topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • June 15, 2019, 08:29 PM
  • Proudly celebrating 13 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: IDEA: Possible Malware Debug - HW laptop back-light detector  (Read 2539 times)

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
IDEA: Possible Malware Debug - HW laptop back-light detector
« on: December 24, 2018, 09:19 PM »
I have a problem with my computer, even after a new hard drive "Reach" install of Windows 10, so a fresh Windows 10 install is being used. The problem is that my computer will, at seemingly random points in time during the night, reactivate my screen, after it has powered down.

I would like some kind of recursive diagnostic logger to help identify the cause of this issue down to the executable, daemon, rootkit, malware, or virus this may be.

Note: Only on my Win10 partition do I exhibit random "screen turn on experiences" with nothing in my log files. OpenSUSE Tumbleweed and Ubuntu 14.04.5 Desktop 64bit.
If I do it more than 2 times I want to automate it in C#!
« Last Edit: December 24, 2018, 09:33 PM by Asudem, Reason: More descriptive title »

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,540
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #1 on: December 24, 2018, 10:56 PM »
Are you sure it isn't your mouse sliding, because it is on a surface that isn't level?

Do you know the state of the hardware in the mouse? I have seen older (el cheapo) mouses move the cursor all by themselves when they were connected.Perhaps you don't notice during the day, but at night the hardware in your mouse can "misfire" for a long enough period to activate Windows.

Same is true for wireless mouse/keyboard devices. Some of them start to act weirdly when the batteries have become poor.

In short, a simple process of elimination is likely to produce a much quicker cause for the problem that you experience. Only when your computer is still acting up when you have disconnected all peripherals. It can even be something like your USB mouse/keyboard is supplying too much information than Windows is set to handle. Any operation system can start acting weird with something like that.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #2 on: December 25, 2018, 05:19 AM »
Since you say it's doing it after the computer is powered down the obvious thing to do is also switch off the computer PSU.

If the screen is still doing it then it seems likely that it may be caused by random power fluctuations or something in the monitor itself - obvious solution is to turn it off.

If it stops doing it then it's possibly getting random signals over the monitor lead from the gfx card that cause it to wake up. Try a different lead, (shielding maybe a factor), rerouting it away from power leads, etc.

Or the simple solution, turn the monitor off.

The Event Log on the computer will show if it's the computer powering on at random times which causes the monitor to wake up.
If the monitor is lighting up without the computer being on then it's a hardware issue.

magician62

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 153
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #3 on: December 25, 2018, 06:52 AM »
Is the machine set to shut down or hybrid hibernate which is the default on W10. If the latter it's not something like  a Wake on LAN or Wake on USB?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 39,302
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #4 on: December 25, 2018, 09:04 AM »
It might also be some service like the update service, causing your pc to power on at certain times to check for updates.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #5 on: December 25, 2018, 09:17 AM »
In short, a simple process of elimination is likely to produce a much quicker cause for the problem that you experience. Only when your computer is still acting up when you have disconnected all peripherals. It can even be something like your USB mouse/keyboard is supplying too much information than Windows is set to handle. Any operation system can start acting weird with something like that.

Hmm, yes. This starts after the monitor has entered it's power-down state while my laptop remains powered on. I can try turning off the wireless mouse at night. I haven't thought of that one.

Or the simple solution, turn the monitor off.
Well, you'd think that. This is a laptop setup, in which the PSU and monitor are all wedged into one chassis (so to speak), and even using a softswitch (the FN keys) to turn off the monitor, it does power itself back on at random times when I am trying to sleep.

Is the machine set to shut down or hybrid hibernate which is the default on W10. If the latter it's not something like  a Wake on LAN or Wake on USB?

I'm really hoping it's not a wake up on either of those! Nothing should ping awake my hardware when I'm not at it! lol

It might also be some service like the update service, causing your pc to power on at certain times to check for updates.
I've also considered this, but the event logs from checking for updates (at least Window logs) do not match the times of the random powerons.

For the easiest pebuak solution, I will try turning off my wireless mouse.
If I do it more than 2 times I want to automate it in C#!

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #6 on: December 25, 2018, 05:37 PM »
It does it even when the lid is closed?

