I had a BSOD (Blue Screen of Death) on my Windows XP laptop today. It freaked me out as I don't remember changing any system configurations previously, so I thought that it might be a virus. I've extracted the juicy part from the BSOD messages below:
--------------------------------------------------------------------
Technical information:
*** STOP: 0x000000c9 (0x00000007, 0xA8655492, 0x8ADACF68, 0x00000000)
*** viexpf2k.sys - Address A8655492 base at A8655000, DateStamp 4372d07b
Beginning dump of physical memory
--------------------------------------------------------------------
A little googling shows that "viexpf2k.sys" is either a malware, or a driver from CyberArmor. I have the Cyberarmor firewall (Corporate version) installed, so I investigated from this angle. But just in case, I also ran CureIt AntiVirus from DrWeb.
At first, I couldn't get into Safe Mode as it gets stuck during the driver loading phase. But CHKDSK pops up after a few hard reboots, and Safe Mode boots fine after the disk check.
For some reason, my laptop didn't generate any dump file (company policy, no direct control), so I could not confirm my suspicion with WinDbg. I had to do it the "hacker" way: I renamed "viexpf2k.sys" to "~viexpf2k.sys" in both the "C:\Program Files\CyberArmor" and "C:\WINDOWS\system32\drivers", and then my XP managed to boot normally, but without CyberArmor.
So it's confirmed that CyberArmor is the problem, but why? More googling shows stop code C9 to be DRIVER_VERIFIER_IOMANAGER_VIOLATION, and it hit me! I must have turned on Microsoft's Driver Verifier by mistake yesterday when I was researching on kernel dump debugging.
So I restored "viexpf2k.sys" and ran:
C:> verifier /reset
Voila! Every thing's back to normal after a reboot.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment