windows 7 memory dump not working?

[dhdurgee]

Recently I have been getting false positive indications of rootkits in my w7 VM using AVG scan. Per their directions here:

http://forums.avg.com/ww-en/avg-forums? ... how&id=395

I attempted to take a memory dump per the linked article here:

http://support.microsoft.com/kb/244139

Unfortunately, this is NOT working in my w7 VM. Given that one of the keys involved in this was defined as my host key, I changed my host key to be the menu key. This, however, made no difference. What am I missing here? Do you need to modify the guest additions to support this feature? As AVG needs this dump to determine what their tool is detecting I will continue to see these false positives until I can provide them with the neccessary information to correct it.

I am using the latest linux x64 virtual box with the latest guest additions, version 4.1.22 here.

Dave

[mpack]

Neither of those seem to be VirtualBox questions (one is AVG false positive, the other is Win7 finger trouble), so why are you asking about it on the VBox forums?

[dhdurgee]

Neither of those seem to be VirtualBox questions (one is AVG false positive, the other is Win7 finger trouble), so why are you asking about it on the VBox forums?

I am assuming, perhaps incorrectly, that something in the VB environment is resulting in W7 not seeing the right-control scroll-lock-scroll-lock trigger sequence. I was hoping that someone else had encountered the same problem at one point and could tell me what I need to do to accomplish the deed. Of course it is also possible that I am missing something else, as the linked windows article does say "After you enable the feature, you can generate a memory dump file by holding down the right CTRL key and pressing the SCROLL LOCK key two times." Nowhere in this do I see any directions regarding how to enable the feature, so I was assuming it was enable by default. There is also mention of a particular driver, i8042prt.sys, being involved in this. I am unsure how the VB guest additions would interact here, possibly replacing this driver or inserting themselves between it and the user and thus potentially intercepting what it is looking for.

I lack knowledge at a deep enough level to go further myself, so I referred to the forums here in hopes of further clarification of why this is not working. Thank you for any assistance you or others on the forum can offer in advance.

Dave

[Y E T I]

the right ctrl key is used by vbox to facilitate the host key function and this might be your problem. try setting the host key to something else in the vbox preference and see if the ms sequence works. you can always set it back later.

[dhdurgee]

the right ctrl key is used by vbox to facilitate the host key function and this might be your problem. try setting the host key to something else in the vbox preference and see if the ms sequence works. you can always set it back later.

That was also my first thought, but I tried changing the host key to be the menu key and it made no difference.

Dave

[aims]

I needed right "Ctrl" + "Enter". Tried SharpKeys but ended up remapping the "Scroll Lock" key to be the VBox Host key.

That fixed my problem.

It is under File, Preferences, Input, Host Key.

[dhdurgee]

I needed right "Ctrl" + "Enter". Tried SharpKeys but ended up remapping the "Scroll Lock" key to be the VBox Host key.

That fixed my problem.

It is under File, Preferences, Input, Host Key.

Could you please clarify the above for me? What specifically did you set to be the VBox Host key? What specific sequence triggered the memory dump? Thanks for your assistance in this matter. I figured it had to be VBox guest additions doing something, but I lack information you have about how to work around it.

Dave