Solved

0x000000B4 (Video driver failed to initialize) on three computers today -- new spyware issue?

Posted on 2008-10-16
4
1,282 Views
Last Modified: 2013-12-01
I'm a computer tech of 12 years, specializing in spyware removal.  Today we've had three separate customer computers hit the bench that have all had the same symptom -- they will either not boot into XP Home at all, or if they do, they will give "memory referenced" errors and not open the programs.  If you try to boot into "Last Known", same thing.  Any of the "safe mode" boot options return a BSOD, STOP 0x000000B4 "The video driver failed to initialize".  Also interesting is that the first three memory addresses after the stop error are different, but the fourth is always 0x00050000.

Two of the computers have been Dell systems, one was a custom-built one (not from us).  One has onboard video, two had video cards (both nVidia).  All three are Intel-based.  Two have XP Home, one has XP MCE 2005.

All of them said they were getting popups before it stopped working.  Is this a new virus/spyware that's going around and hitting fast?  We're not in a big area, and for three to hit the bench with this same problem before noon is pretty unbelievable.  I'm still working with getting them up and running, but figured I'd ask if anyone else is seeing this explode all of a sudden over the past few days.

EDIT: Not many points on this because I'm not particularly looking for a solution, just opening a discussion on the topic to see if this is something we should be watching for.
0
Comment
Question by:Zeromus-X
  • 2
4 Comments
 
LVL 27

Expert Comment

by:David-Howard
ID: 22733709
Wish they would have told you what the pop up's were. The first thing that comes to mind is MS updates. I believe they were pushed this past Tuesday. My systems at work and home received multiple updates. Perhaps this caused an issue?
David
0
 

Author Comment

by:Zeromus-X
ID: 22734130
I haven't gotten any of them up and running yet, so I'm not 100% sure.  If there was a major update that caused this, it would explain why I'm getting so many.  I only have three benches here and there are about ten in line, so it's quite possible that there are more exhibiting this same thing.

I've gotten one to the point where it'll boot to XP, but won't allow you to run any programs after about the first 20 seconds of being booted (just gives memory address instruction errors; can't run .exe or .com files... can run .bat but if they run any .exe or .com they crash).  I managed to sneak HijackThis into the Startup folder so that it runs within that ~20 second window, and the log file is clean -- no rogue services, files, etc to be seen.  I stuck a CMD in the startup too and if I navigate to the Windows or System32, there are thousands of files of the format xx???.exe, xx???32.exe, xx???.dll, xx???32.dll, where 'xx' is two letters and ??? are three seemingly random characters.  All of them have random file create dates and all of them have a file size of '0'.  Not hidden or anything.

ComboFix can't run using the startup folder trick because it bascially just executes lots of GREP commands and such, it seems.  If I try to put any kind of antispyware programs in the startup, they run for about five seconds and then close automatically.  That's what most makes me think this is a malware issue.  I've tried SpySweeper, MalwareBytes' Anti-Malware, Spybot, Ad-Aware, even random programs like CWShredder close.  Oddly enough, HijackThis doesn't close.  And booting to safe mode is impossible due to the STOP error.

System file check didn't fix it, doing a repair checkdisk from the XP disc did nothing, and a repair install puts the computer into a situation where it can't finish Setup due to not being able to execute anything after a certain point.

Heck of a bug.
0
 

Accepted Solution

by:
bertram_wilberforce_wooster earned 50 total points
ID: 22924501
Look for Trojan: TDSS.
I had almost identical symptoms on one of my customers PCs today
I moved the "infected" drive to a new build XP PC with the latest version of malwarebytes installed
I got Malwarebytes to scan the infetd drive.  It found and dealt with 7 TDSS infections. It required a reboot to be sure they were destroyed
Put the "infected drive back where it belonged in my customer's PC and I am now able to boot to the customers original windows xp installation after 4 days of head scratching!
Progress!
If this helps or you need any more guidance then please let me know.
0
 

Author Closing Comment

by:Zeromus-X
ID: 31506792
Wasn't really a question, per se, but I've got to give it to someone, and your reply is basically what we ended up doing on two of the systems... so anyone who is searching for this problem, have at it.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

In this article we have discussed the manual scenarios to recover data from Windows 10 through some backup and recovery tools which are offered by it.
In the modern office, employees tend to move around the workplace a lot more freely. Conferences, collaborative groups, flexible seating and working from home require a new level of mobility. Technology has not only changed the behavior and the expe…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now