Jump to content
netzenrob

Major issue BSOD

Recommended Posts

As of Thursday night 15th December our installs of anti ransomware caused severe problems across the whole computer network, 75% of computers BSOD.

Symptoms:

Unable to load Windows in normal/safemode or from bootable Windows OEM CD to perform repairs. All PC's Dell Win 7 Pro.

BSOD / FLTMGR.SYS = EXCEPTION ERROR every which way we tried to load in.

How to get back into Windows:

Unplug the ethernet cable, reboot PC, PC logs in as normal

Technical info / what MB Anti Ransomware seemed to do:

After analysing the log files for the crashes, we could see Malwarebytes was deleting Windows Chipset SM Bus drivers or corrupting them & Network card drivers on the system. Windows therefore crashes as soon as the network card is in use. Keeping the ethernet cable out is the only way to get back into Windows.

We checked device manager on the majority of the PCs, SMBUS / NIC card drivers were missing/corrupted and had the standard yellow exclamation mark next to them.

Solution:

1) System restored PC to earlier date.

2) Removed Anti Ransomware prior to it's update.

3) Reinstalled Chipset drivers from manufacturer

 

We have since removed the software network wide. I hope when this package becomes more stable to roll it out again.

Share this post


Link to post
Share on other sites

Hi, @netzenrob

in my reply to your post on the other topic, apart from sharing the memory dump, if you could also share some the the logs, it would be very much appreciated. Thanks. 

Share this post


Link to post
Share on other sites

We stumbled upon the exact same issue on 2 Terminal Servers on Friday and today.
I didn't get as far netzenrob with finding out what happened exactly.

The NTFS File Structure was corrupted on at least 1 of the servers so I had to run a checkdisk to get it back up and running again.

After the checkdisk I noticed that logging in using a local account, or domain account with the network card disabled (VMWare) was the only way to log on initially, then I removed Anti-Ransomware and allowed the users to log back on again.

I can send you the event log file in a PM if you need it due to client information being in there.

BSOD.jpg

Dump File.png

Share this post


Link to post
Share on other sites

Thanks, @netzenrob & @SvenBNE

we just released Component Update 1.1.19 to address this BSOD.  It takes a little bit of time for the ARW Beta to pick it up but just make sure you are in this version and the issue should be solved.

Hope this helps.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.