Blue Screen

B

Bill Martin

Hopefully someone can help me with my problem. I get
halts several times a day with either of two messages.

Stop: 0x00000001E
(0xc0000005,0xA0094EF4,0x00000001,0x007E5600)
kmode_exception_not_handled
Address A0094EF4 base at A0000000,Date Stamp 4047dcd6 -
win21k.sys

or

Stop: 0x000000D1
(0x0000000C,0x00000002,0x00000000,0xBFE97793)
Driver_irql_not_less_or_equal
Address BFE97793 base at BFE97000, Date Stamp 3E9CD7EA -
Portcls.sy

All service paks are installed and I have made no changes
to the system.

Thanks in Advance
 
S

S.J.Haribabu

Hi Bill,

I found an KB article for the stop error
Stop: 0x00000001E
(0xc0000005,0xA0094EF4,0x00000001,0x007E5600)
kmode_exception_not_handled
Address A0094EF4 base at A0000000,Date Stamp 4047dcd6 -
win21k.sys


CAUSE
=======

This behavior can occur if you downloaded the Backdoor.NTHack virus from a
remote host into your computer. This virus is initiated by the Dl.bat file
in the InetPub\Scripts folder.

As a result, both the Firedaemon.exe and Sud.exe files are installed on the
computer as well as the Os2srv.exe and Mmtask.exe files, which along with
the Sud.exe and Index.exe files are run as services.

Resolution
==========
WARNING: If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using
Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this behavior, you must perform a parallel install of Windows NT
4.0 or Windows 2000 and/or make the following changes by using the Windows
2000 Recovery Console.

The Newgina.dll file is specified under the following registry key when you
access the original software hive from a parallel install:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Value = GinaDLL REG_SZ

Gina.dll = Newgina.dll
Original Gina.dll = Msgina.dll (or Awgina.dll)
From the parallel install or in the Recovery Console, rename the
Newgina.dll file to "Newgina.old".
Rename the original Gina file, for example, the Msgina.dll file to
"Newgina.dll". This renaming enables the original Gina file to be loaded
under the name "Newgina.dll" which is specified in the registry.
If you cannot locate the Newgina.dll file in Windows Explorer, you can
delete or replace the newgina.dll value in GinaDLL (REG_SZ) with msgina.dll
(or awgina.dll) under the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

This change enables the original Gina.dll file to be loaded from the cache.
You must also disable and delete the services that are associated with the
virus as well as the files that are installed in the
C:\Winnt\System32\Os2\New folder.
The Dl.bat file in the InetPub\Scripts folder must also be deleted.

Bill, for more information refer the KB article at
http://support.microsoft.com/?kbid=294728



Sincerely,

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

frequent blue screens 3
Blue screen of death error ***Stop :0x0000001E 2
Blue Screen - stop 1e 1
Windows 2000 Blue Screen dsl/sbc 1
error blue screen 2
Stop Error: Driver_IRQL_NOT_LESS_OR_EQUAL 2
Greetings all. First time I'm posting. Appreciate any assistance 7
Stop Error help 7

Top