Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

0x000000B4 (Video driver failed to initialize) on three computers today -- new spyware issue?

Posted on 2008-10-16
4
Medium Priority
?
1,290 Views
Last Modified: 2013-12-01
I'm a computer tech of 12 years, specializing in spyware removal.  Today we've had three separate customer computers hit the bench that have all had the same symptom -- they will either not boot into XP Home at all, or if they do, they will give "memory referenced" errors and not open the programs.  If you try to boot into "Last Known", same thing.  Any of the "safe mode" boot options return a BSOD, STOP 0x000000B4 "The video driver failed to initialize".  Also interesting is that the first three memory addresses after the stop error are different, but the fourth is always 0x00050000.

Two of the computers have been Dell systems, one was a custom-built one (not from us).  One has onboard video, two had video cards (both nVidia).  All three are Intel-based.  Two have XP Home, one has XP MCE 2005.

All of them said they were getting popups before it stopped working.  Is this a new virus/spyware that's going around and hitting fast?  We're not in a big area, and for three to hit the bench with this same problem before noon is pretty unbelievable.  I'm still working with getting them up and running, but figured I'd ask if anyone else is seeing this explode all of a sudden over the past few days.

EDIT: Not many points on this because I'm not particularly looking for a solution, just opening a discussion on the topic to see if this is something we should be watching for.
0
Comment
Question by:Zeromus-X
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 27

Expert Comment

by:David-Howard
ID: 22733709
Wish they would have told you what the pop up's were. The first thing that comes to mind is MS updates. I believe they were pushed this past Tuesday. My systems at work and home received multiple updates. Perhaps this caused an issue?
David
0
 

Author Comment

by:Zeromus-X
ID: 22734130
I haven't gotten any of them up and running yet, so I'm not 100% sure.  If there was a major update that caused this, it would explain why I'm getting so many.  I only have three benches here and there are about ten in line, so it's quite possible that there are more exhibiting this same thing.

I've gotten one to the point where it'll boot to XP, but won't allow you to run any programs after about the first 20 seconds of being booted (just gives memory address instruction errors; can't run .exe or .com files... can run .bat but if they run any .exe or .com they crash).  I managed to sneak HijackThis into the Startup folder so that it runs within that ~20 second window, and the log file is clean -- no rogue services, files, etc to be seen.  I stuck a CMD in the startup too and if I navigate to the Windows or System32, there are thousands of files of the format xx???.exe, xx???32.exe, xx???.dll, xx???32.dll, where 'xx' is two letters and ??? are three seemingly random characters.  All of them have random file create dates and all of them have a file size of '0'.  Not hidden or anything.

ComboFix can't run using the startup folder trick because it bascially just executes lots of GREP commands and such, it seems.  If I try to put any kind of antispyware programs in the startup, they run for about five seconds and then close automatically.  That's what most makes me think this is a malware issue.  I've tried SpySweeper, MalwareBytes' Anti-Malware, Spybot, Ad-Aware, even random programs like CWShredder close.  Oddly enough, HijackThis doesn't close.  And booting to safe mode is impossible due to the STOP error.

System file check didn't fix it, doing a repair checkdisk from the XP disc did nothing, and a repair install puts the computer into a situation where it can't finish Setup due to not being able to execute anything after a certain point.

Heck of a bug.
0
 

Accepted Solution

by:
bertram_wilberforce_wooster earned 200 total points
ID: 22924501
Look for Trojan: TDSS.
I had almost identical symptoms on one of my customers PCs today
I moved the "infected" drive to a new build XP PC with the latest version of malwarebytes installed
I got Malwarebytes to scan the infetd drive.  It found and dealt with 7 TDSS infections. It required a reboot to be sure they were destroyed
Put the "infected drive back where it belonged in my customer's PC and I am now able to boot to the customers original windows xp installation after 4 days of head scratching!
Progress!
If this helps or you need any more guidance then please let me know.
0
 

Author Closing Comment

by:Zeromus-X
ID: 31506792
Wasn't really a question, per se, but I've got to give it to someone, and your reply is basically what we ended up doing on two of the systems... so anyone who is searching for this problem, have at it.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question