My Fix for the STOP: 0x0000008E (0xC0000005... BSOD / REBOOT

trolltroll Windsor, Nova Scotia Icrontian
edited April 2012 in Hardware
Update: May 2011

Icrontic recommends updated security software from ZoneAlarm, Avira, Trend Micro, Symantec, F-Secure, Kaspersky, or AVG.

This official Icrontic guide summarizes and replaces the info in this discussion: Fix the 0x0000008E BSOD once and for all
<hr>
Greetings & Salutations!

For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.

(Both machines worked fine till the users "Opened a file they received through msn messenger" :banghead: )

Safe Mode works fine, just reboots in Normal Mode.

From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
(Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)

Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...

Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...

Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:

Rustock rootkit v 1.2
Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb


A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...

Symantec's info on the Rustock Rootkit

This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)

Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...

Symantec's Cleanup Instructions...

Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...

I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...

Hope this helps those who have just recently developed STOP: 0x0000008E errors.

troll
«13456712

Comments

  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited October 2006
    Looks like some great research, troll. I'm sure you will help a bunch of people with this well-written guide. :thumbsup:
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited October 2006
    Sticky! Sticky!
  • edited October 2006
    Hello, I also think this was really well written, I understood it!, mostly... I recieved the same error a month or so ago and couldn't get windows running again, so here is what I did, and i need some help at this point. I have a BYO system I can go into detail if you want. It had a 120g hard drive partitioned 70/40/10, with the 10 unpartitioned(for emergencies). I just partitioned the 10g and reinstalled windows on that, mainly to be able to recover info from drive c: and d:. Now here is where I am running into trouble. Trying to recover info off of drive c: makes the system reboot. If I have the problem as stated above, how do I deal with it in this case, and what is a minidump, how do I do it and is it easy to read and understand? I am an average do-it yourselfer and have some decent system repairl knowledge but I am not a professional, nor do I have any schooling for this kinda stuff. Please I need some help!!!!!

    TIA, Paul
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited October 2006
    toothmkr57 wrote:
    ...what is a minidump, how do I do it and is it easy to read and understand?...
    It will (try to) record what was going on when your computer crashed and save it to a text file. By studying the file you'll at least get a list of likely suspects as to what caused the crash.

    From Microsoft:
    To configure startup and recovery options to use the small memory dump file, follow these steps.

    1. Click Start, point to Settings, and then click Control Panel.
    2. Double-click System.
    3. Click the Advanced tab, and then click Settings under Startup and Recovery.
    4. In the Write debugging information list, click Small memory dump (64k).

    The file created should appear in the root of the drive where Windows is installed. As for being "easy to read and understand", it may be, but it might just look like gibberish unless you know what you're looking for. You can attach a copy of the dump file here and we'll have a look.

    You could also try right-clicking My Computer, then go to Properties>>Advanced>>Startup and Recovery Settings, then uncheck Automatically Restart.
    It will produce a BSOD with an error code. Let us know what it is and we'll try and help. :)
  • LenLen Woodstock, near Oxford, UK
    edited October 2006
    troll wrote:
    Greetings & Salutations!

    For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.

    (Both machines worked fine till the users "Opened a file they received through msn messenger" :banghead: )

    Safe Mode works fine, just reboots in Normal Mode.

    From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
    (Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)

    Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...

    Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...

    Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:

    Rustock rootkit v 1.2
    Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb


    A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...

    Symantec's info on the Rustock Rootkit

    This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)

    Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...

    Symantec's Cleanup Instructions...

    Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...

    I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...

    Hope this helps those who have just recently developed STOP: 0x0000008E errors.

    troll
    Hi troll: MANY thanks for the "pe386 fix". It brought to an end many hours of fruitless work. It fixed the box I was trying to bring back from near death after trying all the other suggestions. THANK YOU!
    Len
  • botheredbothered Manchester UK
    edited October 2006
    Thrax wrote:
    Sticky! Sticky!
    Seconded. This is exactly the sort of stuff that you cannot find easily and can be a life saver.
  • trolltroll Windsor, Nova Scotia Icrontian
    edited October 2006
    Len wrote:
    Hi troll: MANY thanks for the "pe386 fix". It brought to an end many hours of fruitless work. It fixed the box I was trying to bring back from near death after trying all the other suggestions. THANK YOU!
    Len

    Your welcome Len, glad the info helped...

    I spent 2 days on these boxes much to the nattering of my boss wondering who was going to pay for the time to fix them instead of a quick reload...

    Other sites had mentioned that viruses / malware were going to go this way with rootkits and all... Lets hope not as I hate reloading a box when I can bring it back from the dead...


