Computer Auto Restarts every day or 2 days

L

lz22

New Member
The System Restore filter encountered the unexpected error '0xC000009A' while processing the file " on the volume 'BlockVolume1'. It has stopped monitoring the volume.

appears in the Event Viewer under System

and the BSOD display the code 0x0000008E (0xc000009a 0x80519920 0xB74687E0 0x00000000)

Any suggestions would be much appreciated.
 
Very bad news... Probably infected w/Rootkit but here's a tut to try and remove it:

Greetings & Salutations!

For the past two days I have worked on two machines at the shop that would just reboot on thier own, after shutting off the Automatic Restart option. That wonderful STOP: 0x0000008E (0xC0000005... BSOD appeared on the screen.

(Both machines worked fine till the users "Opened a file they received through msn messenger" )

Safe Mode works fine, just reboots in Normal Mode.

From safe mode cmd prompt only I scanned with F-Prot, Ad-Aware, SpyBot & HijackThis... All things cleaned up or shutoff...
(Norton was on one of the machines but it was not working and you didn't have enough time to check anything in Normal mode.)

Rebooted and within a few minutes... STOP: 0x0000008E again... rebooted in safe mode again shut everything off in MSConfig, ran Rootkit Revealer from sysinternals which found nothing... rebooted and same BSOD again...

Searched Google for 0x0000008E errors and got the standard, "Ram problem, Driver Problem, PS Weak... Tested Ram with memtest, changed the power supply and still no go...

Another site was talking about posting minidumps for them to look at, so I looked into one of the minidumps and found:

Rustock rootkit v 1.2
Z:\NewProjects\spambot\new\driver\objfre\i386\driver.pdb

A little more Google revealed that this Rootkit, once installed is undetectable by anything, quite the amazing little piece of code...

Symantec's info on the Rustock Rootkit

This was it the B version... I followed the directions on Symantec's site to remove it by booting into recovery console from an XP CD. (You cannot detect it in Safe Mode)

Once there I used "Disable pe386" to shut off the rootkit... I looked while in safe mode for this service and it WAS NOT there... Since it loads with kernel / driver data, it hides everything about itself...

Symantec's Cleanup Instructions...

Rebooted in Normal mode and no more BSOD, reinstalled NAV and started it scanning when I left the shop... I will run ADSSpy again and see if it finds the alternate data stream now...

I realize that this is not the only cause of 0x8e errors but this was my problem, and since there were two machines in the shop with the same problem, I can see more of these coming in for repair...

Hope this helps those who have just recently developed STOP: 0x0000008E errors.

troll
Click to expand...
 
Or it could be bad RAM.. At which point follow this Tut:
What it sounds like to me is a RAM problem, get yourself a copy of memtest :

http://www.memtest.org/download/1.70....70.floppy.zip

Unpack the zip and create the bootable floppy

Shut everything down and remove all your ram sticks.
Put them back in one at a time and boot the memtest floppy.

Let each stick go through at least one pass...
If RED lines start scrolling at bottom, you have a bad memory...
Click to expand...
 
I have a P4B533 Motherboard and upon opening the case to test for the memory, I see that the Intel 845E Memory Controller Hub (MCH) is unhinged and not attached to the motherboard anymore. Some how, 2 of the 4 sides popped up leaving it hanging onto the motherboard but not connected. I also notice a burnt smell inside the case.

Should I order a new board (the same board) or replace the computer all together? It's been a good 6 years that I have had with this computer.
 
You must log in or register to reply here.
Back
Top