STOP 0x00000050 or STOP 0x0000008e error message solution 1

Source: evil

This page
Symptom
Note:
Cause
Solution
The information in this article applies:

Symptom
On a computer based on Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000, one or more of the following symptoms may occur: • The computer restarts automatically.
• After logging on, you receive the following error message:
Microsoft Windows
The system has recovered from a serious error.
A log of this error has been created.
Please tell Microsoft about this problem.
We have created an error report that you can send to help us improve Microsoft Windows. We will treat this report as confidential and anonymous.
To see what data this error report contains, click here.
To view the error report content, click "here ". When you click the "Click here" link at the bottom of the information box, you may see error feature information similar to one of the following data samples.

Data Sample 1
BCCode: 00000050 BCP1: f8655000 BCP2: 00000001 BCP3: fc7cc465
BCP4: 00000000 OSVer: 5_1_2600 SP: 0_0 Product: 256_1
Data Sample 2
BCCode: 0000008e BCP1: c0000005 BCP2: 00000120 BCP3: fd28eaa4
BCP4: 00000000 OSVer: 5_1_2600 SP: 0_0 Product: 256_1
 
• You will receive one of the following "Stop" error messages.

Information 1

A problem has been detected and Windows has been shut down to prevent damage to your computer...
Technical information:

STOP: 0x00000050 (0xf8655000, 0x00000001, 0xfc7cc465, 0x00000000)
PAGE_FAULT_IN_NONPAGED_AREA (50)
Information 2
A problem has been detected and Windows has been shut down to prevent damage to your computer...
Technical information:

STOP: 0x0000008e (0xc0000005, 0x00000120, 0xfd28eaa4, 0x00000000)
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
• System Event Logs record error messages similar to the following:
Date: date
Source: System
Error time: time
Category: (102)
Type: Error
Event ID: 1003
User: N/
COMPUTER: COMPUTER
Description: Error code 00000050, parameter1 f8655000, parameter2 00000001, parameter3 fc7cc465, parameter4 00000000. for more information, see Help and Support Center at asp "> http://go.microsoft.com/fwlink/events.asp. data: 0000: 53 79 73 74 65 6d 20 45 System E 0008: 72 72 6f 72 20 45 72 rror Er 0010: 72 6f 72 20 63 6f 64 65 ror code 0018:20 30 30 30 30 30 30 35 0000050 0020: 30 20 50 61 72 61 6d 0 Param 0028: 65 74 65 72 73 20 66 66 eters ff 0030: 66 66 66 64 31 2c
Date: date
Source: System
Error time: time
Category: (102)
Type: Error
Event ID: 1003
User: N/
COMPUTER: COMPUTER
Description: Error code 0000008e, parameter1 c0000005, parameter2 00000120, parameter3 fd28eaa4, parameter4 00000000. for more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. data: 0000: 53 79 73 74 65 6d 20 45 System E 0008: 72 72 6f 72 20 45 72 rror Er 0010: 72 6f 72 20 63 6f 64 65 ror code 0018:20 30 30 30 30 30 30 35 000008e 0020:30 20 20 50 61 72 61 6d 0 Param 0028: 65 74 65 72 73 20 66 66 eters ff 0030: 66 66 66 64 31 2c

Back to Top

Note:
• The symptoms of "Stop" errors vary with computer system failure options.

For more information about how to configure system failure options, click the following article number to view the article in the Microsoft Knowledge Base:
307973 (http://support.microsoft.com/kb/307973/) how to configure system failure and recovery options in Windows
• The four parameters in the brackets of the "Stop" error message vary with the computer configuration.

Back to Top

Cause
This problem may occur if the computer is infected with a variant of the HaxDoor virus.

The HaxDoor virus creates a hidden process. The virus also hides files and registry keys. The executable file of HaxDoor virus may have multiple names, but it is usually Mszx23.exe. Many variants of the virus place a driver named Vdmt16.sys or Vdnt32.sys on the computer. This driver is used to hide virus processes. If you delete these files, the HaxDoor virus variants can recover them.
Back to Top

Solution
Warning improper use of Registry Editor or other methods may cause serious problems. These problems may require you to reinstall the operating system. Microsoft cannot guarantee that you can resolve these problems. You are at your own risk to modify the registry.