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #7 on: December 26, 2018, 02:12 PM »
It does it even when the lid is closed?
My laptop has a hard switch for detecting if it is closed or open, but it is currently set at the Windows software level to hibernate if that happens (apparently, I never close my lid). I have not powered off my mouse yet and I do believe it did light up on its own again, but I have to wonder if it really is the mouse. Although they are different OSes, the OpenSUSE partition, if left on all night, it doesn't seemingly power my screen on if it turns off.

This may just be a mystery left unsolved, but I would still like to theorize at what level could something like this be detected? For example, what is it that Windows constantly looks at to know that it should or should not have the screen in a powered state and what programs can have access to this outside of the API level, such as being used through a .NET call programmed specifically for that rather than the near assembly level instruction that actually takes care of the power on/offs. Surely Function Key suites for laptop need access to this level of hardware for the soft switches of turning off/on the screen. I'm very curious.
If I do it more than 2 times I want to automate it in C#!

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #8 on: December 28, 2018, 11:58 AM »
Bumping with new info: With mouse disabled, the backlight is turning on and back off at times not designated by Windows.
If I do it more than 2 times I want to automate it in C#!

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,540
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #9 on: December 29, 2018, 02:51 PM »
Perhaps with a tool like this you are able to find out what instance of software is making your monitor light up.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #10 on: December 29, 2018, 09:57 PM »
Going back to the OP:

The problem is that my computer will, at seemingly random points in time during the night, reactivate my screen, after it has powered down.

If this is correct then it's a hardware issue - reactivating the screen is not the same as powering up and booting into an OS.
What do you mean by "reactivate" the screen?
Turn the backlight on or something more?
How old is this laptop?

Unplug the charger if it's plugged in - this will remove any transient mains power event from affecting the laptop circuits.
Close the lid - besides sending a signal to Windows this sometimes disconnects the backlight via hardware, (depends on the design).

To clarify, what do you mean by powered down?

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #11 on: December 30, 2018, 03:06 PM »
Perhaps with a tool like this you are able to find out what instance of software is making your monitor light up.
I will investigate this software to see if it can't help trace the problem down, thanks!
Going back to the OP:
...
To clarify, what do you mean by powered down?

Good question, I should have been more specific: In Power Management, you are given a power option for when you would like your screen turned off at what I assume is the hardware level:
explorer_q4ewEpIpyl.pngIDEA: Possible Malware Debug - HW laptop back-light detector

Once my afk has been detected for 5 minutes, I expect my screen to soft-power-down, meaning the lcd pixels and backlighting are turned off on my laptop monitor. I also do not expect the screen to resume until such input behavior is received from only my mouse or keyboard. My linux distros follow these rules similarly without power restoring to my monitor unexpectedly.
If I do it more than 2 times I want to automate it in C#!

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #12 on: December 30, 2018, 07:55 PM »
Good question, I should have been more specific: In Power Management, you are given a power option for when you would like your screen turned off at what I assume is the hardware level:
[ Invalid Attachment ]

Once my afk has been detected for 5 minutes, I expect my screen to soft-power-down, meaning the lcd pixels and backlighting are turned off on my laptop monitor. I also do not expect the screen to resume until such input behavior is received from only my mouse or keyboard. My linux distros follow these rules similarly without power restoring to my monitor unexpectedly.

Much better - so just the normal Windows Display off function and not "powered down".

BTW, "reactivate" the screen = turn the backlight on (with no signal, eg. no Desktop) or completely wake the screen, ie. normal backlight/Desktop ?

Asking because my computer has two monitors connected, when Windows turns the display off one monitor will go into standby, the other monitor display will go black but the backlight is still on.

Are you running the latest chipset/graphics drivers?
Besides a mouse, what other peripherals do you have connected and have you tried disconnecting them all (if you have any)?

Something else to try, turn the display off manually using NirCmd (nircmd.exe monitor off) and see if it wakes up.
« Last Edit: December 30, 2018, 08:40 PM by 4wd »

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #13 on: January 01, 2019, 11:58 AM »
BTW, "reactivate" the screen = turn the backlight on (with no signal, eg. no Desktop) or completely wake the screen, ie. normal backlight/Desktop ?
...
Something else to try, turn the display off manually using NirCmd (nircmd.exe monitor off) and see if it wakes up.
Reactivate = normal backlight/desktop

Latest graphics and chipset drivers.

After nircmd was used to power down the monitor, it was powered up unexpectedly again.

All I have left is my external audio card (wireless headset), my keyboard, 2 external drives, and an external BD drive. I could unplug those too but I doubt those units could also be powering the monitor off as well as back on.
If I do it more than 2 times I want to automate it in C#!

