Protect Yourself From Tech Support Scams
July 29, 2020
Protect Yourself From Tech Support Scams
Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary
technical support services. You can help protect yourself from scammers by verifying that the contact is a
Microsoft Agent or
Microsoft Employee and that the phone number is an
Microsoft global customer service number.
The attached DMP file is of the DRIVER_POWER_STATE_FAILURE (9f) bug check.
This bug check indicates that the driver is in an inconsistent or invalid power state.
As opposed to the traditional *9F bug check that we can run an !irp on the 4th bug check parameter to get the device driver that's causing the inconsistent state, with yours a thread was holding a lock, which wasn't released, causing a timeout.
If we run a !thread on the 3rd parameter of the bug check (thread currently holding on to the Pnp lock) we get the following:
6: kd> !thread ffffe000179a6040
GetPointerFromAddress: unable to read from fffff80224b5a000
THREAD ffffe000179a6040 Cid 0004.1848 Teb: 0000000000000000 Win32Thread: 0000000000000000
WAIT: (Executive) KernelMode Non-Alertable
We can see above that what's occurring is the thread is waiting for an event object which happens to be a notification event. Once this completes,
the event objects will switch from non-signaled to signaled, and will release the thread(s) from its waiting state. The thread(s) can then after resume its normal operations.
What we would do at this point is dump the call stack to see what we get, but unfortunately, there's nothing. With this said, we're going to have to do some detective work to find the culprit device driver.
1. Remove and replace avast! with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:
^^ Driver Agent. This software is absolutely terrible and I would never recommending using it and any other 'driver software' out there by ANY means. I'll explain why:
a) The drivers it provides are promised or at least said to be the absolute latest, they are not always.
b) Many of the drivers provided by these softwares are incomplete, buggy, not correct, not the latest (as I said above), etc.
For your drivers, you should always get them from the manufacturers website and never rely on any 3rd party websites, softwares, or Windows Update (Device Manager as well, because Device Manager's 'Update this driver' goes straight to Windows Update's servers
for its drivers).
3. If you're still crashing after the above, let's go ahead and enable Driver Verifier:
What is Driver Verifier?
Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode
components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.
Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
Important information regarding Driver Verifier:
- If Driver Verifier finds a violation, the system will BSOD.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause /
force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:
- Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・ Restart and boot into normal Windows.
How long should I keep Driver Verifier enabled for?
It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.
My system BSOD'd, where can I find the crash dumps?