Earlier this week, a student walked into my office with his Dell XPS 15 9550 in hand. Sometimes his computer would behave, and sometimes, during heavy load, it would die with a CRITICAL_PROCESS_DIED BSOD. Dell’s own recovery DVD image was unable to restore the computer to a working order. The support personnel at Dell suggested using Microsoft’s Media Creation Tool to download a Windows 10 ISO image. Burning the ISO image to a DVD and reinstalling Windows made the computer runnable to some degree. As soon as we installed the WiFi driver, we got that dreaded CRITICAL_PROCESS_DIED BSOD again. Googling for “Dell XPS 15 9550 CRITICAL_PROCESS_DIED” gave results about the NVMe disk device driver being a possible culprit. This issue has existed for almost a year and are hardly isolated to a few instances. Maybe the XPS 15 9550 model suffers from poor choice of hardware components or bad hardware design.
Kryptowire announced on 2016-11-15 the discovery of malware in Android-based smart phones sold by, among others, Amazon US and BestBuy. The malware was allegedly created by Shanghai ADUPS Technology Co., Ltd. Kryptowire claims the malware sends all your text messages, all your contacts, all your call history, etc., to the domain names listed below. The ADUPS company issued a statement claiming its services are simply spam countermeasures.
Kryptowire claims these domain names resolved to the IP address 188.8.131.52.
Today, 2 days later, those domain names resolves to the IP address 184.108.40.206. The domain name rebootv5.adsunflower.com still resolves to the IP address 220.127.116.11. Be sure to adjust your ACLs if you have entered the previously known IP addresses.
A student came to my office today. His browser showed our fronter.com instance protected by a peculiar SSL certificate issued by royalvulkan.com. The norm for fronter.com instances are SSL certificates issued by COMODO CA Limited. The intrusive SSL certificate has a validity period spanning from 1996 to 2056, which is very odd. The certificate probably has a wildcard Common Name, causing it to cover all conceiveable hostnames. I have no idea how this certificate got introduced into our student’s computer. Luckily, Google Chrome spotted the faulty certificate and the student was wise enough to come and see me. Shortly after, I had to leave the student and go to class. I’ll try and update this post if he shows up again with the same problem.
I pondered this issue during the weekend. Maybe the student has somehow activated the proxy setting, sending all his (sensitive) internet traffic to an unknown third party.
I was installing Autodesk Vault Professional 2017 in the wee hours today, and I noticed the Autodesk Network License Manager was installed in C:\Autodesk\Network License Manager. That’s a bit strange when C:\Autodesk has until now been a temporary location for extracting the setup files.
I can confirm moving the files to a saner location like C:\Program Files\Autodesk\Autodesk Network License Manager doesn’t work at all. The NLM simply won’t start and nothing gets logged.
It gets even stranger as one of the LMTOOLS shortcuts wants to run lmtools.exe from the C:\Program Files\Autodesk\Autodesk Network License Manager directory, i.e. the old location. Note, this was done on a newly installed Windows Server.
In short: Be very careful when emptying the C:\Autodesk directory.