Mike Tech Show – Podcast – #194 – 06-28-08
June 27, 2008
|
Posted by Mike
Podcast: [Mirror]
Show #194 Notes
- Twitter Me: http://twitter.com/miketechshow
- Member of the Techpodcast Network
- Member of the BluBrry Network
- Mike Tech Show Forums
IRC chat log from show [here]
Show Links –
Independent Music –
- Wonderfool – Venus to Vertigo
Some of the songs on this program were provided by Magnatune.com
Support the Mike Tech Show – SkypeOut
Categories: Blog Post
RE: Barbara’s trouble. Several times in the past month I’ve run across a piece of malware that after AVG has removed it – the computer BlueScreens or re-boots on startup. After much self-investigating, the malware edits a registry key that causes the BSOD when the malware file is no longer present. It sounds like Barbara is not formatting the drive before trying the re-install, because formatting would cause the registry to be re-created.
The Blue Screen error has been “STOP c0000135 {Unable To Locate Component}”
Here’s the registry key that gets modified:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems
The “Windows” value gets modified from this…
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
…to this…
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=[VIRUS DLL HERE],1
ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Booting to a CD and modifying the registry fixes the problem I’ve seen several times.