Could malware cause DPC problems?

Last week I discussed RingCube's MojoPac products and threatened this week to look at an OEM implementation of MojoDrive for the paranoid.

That's not going to happen because just as I started to slice and dice the product I got a note saying there is a newer version and my copy would arrive this week. So, until that turns up and I can reschedule, we'll divert ourselves with other IT delights

How about dealing with problems with deferred procedure calls? Again!

Yep, that annoying processor-cycle-consuming problem I have been chasing down over the last several weeks finally reappeared. I'd left the Microsoft RATTV3 utility running (I discussed this tool a few weeks ago) and it showed me the biggest generator of DPCs (56%) was NDIS.SYS, which was also responsible for most of the interrupt service requests (96.21%).

According to Microsoft, NDIS.SYS implements the Network Driver Interface Specification (NDIS) and “has two basic functions: Managing a network adapter, including sending and receiving data through the adapter [and] Interfacing with higher-level drivers, such as intermediate drivers and transport protocol drivers.”

So, what can we conclude from this information? Not much as I have no idea what process is calling the NDIS driver with such enthusiasm. . . . I'm starting to wonder if I might have some kind of malware onboard.

Now, curiously, I was testing a program called Network Magic from Pure Networks that is designed to manage your network connections and resources. The utility's daily performance report showed the machine was generating 50MB of network traffic per hour, which wasn't too surprising as I have all sorts of applications that run continuously. What was odd was the permanent nature of the traffic. This could be a spurious measurement by Network Magic, or my background applications are busier than I know, but it might be the result of malware.

In my first attempt to see if there really was anything dubious in my system I tried Symantec's Norton 360. This package includes antivirus, antispyware, antiphishing, identity protection for Web transactions, and a PC tuneup as well as, I believe, a kitchen sink along with licensing for up to three household PCs for $79.99.

I installed Norton 360 on the desktop as well as on my wife's PC. But Norton got flaky on both machines and decided it had some kind of serious problem that required the software to be uninstalled and then reinstalled. To say that I was surprised is an understatement.

Given there was no guarantee that Norton 360 would work upon re-installing I decided to just follow the first part of the advice and removed it from both machines.

I then ran up AVG Antispyware published by Ewido to see what it thought might be wrong. AVG has now been running for 75 minutes and in the process examined some 397,000 items, which includes code in memory and files on disks. It claims to have found 883 “infected” objects of which 882 are cookies (these can be ignored) and one case of what it claims is adware called “RogueSuspect.”

But I found an admission from Ewido that this is a false positive, and it appears that, even though the company knew about this in June, the current download still hasn't been fixed! [Sound of head being beaten against wall.]

Next week we'll see if we get an early Christmas present and find malware under my XP directory tree.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT