I need help with a Blue Screen

[kvjimbo]

Operating System:XP Pro, SP 2

After Norton AV 2006 discovered an adware program I allowed it to attempt removal. On restart boot stopped at a Blue Screen with a Stop: 0x0000008E (0xC0000005, 0x804F0380, 0xEB32D7CO, 0X00000000) error.

If I shut down and hit F8 on restart and choose last known config. I don't get the blue screen, but I get it again on the next boot unless I again hit F8.

[GX1_Man]

XP Pro, eh? THe least painful thing to do is a system restore to a point before this. Do you remember what it was that was removed? You may also want to test your RAM with the free download at www.memtest86.com if that doesn't do it for you.

[kvjimbo]

Norton tried to remove Adware Comon Name.

Startup Monitor detected an *.exe program would be loaded at startup and I allowed it. On restart I got the Blue Screen just as the log on screen comes up. I wish I would have written down the name of the exe program.

I have a ghost backup and I may use it next. I don't fully understand Memtest.

Several attempts at System Restore have been unsuccessful.

I did a search for Stop: 0x0000008E on the Microsoft Knowledge Base and I didn't find any thing helpful. A search for Stop: 0x0000008E (0xC0000005, 0x804F0380, 0xEB32D7CO, 0X00000000) came up empty.

[GX1_Man]

Here's over 62,000 possibilities. Start at the top:

http://www.google.com/search?hl=en&lr=&q=Stop%3A+0x0000008E+

If the RAM is bad, then Windows is irrelevant.  

[kvjimbo]

GX1_Man,

Thanks, you got more relevant hits than I did. I'm going to start with this one.

10-19-2006, 04:23 AM            #1
troll
New to the neighborhood
 
troll's Avatar
 
Location: Windsor, Nova Scotia

      
Exclamation My Fix for the STOP: 0x0000008E (0xC0000005... BSOD / REBOOT
Greetings & Salutations!

For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.

(Both machines worked fine till the users "Opened a file they received through msn messenger" )

Safe Mode works fine, just reboots in Normal Mode.

From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
(Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)

Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...

Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...

Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:

Rustock rootkit v 1.2
Z:\NewProjects\spambot\new\driver\objfre\i386\driv er.pdb

A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...

Symantec's info on the Rustock Rootkit

This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)

Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...

Symantec's Cleanup Instructions...

Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...

I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...

Hope this helps those who have just recently developed STOP: 0x0000008E errors.

troll

[kvjimbo]

I resolved a blue screen on this computer by updating the video drivers.

I'll try Troll's post on another system on my home network tomorrow.

Thanks for everyone's help.