    Again, glad to hear the info has helped. :)

    troll
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited November 2006
    Thrax wrote:
    Sticky! Sticky!
    bothered wrote:
    Seconded. This is exactly the sort of stuff that you cannot find easily and can be a life saver.
    Added to this thread. :)
  • edited January 2007
    Thank you very much for posting this information, troll. If it wasn't for you and this post, I probably would've never figured it out. Thank you!
  • trolltroll Windsor, Nova Scotia Icrontian
    edited January 2007
    Your welcome Sting2324, glad the info helped!
    troll
  • edited February 2007
    hi. I bought the game ghost recon advanced warfighter yesterday..and when I tried to play it.. the game rebooted/crashed..whatever ..I checked what the bluescreen said,and this is what came up:
    0x0000008e ( 0xc0000005, 0x8439a00a, 0x8d63ab4c, 0x00000000

    could it be that I have this rootkit too?
    I dont have any other problem at all with my computer,and I can easily play rainbow six las vegas on it without it crashing etc..
    I HAVE noticed that the computer is a little bit slower then it was just some weeks earlier..but that could depend on anything..

    could anyone help me,if its the same rootkit,or anything else?
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2007
    ...could it be that I have this rootkit too?...

    It would be worth your while to check out Symantec's Cleanup Instructions at the link in Post #1. :)
  • TroganTrogan London, UK
    edited February 2007
    Here is another fix for the Rustock.B Rootkit, if needed.

    Download RustBFix from one of the following locations...

    http://www.uploads.ejvindh.net/rustbfix.exe

    http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe

    ...and save it to your desktop.

    Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
  • edited February 2007
    profdlp wrote: »
    It would be worth your while to check out Symantec's Cleanup Instructions at the link in Post #1. :)

    I dl'd the anti-rootkit mentioned in the post below yours..and ran it..but it coudlnt find any rootkit..so..I guess it wasn't that.. :/

    this is what it says when the computer crashes..(if I didnt write it earlier,cant remember) 0x0000008e ( 0xc0000005, 0x8439a00a, 0x8d63ab4c, 0x00000000
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited February 2007
    ...coudlnt find any rootkit..so..I guess it wasn't that...

    Try a pass or two of Memtest-86.
  • edited February 2007
    profdlp wrote: »
    Try a pass or two of Memtest


    I tried..but it said there was nothing wrong..uuuugh..I go crazy soon :confused:
  • edited February 2007
    ok my problem is similar to this maybe you all can help me decipher it


    my BSoD code is:

    0x0000008e (0xc0000005, 0xa9f2decc, 0xaa0e7afc, 0x00000000)
    GRTDIMON.SYS address a9f2decc, date stamp 4506F1AE


    please help
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited February 2007
    pbhound wrote:
    ok my problem is similar to this maybe you all can help me decipher it


    my BSoD code is:

    0x0000008e (0xc0000005, 0xa9f2decc, 0xaa0e7afc, 0x00000000)
    GRTDIMON.SYS address a9f2decc, date stamp 4506F1AE


    please help

    Do you have comcast?
  • trolltroll Windsor, Nova Scotia Icrontian
    edited February 2007
    I found the Comcast stuff as well...
    You have to uninstall their Security Manager
    http://www.comcast.com/Customers/FAQ/FaqDetails.ashx?Id=2504

    Or if it wont Uninstall Properly
    http://www.comcast.net/help/faq/index.jsp?faq=ServicesSecurity_Manager18106

    Other than that more info is needed as to when this BSoD happens, Normal Mode Only, Safe Mode, on Bootup, after a while, when a specific program launches etc...
  • edited February 2007
    troll wrote:
    I found the Comcast stuff as well...
    You have to uninstall their Security Manager. <link removed>

    Or if it wont Uninstall Properly <link removed>
    Other than that more info is needed as to when this BSoD happens, Normal Mode Only, Safe Mode, on Bootup, after a while, when a specific program launches etc...

    i dont have comcast; i have cox. and its after its running for awhile i am not sure exactly as its my daughters machine. i only intsalled 2 programs recently
    1) cox parental software
    2) harry pottery game pack.

    i dont think its the cox software as i also installed it on an identical machine for my other daughter. but i could be as it doesnt really work for media center 2002 edition.

    on a side note if any one knows of good parental software (i.e. something that can limit internet time as well as what sites and can record every thing ) for relativly cheap; please let me know
  • edited March 2007
    hey troll....i'm new to this. my computer is giving me this message:

    *** STOP: 0x0000008E (0xc0000005, 0x804EF579, 0xB561886C, 0x00000000)

    What does that mean? What can i do to fix it? Please email me back at [email removed]
    Thanks very much!!!

    Jen


    [/email]
    troll wrote:
    Greetings & Salutations!

    For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.

    (Both machines worked fine till the users "Opened a file they received through msn messenger" :banghead: )

    Safe Mode works fine, just reboots in Normal Mode.

    From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
    (Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)

    Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...

    Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...

    Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:

    Rustock rootkit v 1.2
    Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb

    A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...

    Symantec's info on the Rustock Rootkit

    This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)

    Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...

    Symantec's Cleanup Instructions...

    Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...

    I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...

