Over the weekend I was working on a laptop running Windows 7 that would boot up, allow login, and then bluescreen after 5 minutes or less. The bluescreen exhibited the famous stop error code: 0x0000008e. This can be the result of a corrupted driver, but, in most cases is evidence of a failing memory chip. Being an older laptop, the model and serial numbers had been rubbed off the asset tag long ago, making it tough to determine which memory chip to order. So, while I surfed Bing images to identify a visual match to tie the laptop to its proper model number, I decided to go down other troubleshooting avenues just in case. I'm glad I did.
Even though replacement memory is extremely cheap these days (it was going to cost less than $15 to replace the memory chip) the laptop would have been out of commission for a couple days, and as is always the case, use of the computer had become critical.
One of the additional troubleshooting avenues involved checking for the potential of an installed rootkit. The laptop already had an antivirus application running and up-to-date, so my I figured my rootkit check wouldn't produce any results, but I'd try it anyway. A rootkit was found and removed and saved me from having to order that memory chip. After the rootkit was removed the 0x0000008e error was resolved and the laptop owner was able to get back to finishing the critical project.
So, this tip actually involves two components. First, if you experience the 0x0000008e bluescreen error, make sure to try out all troubleshooting techniques before ordering new hardware, even though things appear to be fine, i.e., OS and app updates applied, antivirus up-to-date and showing no alerts. Secondly, I wanted to let you know about the rootkit remover I used to help minimize your search when you need it. It's also a good idea to grab the utility now to keep on-hand should strange issues arise.
The rootkit remover that worked for me was the TDSSKiller anti-rootkit utility from Kaspersky.
TDSSKiller has both a graphical interface and also a command-line facility. Once you download it you can simply run the executable and allow it to scan and detect.
The command-line options are available to help you both, customize how it runs and to deploy using your favorite deployment method (System Center Configuration Manager, GPO, etc.).
Here's the command-line options built into the executable:
You can download the TDSSKiller anti-rootkit utility from the following page:
http://support.kaspersky.com/5350?el=88446
I'm sure you might have a favorite anti-rootkit utility of your own, but TDSSKiller worked for me in this instance. If you have used a different one before, let me know which one and we'll cobble together a comparison.
