none
虚拟机,安装了windows2008,最近频繁蓝屏0x00000109,请帮忙看下原因,谢谢! RRS feed

  • Domanda

  • Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (32 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`01608000 PsLoadedModuleList = 0xfffff800`0184de90
    Debug session time: Mon Feb 26 11:42:25.233 2018 (UTC + 8:00)
    System Uptime: 0 days 5:41:02.139
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...............
    Loading User Symbols

    Loading unloaded module list
    .........
    The context is partially valid. Only x86 user-mode context is available.
    The wow64exts extension must be loaded to access 32-bit state.
    .load wow64exts will do this if you haven't loaded it already.
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 109, {a3a039d904abf545, b3b7465f572a354f, 5c0000082, 7}

    Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

    Followup: MachineOwner
    ---------

    16.31: kd:x86> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    CRITICAL_STRUCTURE_CORRUPTION (109)
    This bugcheck is generated when the kernel detects that critical kernel code or
    data have been corrupted. There are generally three causes for a corruption:
    1) A driver has inadvertently or deliberately modified critical kernel code
     or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
    2) A developer attempted to set a normal kernel breakpoint using a kernel
     debugger that was not attached when the system was booted. Normal breakpoints,
     "bp", can only be set if the debugger is attached at boot time. Hardware
     breakpoints, "ba", can be set at any time.
    3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
    Arguments:
    Arg1: a3a039d904abf545, Reserved
    Arg2: b3b7465f572a354f, Reserved
    Arg3: 00000005c0000082, Failure type dependent information
    Arg4: 0000000000000007, Type of corrupted region, can be
    0 : A generic data region
    1 : Modification of a function or .pdata
    2 : A processor IDT
    3 : A processor GDT
    4 : Type 1 process list corruption
    5 : Type 2 process list corruption
    6 : Debug routine modification
    7 : Critical MSR modification

    Debugging Details:
    ------------------


    BUGCHECK_STR:  0x109

    DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

    CURRENT_IRQL:  0

    LAST_CONTROL_TRANSFER:  from 0000000000000000 to 0000000000000000

    STACK_TEXT:  
    00000000 00000000 00000000 00000000 00000000 0x0


    STACK_COMMAND:  kb

    SYMBOL_NAME:  ANALYSIS_INCONCLUSIVE

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: Unknown_Module

    IMAGE_NAME:  Unknown_Image

    DEBUG_FLR_IMAGE_TIMESTAMP:  0

    BUCKET_ID:  INVALID_KERNEL_CONTEXT

    Followup: MachineOwner
    ---------
    martedì 27 febbraio 2018 09:14

Risposte

Tutte le risposte

  • 0x00000109 CRITICAL_STRUCTURE_CORRUPTION 表明内核检测到关键的内核代码或数据损坏,内存条不兼容或已损坏,驱动程序及相关软件存在兼容问题。
    宿主机运行是否一切正常?虚拟机运行其它操作系统是否也一切正常?这台虚拟机是在做过什么修改后出现问题的?


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <jianbo.wang>;

    | BugCheck 109, {a3a039d904abf545, b3b7465f572a354f, 5c0000082, 7}
    | Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

    martedì 27 febbraio 2018 12:55
  • 感谢回答,宿主机目前是好的,上面运行的虚拟机暂时也没有报错,这台虚拟机是windows2008,中过一次挖矿病毒,不过目前已经处理,还有什么能进一步检测的工具吗?
    mercoledì 28 febbraio 2018 00:50
  • 那就在确保已经清除病毒的情况下再观察一段时间看看吧。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <jianbo.wang>;

    | 感谢回答,宿主机目前是好的,上面运行的虚拟机暂时也没有报错,这台虚拟机是windows2008,中过一次挖矿病毒,不过目前已经处理,还有什么能进一步检测的工具吗?

    giovedì 1 marzo 2018 13:23
  • 病毒已经杀了,之后,出现了几次蓝屏,您能看出来,除了内存可能有问题,还缺少什么系统文件吗?
    sabato 3 marzo 2018 00:57
  • 看不出来。如果后面几次蓝屏故障代码或 WinDBG 分析信息有变化,请贴出来看一看。