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,540
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #14 on: January 01, 2019, 01:58 PM »
Keyboard can. And if the external drives came with driver and/or back-up software, those could trigger Windows to become active again.

Wireless headset uses BlueTooth? That sure can re-activate the audio system from Windows again when battery level from the wireless headset goes below a certain level. Same can be true with a wireless keyboard that uses Bluetooth.

The external BD device is the least suspect. The process of elimination to find the suspect device really requires you to disconnect everything from your laptop. Not just the devices that you think is logical.

Because this problem is playing long enough to make a thread for it on this forum, I think it is safe to assume that we are (long) past the stage of applying the logic that already has been applied and didn't solve your problem.

So, disconnect everything external, cut power to any of them, keeping all of them out of Bluetooth range, etc. If your laptop still activates at random, you can be sure that it something in your Windows installation or the hardware of your laptop and not something external. Right now it is unclear (to me) what is connected and what not. So better start from the most essential setup to get a good bearing of where to look for your problem.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #15 on: January 01, 2019, 02:23 PM »
Keyboard can. And if the external drives came with driver and/or back-up software, those could trigger Windows to become active again.
If my keyboard is phantom stroking itself off at 2 or 4 in the morning when I am trying to sleep I will be pissed. Also, note, I said it does not happen in other OSes.

No backup software or drivers to my knowledge outside whatever MS provides with Win10.

Wireless headset uses BlueTooth?
RF receiver, which blinks when deactivated and stays lit when activated. It has never stayed lit when the monitor has powered back on, or if it has, the headset itself would be plugged into a power outlet and is just broadcasting silence. The random on/off of my screen has been observed in both states.

Not just the devices that you think is logical.
Turning the machine off to avoid the issue is a logical fix. This disconnects all power. I am not looking for logic. I am looking to find the answer.

Logic would imply I would be staring at my screenless laptop while all items are disconnected through countless nights of waiting for the issue to happen, and then it happens, then I have nothing other than a confirmation some process in Windows is causing this. As I have stated before, no other OSes do this.

Logic would also imply these devices cannot turn the screen back off at a non-designated Windows time (5 min), and yet, the light can turn off in anywhere from 5 sec after turning on to 2 min after turning on.

Logic does not explain that any of these devices could also cause the screen to power down.

EDIT: One minor note, I am experiencing what appear to be unrelated power fluctuations on the circuit in my house with lights flashing as well. This behavior as observed on my laptop is as follows:
The laptop detects a power drop and momentarily enters battery mode, in which it has a different set of rules to follow for powering the monitor off and the event is logged as a "power unplugged" event. When power is restored to the laptop, usually within a few moments, the backlight will kick into full brightness under the "plugged in" profile, and will recognize (somehow) the monitor should be in the powered off state, as its states was never cleared properly when it was plugged in, and will turn off my monitor once again. This is observed and consistent behavior.

EDIT2: I feel that this is the closest answer I can find to monitor power on/off behaviors.
If I do it more than 2 times I want to automate it in C#!
« Last Edit: January 01, 2019, 03:01 PM by Asudem »

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #16 on: January 01, 2019, 05:14 PM »
You could try setting the screensaver timeout the same as display off timeout and then watch for Event ID 4802 and 4803 in the Security Eventlog.

It may give info about the calling process, it may not - most likely not but it's something to try.

See here:
https://superuser.co...cmd-upon-screensaver

The other obvious question is:
When did you first notice it happening, (and does it coincide with anything else, eg. software install, power fluctuations)?

eg. Until I recently decided to uninstall ~20 programs I no longer use, my computer would not go into Sleep mode, something I had become used to.
Now it does again.

Another experiment, instead of just getting it to turn the display off, have it also Lock the computer.
This will require physical interaction with the mouse or keyboard to have the display turn on.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #17 on: January 01, 2019, 05:52 PM »
I like the idea of creating a log entry when the screensaver times out, that's very clever. I don't have gpedit as I don't have pro but you may be onto something.

EDIT: Oh, what? Event IDs 4802 and 4803 do not appear in my event logs even when manually activated...  :o

When did you first notice it happening, (and does it coincide with anything else, eg. software install, power fluctuations)?
It first started doing this on my machine sometime at the beginning of last year, so about a year ago now. The house power fluctuations are more recent, the beginning of Winter 2018. I can only monitor what I am awake for and it only happens in the dark, all lights off, and when I am in bed. It is quite possible the process knows this through some sort of malware hijacking my cam, as the monitor never shuts off by itself while being used. However, no such exe was found using my webcam when I had Avast Pro's webcam anti-spy thing, there was no activity logged but I was still suspicious.
eg. Until I recently decided to uninstall ~20 programs I no longer use, my computer would not go into Sleep mode, something I had become used to.
Now it does again.
It did this the night of the fresh Win10 install on a new hard drive about a month ago. So it survived an entire Hard Drive and OS clean install. Again, left overnight, no forms of Linux seem affected.

Another experiment, instead of just getting it to turn the display off, have it also Lock the computer.
This will require physical interaction with the mouse or keyboard to have the display turn on.
It's worth a shot, but I highly doubt this will affect it in any manner.

EDIT: I can't seem to find a "require login on wake" setting, but I do find a "allow wake timers" which might not have been modified on my old machine and was set to "important only", and I have now set it to "disabled". I have also set the "Screen Saver" to "none" and require login after the same amount of time as the power management to turn off my monitor.

However: None of this can explain what turns my monitor back off after turning it on.

EDIT2: Found this in my security audit. Should I be concerned? Why would chome.exe be in there while I'm using it to read this reply?
Spoiler
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          1/1/2019 4:38:40 PM
Event ID:      4798
Task Category: User Account Management
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      DESKTOP-GHRIIHN
Description:
A user's local group membership was enumerated.

Subject:
   Security ID:      DESKTOP-GHRIIHN\bigge
   Account Name:      bigge
   Account Domain:      DESKTOP-GHRIIHN
   Logon ID:      0x1E8E43D2

User:
   Security ID:      DESKTOP-GHRIIHN\bigge
   Account Name:      bigge
   Account Domain:      DESKTOP-GHRIIHN

Process Information:
   Process ID:      0x24e4
   Process Name:      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Event Xml:
<Event xmlns="http://schemas.micro...2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>4798</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>13824</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8020000000000000</Keywords>
    <TimeCreated SystemTime="2019-01-02T00:38:40.791620000Z" />
    <EventRecordID>16146</EventRecordID>
    <Correlation ActivityID="{4e25fc43-9d83-0005-52fc-254e839dd401}" />
    <Execution ProcessID="868" ThreadID="15548" />
    <Channel>Security</Channel>
    <Computer>DESKTOP-GHRIIHN</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="TargetUserName">bigge</Data>
    <Data Name="TargetDomainName">DESKTOP-GHRIIHN</Data>
    <Data Name="TargetSid">S-1-5-21-1929593028-2655745888-1613840321-1001</Data>
    <Data Name="SubjectUserSid">S-1-5-21-1929593028-2655745888-1613840321-1001</Data>
    <Data Name="SubjectUserName">bigge</Data>
    <Data Name="SubjectDomainName">DESKTOP-GHRIIHN</Data>
    <Data Name="SubjectLogonId">0x1e8e43d2</Data>
    <Data Name="CallerProcessId">0x24e4</Data>
    <Data Name="CallerProcessName">C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</Data>
  </EventData>
</Event>

If I do it more than 2 times I want to automate it in C#!
« Last Edit: January 01, 2019, 06:43 PM by Asudem »

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #18 on: January 01, 2019, 10:26 PM »
Again, left overnight, no forms of Linux seem affected.

Saying that Linux is unaffected is pretty close to pointless as Linux won't be affected unless it is a physical hardware issue, (eg. intermittent contact in the keyboard), as that is the only common ground between Linux and Windows.

It would have relevance if Linux used the same drivers and ran the same processes ... but then it would be Windows.  So it still doesn't exclude peripherals from the equation.

It did this the night of the fresh Win10 install on a new hard drive about a month ago. So it survived an entire Hard Drive and OS clean install.

In the absence of information, can we assume that most, if not all, of the Windows telemetry has not been disabled?

Considering this has been occurring since OS installation and the amount of crap that Windows collects and sends back to Microsoft at who knows what times, it might be related to that.

EDIT2: Found this in my security audit. Should I be concerned? Why would chome.exe be in there while I'm using it to read this reply?

