This article describes how to useWindows PE boot DiscClearStubborn malicious plug-inTo solve WindowsBlue Screen fault.
The most undesirable computer failure for Windows users is the blue screen. Hardware faults, such as memory stability, bad sectors on the hard disk, and even loose mouse interfaces, may lead to a blue screen. Sometimes, when a blue screen fault occurs, it needs to be resolved from the software aspect. This article introduces a blue screen Fault Caused by malware and its solutions.
A few days ago, I performed a regular security check on Windows XP. The report found two unknown negative rating plug-ins and asked whether to clear them. I just clicked The "clean up now" button and the computer had a blue screen. The error message is as follows: "the problem runs to be caused by The following file: srosa. sys. an attempt was made to write to read-only memory ". The fault is caused by a file named srosa. sys. A write operation is performed on the read-only memory. It seems that this srosa. sys may be related to the malicious evaluation plug-in discovered by the security guard. According to experience, if a blue screen is displayed during cleaning of the evaluation plug-in, you must enter the Security Mode for operations. Unexpectedly, when the computer enters the safe mode, a blue screen failure occurs immediately, and the error message is the same as the previous one.
I had to go to Windows in normal mode and search for information about srosa. sys on the Internet. The search engine brought the author to a website named www.prevx.com. The website prompts that srosa. sys is a malware that can be used to clean up the website with Prevx CSI. After downloading and running the software, scan the system results. As you can see, the srosa. sys mentioned in the blue screen information is indeed a malicious plug-in. When I click the "Cleanup Now" button, the software prompts that the cleaning function can be used only for payment registration. It seems that only the malware has been manually cleared.
Prevx CSI found a total of nine malware, most of which are under the PATH provided by it. However, when I enter C: \ WINDOWS \ System32 \ drivers where srosa. dll is located, I cannot find it. Open the "Folder Options-> View" tab, select "show all files and folders", and deselect the "Hide protected operating system files" option. I searched the internet again and did not find this malicious plug-in's killing tool.
If the hard disk where the malware is located is mounted to another system, all files on the hard disk cannot be started, and the malware should be able to expose the malicious software. Here I come upWindows PE boot Disc. After using it to start the computer, go to the directory mentioned by Prevx CSI and find srosa. sys and several other stubborn malicious plug-ins. After they are deleted, the computer is started normally. 360 security guard still finds two unknown malicious plug-ins, which should be srosa. sys and the "same party" and should be well handled. Select "clean now" this time, and no blue screen is displayed. After you restart your computer, you can also enter the safe mode.
Many users reload their computers when encountering blue screens. In fact, it is much easier to carefully analyze the blue screen information and take appropriate countermeasures. I hope this article will give readers some inspiration.