To solve this problem, follow these steps: 1. Print the following Microsoft Knowledge Base Article. Refer to this article to complete this process.

307654 (http://support.microsoft.com/kb/307654/) how to install and use the Windows XP fault recovery console
2. Click Start, click Run, type regedit, and click OK ".
3. Find the following registry subkeys:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows ntcurrentversionwinloginy y
4. Locate and delete any item that references "drct16" or "draw32" in the Registry subitem.

For example, you may see items similar to the following:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows ntcurrentversionwinlogonpolicydrct16
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows ntcurrentversionwinlogonpolicydraw32
5. Insert the Windows XP installation disc and restart the computer from the disc.
6. On the "Welcome to installer" screen, press R (repair) to start the Windows fault recovery console.
7. Select the number corresponding to the Windows Installation to be repaired. This number is usually 1.
8. Enter the administrator password when prompted. If you do not have an administrator password, press Enter.
9. At the command prompt, move to the C: WindowsSystem32 folder. For example, type cd C: WindowsSystem32.
10. Use the RENAME command to rename the following files as shown in. Remember, press Enter every time you type a command. If the message "File not found" (File not found) appears, it is moved to the next File in the list.
Ren 1. a3d 1. a3d. bad
Ren cm. dll cm. dll. bad
Ren cz. dll cz. dll. bad
Ren draw32.dll draw32.dll. bad
Ren drct16.dll drct16.dll. bad
Ren dt163.dt dt163.dt. bad
Ren fltr. a3d fltr. a3d. bad
Ren hm. sys hm. sys. bad
Ren hz. dll hz. dll. bad
Ren hz. sys hz. sys. bad
Ren I. a3d I. a3d. bad
Ren in. a3d in. a3d. bad
Ren klo5.sys klo5.sys. bad
Ren klogini. dll klogini. dll. bad
Ren memlow. sys memlow. sys. bad
Ren mszx23.exe mszx23.exe. bad
Ren p2.ini p2.ini. bad
Ren ps. a3d ps. a3d. bad
Ren redir. a3d redir. a3d. bad
Ren tnfl. a3d tnfl. a3d. bad
Ren vdmt16.sys vdmt16.sys. bad
Ren vdnt32.sys vdnt32.sys. bad
Ren w32tm.exe w32tm.exe. bad
Ren WD. sys wd. SYS. bad
Ren winlow. sys winlow. sys. bad
Ren wmx. a3d wmx. a3d. bad
Ren wz. dll wz. dll. bad
Ren wz. sys wz. sys. bad

To delete these files after completion, type del *. bad.
11. Remove the Windows XP installation disc and type Exit to restart the computer.
12. When the computer restarts, click Start, click Run, type regedit, and then click OK ".
13. Locate and delete the following registry subkeys and any items that may exist under each subitem. If no registry subitem exists in the list, move it to the next subitem in the list.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesvdmt16
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesvdnt32
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesVFILT
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswinlow
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesmemlow

HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesvdmt16
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesvdnt32
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesVFILT
HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceswinlow
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmemlow

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesENUMROOTLEGACY_VDMT16
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesENUMROOTLEGACY_VDNT32
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesENUMROOTLEGACY_WINLOW
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesENUMROOTLEGACY_MEMLOW
14. Find and delete any items that contain the Mszx23.exe file name under the following registry subkeys:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices
15. Exit Registry Editor.
16. Make sure that the anti-virus and anti-spyware programs are updated with the latest definitions, and then perform a complete system scan.
The following malware has been recognized by antivirus vendors. Symantec: Backdoor. Haxdoor. D
Trend Micro: BKDR_HAXDOOR.BC, BKDR_HAXDOOR.BN, BK