It's Google, they along with Microsoft want to collect everything about you, this is common knowledge - since you've knowingly installed Chrome I would have thought you'd expect to see it's grubby little feet trampling through your machine  :)

Event ID 4798

But if it makes you feel easier, I'm not seeing anything like that for Vivaldi, Iridium, or Slimjet - all based on the same source code.  I don't use any type of browser account for syncing, bookmarks, passwords, etc - so who knows, it may be related to that.

However: None of this can explain what turns my monitor back off after turning it on.

Find what's turning it on since the second event can't happen without the first event.
« Last Edit: January 01, 2019, 10:43 PM by 4wd »

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #19 on: January 01, 2019, 11:49 PM »
It would have relevance if Linux used the same drivers and ran the same processes ... but then it would be Windows.  So it still doesn't exclude peripherals from the equation.
Interesting. So you're saying it would be at the driver level anyway if any tampering would be had, and not by faulty hardware. Alright, I can buy that. I thought people were trying to argue that the hardware itself was doing it, not the drivers. This makes more sense.

In the absence of information, can we assume that most, if not all, of the Windows telemetry has not been disabled?
Initially, yes. I have since run Blackbird and disabled (seemingly all telemetry. It has done the on/off thing since this.


It's Google, they along with Microsoft want to collect everything about you, this is common knowledge - since you've knowingly installed Chrome I would have thought you'd expect to see it's grubby little feet trampling through your machine  :)

Google has a big enough footprint on me that I've become rather comfy knowing if I'm suddenly wanted for murder or something, their activity could just prove I was on the toilet while the crime was committed or whatever. Microsoft, meh, but to see chrome itself as an executable accessing what is essentially the area of Windows in which users are authenticated is a little shocking. I'm not fully alarmed by it, but it is quite the unexpected appearance.

Find what's turning it on since the second event can't happen without the first event.

That's why I created this thread and hoped some sort of ProcMon like software existed or could exist, to diagnose this issue. The program Shades mentioned might be able to help out there, but if only I can figure out how to utilize it. Hmm....

Going to unplug everything but power and wifi tonight, see if it happens again.
If I do it more than 2 times I want to automate it in C#!

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #20 on: January 02, 2019, 12:33 AM »
I thought people were trying to argue that the hardware itself was doing it, not the drivers.

Due to the "murkiness" of the original post, eg. "powered down" as opposed to Windows turning the display off.  ;)

First step should still be remove all peripherals, mice, RF transceivers, external HDDs, etc, etc - so we'll see what happens.

That's why I created this thread and hoped some sort of ProcMon like software existed or could exist, to diagnose this issue.

There's also Sysmon which will log to the Event Log.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #21 on: January 02, 2019, 12:43 AM »
I thought people were trying to argue that the hardware itself was doing it, not the drivers.

Due to the "murkiness" of the original post, eg. "powered down" as opposed to Windows turning the display off.  ;)

First step should still be remove all peripherals, mice, RF transceivers, external HDDs, etc, etc - so we'll see what happens.

That's why I created this thread and hoped some sort of ProcMon like software existed or could exist, to diagnose this issue.

There's also Sysmon which will log to the Event Log.

I will be doing this, and also using a NANY 2019 app from Mouser! Gonna let it run all night!
If I do it more than 2 times I want to automate it in C#!

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,199
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #22 on: January 02, 2019, 01:23 AM »
How to check monitor state

Possible take the code, loop it every minute with the result being output to a text file with a timestamp - this might enable you to narrow down any possible culprit in Eventlog, etc.

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #23 on: January 02, 2019, 02:40 AM »
Ooooh, fancy that! Nice find, thanks much!  :Thmbsup:

EDIT: It's nearly 3am and I just want this batch processing to finish so I can disconnect everything. The Laptop Buyers Remorse is really real tonight folks...

EDIT2: I didn't sleep, and no, it never turned on. I guess I'll try again before I actually fall asleep.
If I do it more than 2 times I want to automate it in C#!
« Last Edit: January 02, 2019, 09:47 AM by Asudem »

Asudem

  • Member
  • Joined in 2015
  • **
  • Posts: 119
  • C# data manipulation junkie
    • View Profile
    • Donate to Member
Re: IDEA: Possible Malware Debug - HW laptop back-light detector
« Reply #24 on: February 17, 2019, 09:45 AM »
It just turned itself on again by itself this morning. I don't think there's a possible way to diagnose this according to you guys other than blaming drivers or peripherals.  :(
If I do it more than 2 times I want to automate it in C#!