Bsod, Halp!

[nath]

Howdy, major problems here - any input appreciated.

So I'm sitting on my bed reading and I suddenly hear the windows shutdown tune, my computer appears to be turning itself off. Nothing was running other than the usual crap - Firefox and MSN, plus a couple of other things in the system tray. Nothing new. It shuts down gracefully, taking its time - then starts powering up again. Once I get beyond the logon screen I get a BSOD but a most unhelpful one, tells me hardly anything other than STOP: 0x00000008 or something like that.

I've checked the temperature, doesn't seem to be overheating. Checked the RAM (well, removed them one by one, swapped position so unless both modules/all slots are buggered it's not that). I *can* get in to safe mode, and the event viewer has absolutely nothing of use in there, regedit shows my start up items are all normal - no dodgy looking stuff.

I'm at a loss as to what this could be, and I'll really like to avoid a reinstall if poss - that'd be a major ballache.

Any advice appreciated!

 

[nath]

Update:

Well, it looks like it's most likely not a hardware fault. I just remembered that I've got a separate hard drive with windows vista installed, I've fired up with that and it *appears* to be working ok, no BSOD so far. I googled a bit and there appears to be some scary suggestions that 0x0000008e or something to that effect implies rootkit type shennanigans. I've found two different rootkit suggestions and tried the fixes for both, neither help - the files I needed to delete were nowhere to be seen.

Thing is, earlier today I plugged in a clients hard drive to back up some data - turns out it was riddled with viruses but AVG picked them all up straight away. Obviously I didn't run anything, I just backed up a few files. I was under the impression that if you're working from a clean system and you don't execute anything specifically, working with a virus-laden hard drive is safe.

If the virus has managed to infect my system somehow, how the fek do I make sure I'm shot of it. If I wipe windows and reinstall, will I need to format *all* my drives to ensure I'm clean? How can I even tell if I'm infected, I'm not 100% on that yet.

AAAAggghhh, going out of my mind here

 

[Kryten]

Whilst formatting is probably the easiest method in the long run, obviously it's going to cause some issues with lost files :/

I'd get hold of as much software as possible to scan and check, it'll be long winded but it should be able to narrow down any issues. Online scan with housecall.trendmicro.com , grab a couple of the better anti spyware packages (slightly older version of adaware spybot search & destroy), between those two they're quite good even with the in-deep buggers like rootkits. And of course RootKitrevealer from Microsoft.


If you get absolutely no joy with all of that (and being honest I'd imagine you've probably done most or all of that anyway) then perhaps a repair re-installation of windows, keeping hold of your files yet replacing the system. Vista's repair reinstallation isn't as messy as XP was so if it works you'll be able to continue using it, whereas XP basically left it only any good for backing up files then formatting.

Then if no luck, get back to us :|

 

[Bob007]

Last known good not work ?

Ability to get into safe mode leads me to thinking its a driver issue rather then anything major.

Boot into safe mode. Control Panel, folder options, show Hidden files and folders.

Navigate to C: and right click "boot.ini" file. add /sos switch at end of line that looks like multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"

Reboot and watch, Notice the last driver it crashes on. Reboot into safe mode and roll back or remove said driver if roll back not available.

Reboot, If it crashes again, repeat step above. If you gain access to windows, update drivers manualy. If you removed any drivers, cancel windows installation and replace the drivers with ones of the disc that came with the device. Update them after you have finished manualy.

 

[nath]

What's particularly odd is that it seems to bluescreen at different times. I started chucking around ideas last night and thought I should try unplugging any unnecessary USB devices. I unplugged my playstation2 - USB adapter and it got much further in to windows, almost finished loading all the startup items, then crashed.

Short of using a load of different scanners, is there any guaranteed way to find out if I have a rootkit? I'm in windows vista now and able to browse the contents of the completely separate hard drive if that makes things any easier.


Edit: also is it possible to get infected by just plugging in/copying data from an infected machine? I was under the impression you'd have to run the infected files rather than just go near them.

 

[Bob007]

Yes and No. Tho if you have a Virus scanner installed it should pick up anything that tried to start. Scan the drive before ya open it, Just to be safe Also most AV's should be watching for rootkit problems anyway. So as long as ya had 1 running am 99.7%(some AV reacon they have a 99.9% hit rate, am leaving some room ) sure you be safe there.

