Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen after installing a driver


  • Please log in to reply
12 replies to this topic

#1 Diegno

Diegno

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 26 August 2010 - 07:12 AM

My computer had a virus that disabled all network adapters. So with the help of google, I found that replacing the ndis.sys driver may solve the problem. After placing a new ndis.sys in System32 and rebooting once, the computer just reboots every time it reaches the XP splash screen, even if I choose Safe Mode.
After disabling auto-reboot on system failure, I received this error:
***STOP: 0x0000007E (0xC0000005, 0x80599ED1, 0xF8484826A4, 0XF84823A0)
Machine was running fine before the driver, not counting the network adapters.

With the help of google again, it appears that a Recovery Console repair install is the best option, but I thought I'd ask around. Any help is appreciated.

(Edit) To whom it may concern: this is a second PC, separate from the one mentioned in my Malware forum post.

Edited by Diegno, 26 August 2010 - 09:25 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,548 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:59 AM

Posted 26 August 2010 - 08:37 AM

Replacing system files...is no cure for problems arising from malware. Ditto for the XP Recovery Console.

The malware problem needs to be addressed/neutralized first and foremost...before trying to move on.

Has the malware problem been addressed properly?

Louis

#3 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 26 August 2010 - 04:27 PM

Sorry, I replaced the system file after running MBAM and Spybot S&D. I have to assume there are still infections, but I'm not seeing any symptoms while working in Safe Mode. My main goal by replacing it was to regain network access so I could research, and update programs like MBAM easier.

Now the issue is that I can't even boot Windows. Choosing Safe Mode, Start Normally, and Last Working Configuration all lead to the same reboot.

Any advice?

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,548 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:59 AM

Posted 26 August 2010 - 05:00 PM

I will ask one of our Malware Team to have a look. BC maintains an Unbootable Computer thread for situations similar to yours.

Just have patience and someone from the MRT will attempt to help sort this out.

Be patient :thumbsup:.

Hamluis.

#5 Synetech

Synetech

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:59 PM

Posted 26 August 2010 - 09:33 PM

Where did you get that copy of NDIS.SYS? Did you remove the virus before restoring the file?
****** *** ****** * ****; * ***** **** ** *** **** ******* *** ****** ************ ****.

-- Synetech

#6 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 26 August 2010 - 09:57 PM

I took the ndis.sys from another XP PC, and used a flash drive to transfer it.

I honestly can't say if the virus was completely gone before I replaced it. MBAM removed about 800 infections, although some of that was Adware. With those kinds of numbers, somehow I doubt it was 100% removed. But I can't be sure either way. Is there some way to know for sure if a virus is gone?

My main goal was to repair the network adapters so I could properly address the virus/malware issue, after doing all I could to remove them myself without internet access or professional help.

#7 Synetech

Synetech

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:59 PM

Posted 26 August 2010 - 10:38 PM

Do the service pack levels of the two systems match? That is, are the problem system and the other system that you got the file from both XP SP3 (or SP1/SP2/etc.)?
****** *** ****** * ****; * ***** **** ** *** **** ******* *** ****** ************ ****.

-- Synetech

#8 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 26 August 2010 - 10:45 PM

Both SP3, but I think one is XP Pro, the computer that won't boot.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,578 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:59 PM

Posted 27 August 2010 - 06:20 AM

After placing a new ndis.sys in System32 and rebooting once, the computer just reboots every time it reaches the XP splash screen, even if I choose Safe Mode.

There are a few things wrong with this statement, which proves that it is never a good idea just try solutions found on google that were meant for someone else.

First of all, ndis.sys is located in the Drivers folder, not in System32.

Second, this BSOD can be caused by any driver that is related to disk management.

There are a few ways we can investigate which file is missing. In order to see which one is best fit here, please let me know if you have an XP CD at hand.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 27 August 2010 - 03:27 PM

Thanks for the replies, all.

Adding the driver caused the problem, so I felt removing the driver would solve it. Last night I used the Recovery Console to delete the driver manually, and my PC booted afterwards.

The network adapters are still disabled due to "corrupted or missing" drivers, and I also realized many System Tools are disabled, such as a missing rstrui.exe for System Restore. Should I make a new topic for those?

@Elise: I don't have the original XP CD, only an ISO of the Recovery Console.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,578 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:59 PM

Posted 27 August 2010 - 03:44 PM

Click Start > Run and type sfc /scannow. Press enter.

However, you most likely will be prompted for your XP CD. It will be very hard to recover your system without it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 Diegno

Diegno
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:59 PM

Posted 27 August 2010 - 04:06 PM

A popup says "Windows cannot find 'sfc'. Make sure you typed the name correctly, and then try again."

Actually, this PC has been packed away for a while, along with all the software. I can check through some boxes for the XP CD, but I'm just not sure. I'll look for that tonight, but if I can't find it, are there any other options?

Thanks for the help.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,578 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:59 PM

Posted 28 August 2010 - 03:31 AM

In this case I think the best thing would be to locate your XP CD and perform a repair installation

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users