My Fix for the STOP: 0x0000008E (0xC0000005... BSOD / REBOOT
Update: May 2011
Icrontic recommends updated security software from ZoneAlarm, Avira, Trend Micro, Symantec, F-Secure, Kaspersky, or AVG.
This official Icrontic guide summarizes and replaces the info in this discussion: Fix the 0x0000008E BSOD once and for all
<hr>
Greetings & Salutations!
For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.
(Both machines worked fine till the users "Opened a file they received through msn messenger" :banghead: )
Safe Mode works fine, just reboots in Normal Mode.
From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
(Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)
Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...
Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...
Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:
Rustock rootkit v 1.2
Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb
A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...
Symantec's info on the Rustock Rootkit
This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)
Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...
Symantec's Cleanup Instructions...
Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...
I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...
Hope this helps those who have just recently developed STOP: 0x0000008E errors.
troll
Icrontic recommends updated security software from ZoneAlarm, Avira, Trend Micro, Symantec, F-Secure, Kaspersky, or AVG.
This official Icrontic guide summarizes and replaces the info in this discussion: Fix the 0x0000008E BSOD once and for all
<hr>
Greetings & Salutations!
For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.
(Both machines worked fine till the users "Opened a file they received through msn messenger" :banghead: )
Safe Mode works fine, just reboots in Normal Mode.
From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
(Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)
Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...
Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...
Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:
Rustock rootkit v 1.2
Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb
A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...
Symantec's info on the Rustock Rootkit
This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)
Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...
Symantec's Cleanup Instructions...
Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...
I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...
Hope this helps those who have just recently developed STOP: 0x0000008E errors.
troll
0
Comments
TIA, Paul
From Microsoft:
The file created should appear in the root of the drive where Windows is installed. As for being "easy to read and understand", it may be, but it might just look like gibberish unless you know what you're looking for. You can attach a copy of the dump file here and we'll have a look.
You could also try right-clicking My Computer, then go to Properties>>Advanced>>Startup and Recovery Settings, then uncheck Automatically Restart.
It will produce a BSOD with an error code. Let us know what it is and we'll try and help.
Len
Your welcome Len, glad the info helped...
I spent 2 days on these boxes much to the nattering of my boss wondering who was going to pay for the time to fix them instead of a quick reload...
Other sites had mentioned that viruses / malware were going to go this way with rootkits and all... Lets hope not as I hate reloading a box when I can bring it back from the dead...
Again, glad to hear the info has helped.
troll
troll
0x0000008e ( 0xc0000005, 0x8439a00a, 0x8d63ab4c, 0x00000000
could it be that I have this rootkit too?
I dont have any other problem at all with my computer,and I can easily play rainbow six las vegas on it without it crashing etc..
I HAVE noticed that the computer is a little bit slower then it was just some weeks earlier..but that could depend on anything..
could anyone help me,if its the same rootkit,or anything else?
It would be worth your while to check out Symantec's Cleanup Instructions at the link in Post #1.
Download RustBFix from one of the following locations...
http://www.uploads.ejvindh.net/rustbfix.exe
http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe
...and save it to your desktop.
Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
I dl'd the anti-rootkit mentioned in the post below yours..and ran it..but it coudlnt find any rootkit..so..I guess it wasn't that.. :/
this is what it says when the computer crashes..(if I didnt write it earlier,cant remember) 0x0000008e ( 0xc0000005, 0x8439a00a, 0x8d63ab4c, 0x00000000
Try a pass or two of Memtest-86.
I tried..but it said there was nothing wrong..uuuugh..I go crazy soon
my BSoD code is:
0x0000008e (0xc0000005, 0xa9f2decc, 0xaa0e7afc, 0x00000000)
GRTDIMON.SYS address a9f2decc, date stamp 4506F1AE
please help
Do you have comcast?
You have to uninstall their Security Manager
http://www.comcast.com/Customers/FAQ/FaqDetails.ashx?Id=2504
Or if it wont Uninstall Properly
http://www.comcast.net/help/faq/index.jsp?faq=ServicesSecurity_Manager18106
Other than that more info is needed as to when this BSoD happens, Normal Mode Only, Safe Mode, on Bootup, after a while, when a specific program launches etc...
i dont have comcast; i have cox. and its after its running for awhile i am not sure exactly as its my daughters machine. i only intsalled 2 programs recently
1) cox parental software
2) harry pottery game pack.
i dont think its the cox software as i also installed it on an identical machine for my other daughter. but i could be as it doesnt really work for media center 2002 edition.
on a side note if any one knows of good parental software (i.e. something that can limit internet time as well as what sites and can record every thing ) for relativly cheap; please let me know
*** STOP: 0x0000008E (0xc0000005, 0x804EF579, 0xB561886C, 0x00000000)
What does that mean? What can i do to fix it? Please email me back at [email removed]
Thanks very much!!!
Jen
[/email]
I removed your e-mail address. Posting it on a public forum like this will get it picked up by spammers, and we don't send e-mails - we answer questions on the forum.
Cheers!
right now at the moment I have put a new hard-drive into the computer from the store and installed Windows XP Pro on it but I am still getting this erroe message
Stop: 0X0000008E (0XC0000005, 0X805847DF, 0XF090FB00, 0X00000000)
I also had Dumper 0 -k showing up in MSconfig but I was able to fix that problem... I think... I right clicked My Computer went to Advanced, Startup and Recovery Settings. Under System Failure I unchecked Automatically Restart and under Write debugging information I changed it to (None)
so this doesn't seem to pop-up anymore but it might help you... no idea
seeing as how this problem started after I had hit the side of my tower I have doubts that it is that virus thing but I also tried swapping my RAM in and out to see if that was the problem but nothing.
any ideas?
The error code is:
**STOP: 0x0000008E (0xC0000005, 0x864897E2, 0xf7223CA0, 0c00000000)
I have tried rebooting into Safe mode to run Memtest, and to try and look at the mini Dump, but Anytime I try and access My Computer, it Crashes again...
I can't seem to get it to run ANYTHING to try and analyze the problem...
Any Ideas on what I can do here?
Thanks in advance!
Dave
Now running Memtest-86 v3.2 to see if I can get anything...
Will post results.
??
It says The Computer has rebooted from a bugcheck' the Bugcheck was:
0x000008e (0xc0000005, .... ....) It says a dump was saved in c:\windows\minidump\mini031607-12.dmp
However I can't navigate anywhere to see it.. as soon as I open up My Computer, it crashes.
Is there anything Specific I should be looking for in the event log?
It has 4 Service Control Manager Errors and 5 DCOM Errors... But all the DCOMS are "This service cannot be started in safe mode"
Of the SCM Errors they are:
The DHCP Client Service Depends on the NetBIOS over Tcpipservice which failed to start because of the following error: A device attached to the system is not funcitoning.
the DNS Client Service depends on the TCP/IP Protocol Driveer Service which failed to start because of the following error: A device attached to the system is not funtioning.
The IPSEC Services Service depends on the IPSEC Driver Service which failed to start because of the following error: A device attached to the system is not functioning.
and
The Following boot-start or system-start driver(s) failed to load:
Fips
IPSec
MRxSmb
NetBIOS
NetBT
Processor
RasAcd
Rdbss
Tcpip
This was all booted to safe mode.
Thanks!
It might not hurt to post a HijackThis log. Oftentimes when when network-related stuff has gone wacko it's due to some malware butting in where it shouldn't.
I seem to have misplaced my recovery Windows XP CD booklet during my move ( living-wise ) nooowww I'm stuck with this and have no way of completeing the recovery... Any suggestions