Also post pictar of bsod or write it down. Knowing the full error code and what it says after can be a great help (or hindrance ms ftw).

 

[nath]

The bluescreen is pretty effing useless, other than the usual spiel, the tech info only has the stop code:

0x0000008E (0xC000005, 0x89B3D731, 0xBA478C3C, 0x00000000).

It creates a minidump but I can't make head nor tails of the info in that, all gobbledygook. I tried running rootkit revealer, but that doesn't work in safemode so I can't use that. I ran a full AVG scan from my working vista drive on the XP drive and didn't show anything.

I think (I hope) I'm barking up the wrong tree with this rootkit deal, it's just of about 10 different possibilities I've found for the 0x0000008E error, one or two of them were rootkits. I just can't find any sign of them on my system but I'm not sure :S

It's looking likely that I'm just gunna buy a new harddrive, install vista properly on that (this one is on an old duff HDD just to test stuff) and work from that. I really don't like the idea of giving up on this though

 

[Bob007]

Tough call tbh, Plenty crap out there covering almost same stop code. Think they should just change bsod to a big blue screen with HELP plastered in the middle

Anyway, back to the problem at hand.

Idea 1, Run memtest86, check ram, rule ram out.
Idea 2, boot into safemode with networking, rule out network card drivers.
Idea 3, Make a mini dump file and boot puter till it crashes, read/post min dump file.
Idea 4, Enable boot logging, read/post boot logging file.

minidump how to.

1. Click Start, right click My Computer and click Properties.
2. Click the Advanced tab, and then click Settings under Startup and Recovery.
3. In the Write debugging information list, click Small memory dump (64k).

Boot log file saved as BOOTLOG.TXT on C:

 

[nath]

Shouldn't I be able to rule out memory given that using the same hardware Vista is booting fine? I'll try that minidump next, thanks bob.

edit: minidump attached.

Also, another reason I don't suspect the memory - I tried them one at a time and same problem on both. So if it were memory they'd *both* have to be screwed, which I think is pretty unlikely.

 

[Bob007]

Shouldn't I be able to rule out memory given that using the same hardware Vista is booting fine? I'll try that minidump next, thanks bob.

errr. "maybe" hehe, best to test it and be sure then guessing and kick somit later

 

[nath]

The plot thickens.

I booted up in safemode with networking and it seemed to be working fine. Stuck around in that mode for a while, started browsing the web looking for other ideas. After about 5-10minutes it bluescreened. Gah, I'm off to order a new hard drive - I think this has beaten me. Something which makes me rather jolly angry grr.

 

[Bahumat]

The plot thickens.

I booted up in safemode with networking and it seemed to be working fine. Stuck around in that mode for a while, started browsing the web looking for other ideas. After about 5-10minutes it bluescreened. Gah, I'm off to order a new hard drive - I think this has beaten me. Something which makes me rather jolly angry grr.

I had the exact same thing, although the error message may have been slightly different (was lots of 0x000000a 0x000000b etc etc).

I tried everything (even the rootkit stuff), re-partition, reformat etc etc. The problem would keep coming back every few weeks. I found safe mode was ok some of the time, also system restore would make it work for a week.

In the end I bought a new hard drive (oh i used several versions of windows on the re-install and they all suffered).

I believe its a hard drive that's dieing. I also think the system restore gets rid/moves the files which end up in the problematic area. It's almost like after a week or two of using the machine, it needs to put things in this broken area thus the problem always comes back.

 

[nath]

I had considered that and still haven't managed to rule out the HDD being faulty. It's a Western Digital Caviar, and usually they're the shit, but I guess it could be buggered. Anyway, I've given up for now, put that HDD to one side and bought a new one to install a fresh copy of Vista (which I'm typing this message from now). I've not just got the horrible task of having to install all my drivers and software again. Fun times!

 

[Bahumat]

All I can say Nath is be glad you bought a new hard drive when you did. I reloaded my pc about 10 times before finally giving up

 

[nath]

Yeah, seemed like a good idea. Besides, I want to keep that fucked drive as it is to go back to it and get data/see if I can do anything more to fix it. This way, no format is required.