0000 00000000`15a3c000 ffffb08e`a6f0b080 : nt!MmAccessFault+0x152
ffff8001`454a7ae0 00007ff9`093ae20c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x37e
00000048`7a6fe388 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`093ae20c


SYMBOL_NAME: nt!MiHandleTransitionFault+1b8b7f

MODULE_NAME: nt

STACK_COMMAND: .cxr; .ecxr ; kb

IMAGE_NAME: ntkrnlmp.exe

BUCKET_ID_FUNC_OFFSET: 1b8b7f

FAILURE_BUCKET_ID: 0x1a_888a_nt!MiHandleTransitionFault

OS_VERSION: 10.0.22621.2506

BUILDLAB_STR: ni_release_svc_prod3

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {96e3be60-7925-a8c2-9aba-381b0f1145b1}

Followup: MachineOwner
---------

My Specs.

CPU: Ryzen 3 1200
GPU: RX 570 4GB
Motherboard: Asus Prime B350M-E
RAM: 8GB DDR4
SSD: PNY CS111 240GB

---

---

Put a copy of memtest86 on a flash stick.
Boot the stick and let it run.
No errors allowed.

 

[stransen007]

Have you clean installed windows as if that crack is still on PC it could be doing all sorts of damage. Could be cause of BSOD.


most virus don't work on linux. I doubt any work on two different OS. What that does show is its likely hardware and not software to blame.

It could be the ssd if you run both OS offf it?

Windows sees two things as memory: Ram and page file. Page file is on C drive
Page fault in no paged area could be a driver error
two memory related errors could mean drivers, or need to look at ssd.

I've installed windows after that multiple times ( deleting all volumes and installing it).
Maybe the the ssd is the main problem but i dunno how to clean install os on that.

Or as you said a driver cause that.

With all of that... How can i fix the ssd to see if the problem was ssd only ?

 

[stransen007]

Put a copy of memtest86 on a flash stick.
Boot the stick and let it run.
No errors allowe

Put a copy of memtest86 on a flash stick.
Boot the stick and let it run.
No errors allowed.

It's done now.
Siad."Pass complete, no errors , press Esc to exit."

 

[Bob.B]

It's done now.
Siad."Pass complete, no errors , press Esc to exit."

OK that says your ram is in pretty good shape.

Post a sreenshot from ......crystal disk info.....use imgur.com to host the image and provide a link to the image.

 

[stransen007]

OK that says your ram is in pretty good shape.

Post a sreenshot from ......crystal disk info.....use imgur.com to host the image and provide a link to the image.

sreenshot from crystal disk info

 

[Bob.B]

sreenshot from crystal disk info

Nothing there jumps out reseat the sata data cable on both ends and test.

 

[stransen007]

Nothing there jumps out reseat the sata data cable on both ends and test.

I've done it also changed the SATA cable and the socket it was on it.

I will inform if the problem resist.

 

[stransen007]

Nothing there jumps out reseat the sata data cable on both ends and test.

After almost 2 days of no BSOD again it's on the road to give me BSOD.

i dunno maybe as Colif said that maybe it is from hardware. wondering if my psu or another part is broken that causes the BSOD.

​

 

[stransen007]

Have you clean installed windows as if that crack is still on PC it could be doing all sorts of damage. Could be cause of BSOD.


most virus don't work on linux. I doubt any work on two different OS. What that does show is its likely hardware and not software to blame.

It could be the ssd if you run both OS offf it?

Windows sees two things as memory: Ram and page file. Page file is on C drive
Page fault in no paged area could be a driver error
two memory related errors could mean drivers, or need to look at ssd.

What do you think ?

it seems from ssd or maybe a hardware issue. is it a good idea to take it to the pc shop and make a PSU test ?

 

[Colif]

i will see if the dump shows me anything useful

@ubuysa might see more than I can in it


File: MEMORY.DMP (May 17 2024 - 16:14:43)
BugCheck: [MEMORY_MANAGEMENT (1A)]
Probably caused by: memory_corruption (Process: amdfendrsr.exe)
Uptime: 0 Day(s), 0 Hour(s), 03 Min(s), and 50 Sec(s)

So the victim of the crash was AMD Crash Defender which is part of the Radeon drivers.
only 2 actual drivers loaded at time of crash

it crashed 1 minute after loading windows.

You could update BIOS, you 14 versions behind current one.
as far as I can tell, you only need to grab latest and not get any inbetween - https://www.asus.com/us/supportonly/prime b350m-e/helpdesk_bios/
Get latest chipset drivers before updating BIOS
https://www.amd.com/en/support/downloads/previous-drivers.html/chipsets/am4/b350.html

could be the ssd still. Even though it tests well, the cause could be physical and software tests can't see that.
How old is the drive? its been on sale since 2015 so its hard to guess.
You have more hours on it than my drive which is 3 years old.
Also been turned on over 1100 times more. and over double the read and writes of my drive.

no point comparing my other ssd as its only 6 months old.

I would get a newer bigger drive as they cheaper than they were in past. Use that one as storage.

 

[stransen007]

I guess it is from 4 years ago untill now working and maybe the ssd is the issue.

it was working as usual untill one day i ended up randomly getting BSOD now i'm installing B350 chipset driver to see if there is any chance if not i do the BIOS update.