Announcement

Collapse
No announcement yet.

blue screen! KMODE_Exception_Not_Handled... hack?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • blue screen! KMODE_Exception_Not_Handled... hack?

    I came in this morning and everyone on Windows 2000 Pro who had to boot their machine got the blue screen of death. All XP Pro (no XP Home OS in the office) were just fine. The stop error was

    stop: 0x0000001e (0xC0000005, 0xB7A8FAB0, 0x00000000, 0x00000000) KMODE_EXCEPTION_NOT_HANDLED

    The day before I installed a new printer on everyone's machine, which didn't require a reboot. I can't imagine this being the problem but thought I should mention it. We had a 2000 Server that was here when I got here and a 2003 server that I installed. On the security side I'm pretty shaky because I just started getting familiar with MS networking (mostly used to Sun (unix)). Well, if anyone has any ideas that would be great. I've been told by at least one other person on another board that it was a hack that wasn't able to be fixed other than reformatting with HDs and starting over.

  • #2
    Was there any more info in the STOP message (like what was the process/app that caused the STOP)?

    A quick search on google presented this microsoft kb article which talks about a backdoor hack.

    http://support.microsoft.com/kb/q294728/

    There is a patch available for this and there is a way of removing. So if it does turn out to be this then i'd say stick to posting here!!
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Thanks for posting up Tony but all things point to "no" on that being the problem. It's funny. The first thing I did was google it and check on that exact problem. I can't find any of those files, processes, or registry changes. This one really has me scratching my head. Since we are preparing to load software again (1/2 workers sit for a day) we are putting XP Pro back on the machines. If we come up with the reason behind this small catastrophe of a day then I'll be sure to post up. You can count on that. Any other thoughts are appreciated.

      Comment


      • #4
        Shame about that. Bit annoying when you don't know why! But as you say if you get to find out what it was then pop the info here, always handy!
        Server 2000 MCP
        Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Disclaimer: never tested and this can wrack the computer:

          Use ERD, recovery console or BartPE and delete the following registry branch:
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\print\Printers\<printer_you_installed>

          goto %SystemRoot%\System32\Spool\Drivers\W32x86\ and delete the newly installed drivers from there.

          More ideas here: http://labmice.techtarget.com/troubl...errorcodes.htm
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Seems logical as he said he had installed a printer on each machine!
            Server 2000 MCP
            Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              We ended up logging in with safe mode (network support) and copying all needed files to a data drive. From there we formatted and upgraded the 8 desktops to Windows XP Pro which in my opinion needed to be done anyway.

              One note. When logging in on safe mode the first thing it tells you is that it has to create a page file. When I try to increase the page file it won't keep the changes. I just thought I would update. I'm going to try removing that registry info on one PC just to see.

              Comment


              • #8
                Ok, I thought I would post up with final thoughts. I tried the registry fix and it did no good. Things compounded this morning when we had a power outage for about 10 seconds that made the remaining 3 MS 2000 machines reboot which of course resulted in them going to the blue screen. The odd thing is that MY MS2000 machine was not affected. I'm the only one that didn't have a problem. For testing I even uninstalled the latest printer and reinstalled it to make sure I did it exactly as I did the other machines. I rebooted and it came up fine. I did have a problem with Symantec trying to reinstall itself after the power outage though. *scratching head* I am still unsure as to why we had this problem. We find no signs of a virus. Some have speculated that it was a bad MS 2000 Update. I'm really unsure because I didn't have time to spend trying to figure it out once we put our plan of upgrading into action. Well, that's about it. Thanks for all of the input.

                Comment

                Working...
                X