    内存方面可以用 Windows 内存检测工具测试一下稳定性。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <jianbo.wang>;

    | 病毒已经杀了,之后,出现了几次蓝屏,您能看出来,除了内存可能有问题,还缺少什么系统文件吗?
    |

    domenica 4 marzo 2018 11:09
  • 似乎没再蓝过,不过现在再执行工具,直接这个回显了。


    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*c:\temp*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows 7 Kernel Version 7601 (Service Pack 1) MP (32 procs) Free x64
    Product: Server, suite: Enterprise TerminalServer SingleUserTS
    Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
    Machine Name:
    Kernel base = 0xfffff800`01608000 PsLoadedModuleList = 0xfffff800`0184de90
    Debug session time: Mon Feb 26 11:42:25.233 2018 (UTC + 8:00)
    System Uptime: 0 days 5:41:02.139
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    ...............
    Loading User Symbols

    Loading unloaded module list
    .........
    The context is partially valid. Only x86 user-mode context is available.
    The wow64exts extension must be loaded to access 32-bit state.
    .load wow64exts will do this if you haven't loaded it already.
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 109, {a3a039d904abf545, b3b7465f572a354f, 5c0000082, 7}

    Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )

    Followup: MachineOwner
    ---------

    16.31: kd:x86> analyze -v
    *** ERROR: Module load completed but symbols could not be loaded for BAPIDRV64.sys
    *** ERROR: Module load completed but symbols could not be loaded for DsArk64.sys
    *** ERROR: Module load completed but symbols could not be loaded for viostor.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360AntiHacker64.sys
    *** ERROR: Module load completed but symbols could not be loaded for spldr.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360reskit64.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360Box64.sys
    *** ERROR: Module load completed but symbols could not be loaded for dump_viostor.sys
    *** ERROR: Module load completed but symbols could not be loaded for netkvm.sys
    *** ERROR: Module load completed but symbols could not be loaded for vioser.sys
    *** ERROR: Module load completed but symbols could not be loaded for balloon.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360qpesv64.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360netmon.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360FsFlt.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360AntiHijack64.sys
    *** ERROR: Module load completed but symbols could not be loaded for peauth.sys
    *** ERROR: Module load completed but symbols could not be loaded for secdrv.SYS
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for spsys.sys -
    *** ERROR: Module load completed but symbols could not be loaded for 360Sensor64.sys
    *** ERROR: Module load completed but symbols could not be loaded for 360AvFlt.sys
    Couldn't resolve error at 'nalyze -v'

    lunedì 5 marzo 2018 04:16
  • Windows Server 系统还装 360 啊?最好把这破玩意儿卸载了。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <jianbo.wang>;

    | 似乎没再蓝过,不过现在再执行工具,直接这个回显了。
    |

    lunedì 5 marzo 2018 12:06
  • 哈哈,我跟客户说下,谢谢。
    martedì 6 marzo 2018 01:00
  • 嗯嗯,卸载掉,还有其它什么管家大师助手的。电脑装了这些东西,得减一半寿命一半效率。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 <jianbo.wang>;

    | 哈哈,我跟客户说下,谢谢。
    |

    giovedì 8 marzo 2018 14:03
  • 请问,Windows服务器上需不需要安装杀毒软件和防木马软件?安装哪种杀毒软件防木马软件较好?
    venerdì 9 marzo 2018 00:19
  • 微软自家有 MSE(Microsoft Security Essentials)for Windows Server。


    Alexis Zhang

    http://mvp.microsoft.com/zh-cn/mvp/Jie%20Zhang-4000545
    http://blogs.itecn.net/blogs/alexis

    推荐以 NNTP Bridge 桥接新闻组方式访问论坛。

    本帖是回复帖,原帖作者是楼上的 "小油箱"

    | 请问,Windows服务器上需不需要安装杀毒软件和防木马软件?安装哪种杀毒软件防木马软件较好?
    |

    • Contrassegnato come risposta jianbo.wang giovedì 23 gennaio 2020 09:01
    domenica 11 marzo 2018 12:35
  • 感谢感谢
    giovedì 23 gennaio 2020 09:01