    Hope this helps those who have just recently developed STOP: 0x0000008E errors.

    troll
  • LincLinc Owner Detroit Icrontian
    edited March 2007
    jen_jen_03 wrote:
    hey troll....i'm new to this. my computer is giving me this message:

    *** STOP: 0x0000008E (0xc0000005, 0x804EF579, 0xB561886C, 0x00000000)

    What does that mean? What can i do to fix it? Please email me back at [email removed]
    Thanks very much!!!

    Jen[/email]
    Jen - His original post are the instructions you seek. Were you having trouble with them? Did they not work for you?

    I removed your e-mail address. Posting it on a public forum like this will get it picked up by spammers, and we don't send e-mails - we answer questions on the forum.

    Cheers!
  • edited March 2007
    Hello everyone. sorry to bother you with this problem but I don't know how to deal with this and I only know enough about computers to just make it by. every since a few weeks ago or more I have been coming across a problem that I assume was caused when I was very upset and used physical violence to teach my computer a lesson :eek: (Sorry to all of you who disapprove of such things:rolleyes: )

    right now at the moment I have put a new hard-drive into the computer from the store and installed Windows XP Pro on it but I am still getting this erroe message

    Stop: 0X0000008E (0XC0000005, 0X805847DF, 0XF090FB00, 0X00000000)

    I also had Dumper 0 -k showing up in MSconfig but I was able to fix that problem... I think... I right clicked My Computer went to Advanced, Startup and Recovery Settings. Under System Failure I unchecked Automatically Restart and under Write debugging information I changed it to (None)
    so this doesn't seem to pop-up anymore but it might help you... no idea

    seeing as how this problem started after I had hit the side of my tower I have doubts that it is that virus thing but I also tried swapping my RAM in and out to see if that was the problem but nothing.

    any ideas?
  • edited March 2007
    My Father recently started having BSOD Errors on his Desktop...
    The error code is:
    **STOP: 0x0000008E (0xC0000005, 0x864897E2, 0xf7223CA0, 0c00000000)
    I have tried rebooting into Safe mode to run Memtest, and to try and look at the mini Dump, but Anytime I try and access My Computer, it Crashes again...
    I can't seem to get it to run ANYTHING to try and analyze the problem...
    Any Ideas on what I can do here?
    Thanks in advance!
    Dave
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited March 2007
    Run Memtest from a bootable floppy or CD.
  • edited March 2007
    Hmm.. ran memtest86+ v1.55 and it kept getting to about 94% done, then restarting at test #4... ran it for over an hour, then had to stop it...

    Now running Memtest-86 v3.2 to see if I can get anything...

    Will post results.
  • edited March 2007
    Ran Both Memory Tests... 2 Passes Each... No Errors..

    ??
  • edited March 2007
    OKay.. Ran Event Viewer, but can't really see anything...

    It says The Computer has rebooted from a bugcheck' the Bugcheck was:

    0x000008e (0xc0000005, .... ....) It says a dump was saved in c:\windows\minidump\mini031607-12.dmp


    However I can't navigate anywhere to see it.. as soon as I open up My Computer, it crashes.

    Is there anything Specific I should be looking for in the event log?

    It has 4 Service Control Manager Errors and 5 DCOM Errors... But all the DCOMS are "This service cannot be started in safe mode"

    Of the SCM Errors they are:

    The DHCP Client Service Depends on the NetBIOS over Tcpipservice which failed to start because of the following error: A device attached to the system is not funcitoning.

    the DNS Client Service depends on the TCP/IP Protocol Driveer Service which failed to start because of the following error: A device attached to the system is not funtioning.

    The IPSEC Services Service depends on the IPSEC Driver Service which failed to start because of the following error: A device attached to the system is not functioning.

    and

    The Following boot-start or system-start driver(s) failed to load:
    Fips
    IPSec
    MRxSmb
    NetBIOS
    NetBT
    Processor
    RasAcd
    Rdbss
    Tcpip

    This was all booted to safe mode.

    Thanks!
  • profdlpprofdlp The Holy City Of Westlake, Ohio
    edited March 2007
    DJamesL wrote:
    ...The IPSEC Services Service depends on the IPSEC Driver Service which failed to start because of the following error: A device attached to the system is not functioning.

    and

    The Following boot-start or system-start driver(s) failed to load:
    Fips
    IPSec
    MRxSmb
    NetBIOS
    NetBT
    Processor
    RasAcd
    Rdbss
    Tcpip

    This was all booted to safe mode...
    Those are nearly all network related issues. Have you tried Safe Mode with Networking?

    It might not hurt to post a HijackThis log. Oftentimes when when network-related stuff has gone wacko it's due to some malware butting in where it shouldn't.
  • edited March 2007
    Heh, Very helpful little guide i must say,you out-did any Futureshop employee around where i live...they solved a problem for 2days and came right back. Now here's a pickle!
    I seem to have misplaced my recovery Windows XP CD booklet during my move ( living-wise ) nooowww I'm stuck with this and have no way of completeing the recovery... Any suggestions :( ?
Sign In or Register to comment.