DonationCoder.com Software > Post New Requests Here
IDEA: Possible Malware Debug - HW laptop back-light detector
Deozaan:
I don't know exactly what causes it, but sometimes my screens reactivate or the screensaver is interrupted whenever a notification pops up from any program. If I get a text, or email, or IM, or any app shows any notification, it can cause the screen to wake up.
It doesn't always happen, but it happens often enough to be a semi-regular thing on my PC. Maybe your laptop is doing something similar.
Asudem:
My guess is that it is some background process or service that is activating it, perhaps some installed software checking for updates, phoning home, or syncing data.
Maybe Chrome, your antivirus, Windows itself, some browser add-on (if you leave your browser open when you go to sleep), e-mail app checking for new mail, a utility from your laptop manufacturer, other software, etc. It could even be your printer, especially if it's a Canon and you accidentally authorized it to phone home with usage statistics, when you installed the software on your laptop. It could even be one of those Start Menu apps that comes with Windows 10 that displays data in your Start menu, such as weather, news, etc.
-app103 (July 17, 2019, 04:18 AM)
--- End quote ---
I don't know exactly what causes it, but sometimes my screens reactivate or the screensaver is interrupted whenever a notification pops up from any program. If I get a text, or email, or IM, or any app shows any notification, it can cause the screen to wake up.
It doesn't always happen, but it happens often enough to be a semi-regular thing on my PC. Maybe your laptop is doing something similar.
-Deozaan (July 17, 2019, 10:32 AM)
--- End quote ---
I have a problem with my computer, even after a new hard drive "Reach" install of Windows 10, so a fresh Windows 10 install is being used. The problem is that my computer will, at seemingly random points in time during the night, reactivate my screen, after it has powered down.
I would like some kind of recursive diagnostic logger to help identify the cause of this issue down to the executable, daemon, rootkit, malware, or virus this may be.
Note: Only on my Win10 partition do I exhibit random "screen turn on experiences" with nothing in my log files. OpenSUSE Tumbleweed and Ubuntu 14.04.5 Desktop 64bit.
-Asudem (December 24, 2018, 09:19 PM)
--- End quote ---
In my very first post in this thread, I assumed all of this. I just wanted a tool to tell me which thing was doing it!
In somewhat better news, I ran a 40 min ProcMon scan and the screen turned itself on during the logging process. Several hours combing through the scan lead to some interesting findings (and a 3GB log file).
* An entry by svchost.exe frequently used the path "HKLM\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys" with the RESULT as "REPARSE". Jumping to the key lead me to the registry entry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance", which I found to be a bit odd. Looking through the entries I saw that "fAllowFullControl" and "fEnableChatControl" were enabled as "1", even though in my "System Properties" under the "Remote" tab, "Remote Assistance" was disabled. I changed these entries to "0" to disable them, just in case.
* I noticed that Tablet Input was being called a lot in the log file. To my surprise, the service was running with no way to stop it, as all the options were greyed out. I could change the service to "Disabled" instead of "Automatic" but I needed to identify the process ID from svchost.exe and terminate it. Though an easier method in retrospect would have been typing "sc queryex TabletInputService" in an elevated command prompt.
* I can't seem to find too much information on "LockApp.exe" or how it works. But it seems to be at the beginning of all the system calls which were used to turn my screen on. The process appears to be started under my user account and the command line that started the process looks like this ["C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca] I can't seem to find any information regarding what the ServerName switch does.
* In the "Event Properties" for LockApp.exe's listed modules is a "umpdc.dll" located in "C:\Windows\System32\" directory. I sent it to hybrid-analysis for a review. Some of the more suspicious data from the analysis come from the file exports: "PdcSleep", "PdcSleepstudyHelperBlockerActiveDereference", "PdcSleepstudyHelperBlockerActiveReference", "PdcSleepstudyHelperBuildBlocker", and so on.... this is because when I analyzed the SleepStudy log file taken at the exact moment my monitor turned on, all "Process" return "Unknown". It might be something, it might be nothing. I don't know.
After taking the steps above, such as disabling the Remote Assistance registry entries and disabling tablet input, the computer still wakes on its own.
Deozaan:
In my very first post in this thread, I assumed all of this. I just wanted a tool to tell me which thing was doing it!
-Asudem (July 18, 2019, 05:11 PM)
--- End quote ---
My apologies. Nothing I read in your OP indicates that you assumed it was a notification (which could be from any/every application running on your PC!) that kept waking your monitor.
I have a problem with my computer, even after a new hard drive "Reach" install of Windows 10, so a fresh Windows 10 install is being used. The problem is that my computer will, at seemingly random points in time during the night, reactivate my screen, after it has powered down.
I would like some kind of recursive diagnostic logger to help identify the cause of this issue down to the executable, daemon, rootkit, malware, or virus this may be.
Note: Only on my Win10 partition do I exhibit random "screen turn on experiences" with nothing in my log files. OpenSUSE Tumbleweed and Ubuntu 14.04.5 Desktop 64bit.
-Asudem (December 24, 2018, 09:19 PM)
--- End quote ---
Asudem:
My apologies. Nothing I read in your OP indicates that you assumed it was a notification (which could be from any/every application running on your PC!) that kept waking your monitor.
-Deozaan (July 18, 2019, 07:47 PM)
--- End quote ---
Well, some executable/application/program has to send a notification? Right? The "Focus Assist" notifications have never affected my screen-time outs or screen savers. If you can think of any other ways "notifications" appear and can be traced, please enlighten me.
EDIT: Looking at those notifications, each one is very descriptive of what is sending the notification: Microsoft Store, Google Chrome, Windows Security, etc... if it were that easy, I don't think I would have created this thread.
EDIT2: Disabled notifications completely and will see if that yields any results.
EDIT3: If that were the case, however, I have never disabled notifications, and for months this problem has not been happening, just after I updated...
EDIT4: I seem to recall sitting down at my monitor-off computer, jiggling the mouse, seeing the lock screen, then notifications will appear, yes, but it has never woken the screen before.
EDIT5: It seems "ShellExperienceHost.exe" is the executable for Notification/Action Center and I can verify it was running in my process tree for the duration of my 40 min 3GB log file, but it had 0 events associated with it.
ewemoa:
FWIW, according to the following article which discusses LockApp.exe, it can be disabled:
https://www.howtogeek.com/366271/what-is-lockapp.exe-on-windows-10/
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version