[SOLVED] Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Container for RESOLVED incidents, queries SOLVED by the experts, EXPIRED topics or those that have been CLOSED by the users.
Canon_Man
Registered user
Registered user
Posts: 34
Joined: Sat, 19 Dec 2015, 17:26

[SOLVED] Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by Canon_Man »

I've run the Cloud feature a number of times, but the ONLY time it would run to completion was immediately after Panda was installed.

When the software runs, Panda Cloud reaches 70%, then sends information to the cloud and receives disinfection instructions from the cloud. Obviously the scan found something, but since it aborts consistently, I'm not sure it ever gets a chance to clean anything.

Firewall is set to allow Panda Cloud, the Proc has full access rights for read / white, so whatever is causing it to crash is beyond me.

Anyone else have this problem?
User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7595
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by VirusBuster »

Does it crash returning an error or just closes?
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them
Canon_Man
Registered user
Registered user
Posts: 34
Joined: Sat, 19 Dec 2015, 17:26

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by Canon_Man »

Just ran Panda Cloud about 2 hours ago. It ran to completion without errors. This is consistent with a fresh install.

Will try it again tomorrow and see if it runs OK.
Canon_Man
Registered user
Registered user
Posts: 34
Joined: Sat, 19 Dec 2015, 17:26

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by Canon_Man »

Panda Cloud aborted this morning after receiving and analyzing the cleaning instructions from the cloud.

Event Viewer records the following:

Faulting application name: PCloudCleaner.exe, version: 1.0.0.1533, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x4b30b5b0
Faulting process id: 0x1764
Faulting application start time: 0x01d19b083df0d167
Faulting application path: C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe
Faulting module path: unknown
Report Id: c347a8e7-eb59-4c38-91ab-2dd5f565377c
Faulting package full name:
Faulting package-relative application ID:

Next entry in the Event log:

Fault bucket 73950343242, type 1
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: PCloudCleaner.exe
P2: 1.0.0.1533
P3: 00000000
P4: StackHash_bdcb
P5: 0.0.0.0
P6: 00000000
P7: c0000005
P8: PCH_A8_FROM_ntdll+0x0007718C
P9:
P10:

Attached files:
C:\Users\Rxxxxx\AppData\Local\Temp\WERF608.tmp.WERInternalMetadata.xml
C:\Users\Rxxxxx\AppData\Local\Temp\WER7471.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PCloudCleaner.ex_8467cd506b2677f5c2df8cf69eaafca16b6e969_3a22406a_cab_0bc675b8\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PCloudCleaner.ex_8467cd506b2677f5c2df8cf69eaafca16b6e969_3a22406a_cab_0bc675b8\triagedump.dmp
WERGenerationLog.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PCloudCleaner.ex_8467cd506b2677f5c2df8cf69eaafca16b6e969_3a22406a_1842bbe8

Analysis symbol:
Rechecking for solution: 0
Report Id: c347a8e7-eb59-4c38-91ab-2dd5f565377c
Report Status: 0
Hashed bucket: cdf0f0bb4f840f7c090351fe7bc361e5

Final entry in Event log once the Application was forced to close:

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: PCloudCleaner.exe
P2: 1.0.0.1533
P3: 00000000
P4: StackHash_bdcb
P5: 0.0.0.0
P6: 00000000
P7: c0000005
P8: PCH_A8_FROM_ntdll+0x0007718C
P9:
P10:

Attached files:
C:\Users\Rxxxxx\AppData\Local\Temp\WERF608.tmp.WERInternalMetadata.xml
C:\Users\Rxxxxx\AppData\Local\Temp\WER7471.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PCloudCleaner.ex_8467cd506b2677f5c2df8cf69eaafca16b6e969_3a22406a_cab_0bc675b8\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PCloudCleaner.ex_8467cd506b2677f5c2df8cf69eaafca16b6e969_3a22406a_cab_0bc675b8\triagedump.dmp
WERGenerationLog.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PCloudCleaner.ex_8467cd506b2677f5c2df8cf69eaafca16b6e969_3a22406a_cab_0bc675b8

Analysis symbol:
Rechecking for solution: 0
Report Id: c347a8e7-eb59-4c38-91ab-2dd5f565377c
Report Status: 100

From WER\ReportQueue:

<?xml version="1.0" encoding="UTF-16"?>
<WERReportMetadata>
<OSVersionInformation>
<WindowsNTVersion>10.0</WindowsNTVersion>
<Build>10586</Build>
<Product>(0x30): Windows 10 Pro</Product>
<Edition>Professional</Edition>
<BuildString>10586.0.amd64fre.th2_release.151029-1700</BuildString>
<Revision>0</Revision>
<Flavor>Multiprocessor Free</Flavor>
<Architecture>X64</Architecture>
<LCID>1033</LCID>
</OSVersionInformation>
<ProcessInformation>
<Pid>2392</Pid>
<ImageName>DsmUserTask.exe</ImageName>
<CmdLineSignature>00000000</CmdLineSignature>
<Uptime>117</Uptime>
<ProcessVmInformation>
<PeakVirtualSize>2199105687552</PeakVirtualSize>
<VirtualSize>2199105163264</VirtualSize>
<PageFaultCount>3738</PageFaultCount>
<PeakWorkingSetSize>9203712</PeakWorkingSetSize>
<WorkingSetSize>9089024</WorkingSetSize>
<QuotaPeakPagedPoolUsage>150616</QuotaPeakPagedPoolUsage>
<QuotaPagedPoolUsage>150440</QuotaPagedPoolUsage>
<QuotaPeakNonPagedPoolUsage>12104</QuotaPeakNonPagedPoolUsage>
<QuotaNonPagedPoolUsage>11544</QuotaNonPagedPoolUsage>
<PagefileUsage>2007040</PagefileUsage>
<PeakPagefileUsage>2125824</PeakPagefileUsage>
<PrivateUsage>2007040</PrivateUsage>
</ProcessVmInformation>
</ProcessInformation>
<ProblemSignatures>
<EventType>PnPGenericDriverFound</EventType>
<Parameter0>x64</Parameter0>
<Parameter1>HID\VID_045E&PID_0745&REV_0634&MI_02&Col04</Parameter1>
</ProblemSignatures>
<DynamicSignatures>
<Parameter1>10.0.10586.2.0.0.256.48</Parameter1>
<Parameter2>1033</Parameter2>
</DynamicSignatures>
<SystemInformation>
<MID>81B87C68-F4BC-4DB1-A7A7-13ADC147FA0C</MID>
<SystemManufacturer>LENOVO</SystemManufacturer>
<SystemProductName>2516CTO</SystemProductName>
<BIOSVersion>6IET85WW (1.45 )</BIOSVersion>
<OSInstallDate>1460707204</OSInstallDate>
<TimeZoneBias>05:00</TimeZoneBias>
</SystemInformation>
<SecureBootState>
<UEFISecureBootEnabled>NotCapable</UEFISecureBootEnabled>
</SecureBootState>
<ReportInformation>
<Guid>ccaabc17-0316-11e6-bf89-f0def14624c7</Guid>
<CreationTime>2016-04-15T14:31:55Z</CreationTime>
</ReportInformation>
</WERReportMetadata>
User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7595
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by VirusBuster »

In order to continue with the study of your incident, Panda Security needs to collect additional data from your computer.

To determine which process is crashing, a post-mortem dump of the computer is needed. To generate this file, please download the document How to generate a post-mortem memory dump, follow the steps indicated and forward the resulting files to us.


In order to send us big files we have developed this tool to make the process easier.

Just download Submit_FILES_To_FTP.exe (641 KB) and run it.

It will request you the following information:

The folder where the files to be sent are stored
Your forum nickname
When this information is entered, click the Submit button and the information will be automatically sent.

Please, after submitting the files to the FTP, make a new post so that we acknowledge that there are new files in the FTP to be taken care of.
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them
Canon_Man
Registered user
Registered user
Posts: 34
Joined: Sat, 19 Dec 2015, 17:26

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by Canon_Man »

I started to create the environment when I noticed that the procedure assumes I'm running Windows 8.

I'm running Windows 10. I found an SDK kit for Windows 10 that is slightly larger than the Windows 8 one referred to in the document.

Also, the screen shots are from an XP machine.

Is this still the correct set of procedures needed to create the Panda environment?

Please advise.
User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7595
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by VirusBuster »

Yes, the procedure in the document is correct, you can even use an older version of WinDbg to generate the postmortem dump if you already have it downloaded
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them
Canon_Man
Registered user
Registered user
Posts: 34
Joined: Sat, 19 Dec 2015, 17:26

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by Canon_Man »

There are a few changes between Win 8 and Win 10, but I did manage to find the directory where 'Windbg.exe' was located. (actually in two different places, including x86)

Stepping through the change directory commands and folders as instructed in the script, did not locate Windbg.exe.

It was found in x64:

C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg -I

From Command prompt it generates the following error:

"Windbg was not successfully installed as the default postmortem debugger. This operation requires administrative priviledges."

I'm the administrator. I checked the '.exe' and it has all rights.

What am I missing?
User avatar
VirusBuster
Official moderator
Official moderator
Posts: 7595
Joined: Mon, 02 Apr 2012, 18:53
Location: Panda HQ - Bilbao

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by VirusBuster »

In Vista and newer operating systems you must run the cmd as Administrator (Right click C:\Windows\System32\cmd.exe - Run as Administrator)
We have requested to update the document
Regards,

Image
Jorge Torre
TechSupport Department - Panda Security

I don't reply to private messages unless I have previously requested them
Canon_Man
Registered user
Registered user
Posts: 34
Joined: Sat, 19 Dec 2015, 17:26

Re: Panda Cloud Aborts at 70% after Receiving Instructions for Disinfection

Post by Canon_Man »

Sorry, I tried, but got the same result.

Cmd.exe appears in a number of folders, primarily as a short cut pointing to cmd.exe.

I right clicked the one in System32, to run as Administrator.

Obviously there is a step missing, or needs to be properly documented for the laymen (like me) to follow.
Locked

Return to “Panda Cloud Cleaner - Archive Issues”