This laptop would (at seemingly random times), generate a blue screen (BSOD), with the error: Stop 0x0000008E
Customer tells me that a few days ago, nortonĀ found something bad, and removed it.
So I figure: I’ll install MBAM, and do a scan.
While Mbam is scanning, I check whats auto-starting, and disable anything that doesn’t need to start.
Part-way through that, I get the BSOD 0x0000008e
I decide to check for hardware issues (laptop is used in a footy club, so its probably not treated nicely at times). Ram test finds no problem, but the CPU (core2) seems quite warm at 48c, but nothing too bad. The hard drive is not low on space.
Back into windows, I restart mbam, while I check the net for error 0c0000008e, after about a minute of browsing, I get another BSOD.
I try 2 more times, but mbam just cannot complete the scan.
But I do manage to find out that the BSOD could be caused by a rootkit.
So I boot from my CD (UBCD4Win), start superantispyware, run an update, then scan the PC.
Sure enough, it finds and removes:
- Rootkit.Aagent/Ggen-Loader
- Rootkit.Agent/Gen-SoftV
- Trojan.UnknownOrigin
After that, I restart into windows XP, and mbam finds about 180 infected components (mostly registry entries, but also a handful of infected files).
Once the laptop is totally clean, I remove norton antivirus 2005 (!), install antivir and windows defender (ie some modern protection), and then tell the customer of the possible consequences, if she doesn’t change the internet banking password ASAP.
I started wondering why an infection would cause a BSOD. It could be bad programming, but it might also be deliberate. Why?
It could be, that if the infection detects anything that seems like an attempt to either remove it, scan for it, or even search the net for anything related to anti-malware, then it generates a BSOD, in the hope of distracting the PC user.
It certainly had me guessing for a while.