Solved

iaStor.sys BSOD

Posted on 2011-03-02
11
2,868 Views
Last Modified: 2013-12-06
I have a computer that is showing this error in blue screen of death. iastor.sys an attempt was made to write ot read-only memory.
I have used system restore not as far back as possible. But I don't know whether I should restore back to december 2010.
I can boot to safemode. Ran Kaspersky av from boot cd one java threat found and removed.
sfc can not repair all problems. I have the option of manually replacing file. But I need access to windows 7 cd. Does it have to be bit specific? 64 or 32?
I have not run combofix but I don't know if it is possible to run combofix on windows 7, I assumed that it could not be done and was only available for windows xp.
0
Comment
Question by:sorush
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35020241
I have the option of manually replacing file. But I need access to windows 7 cd. Does it have to be bit specific? 64 or 32?
Yes if there are corrupt files involved.

Also the file is from Intel, since you have windows 7 I hope you installed the latest version

Intel® Rapid Storage Technology

If you get into a command prompt from a windows 7 cd try to delete the iastor.sys (or rename it).
After that it should boot, then uninstall the version you have and get the latest from intel's site. Link.

0
 

Author Comment

by:sorush
ID: 35020959
Would system file checker run from a windows 7 cd resolve the problem?
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35021147
Unlikely, but if you decide to use it then see this KB article on how to use SFC. But as they say "missing or corrupted system files"
While this may be true I am more inclined to believe it's just an older version of the driver.

Another idea is to check the BIOS and see if the hard drive is set to AHCI or IDE mode.  bios-ahci.png
Toggle these settings and see if it boots.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:sorush
ID: 35021184
I tried renaming the iastor.sys to iastor.old and now I get a blue screen  0x0000007B (0xFFFFF880009A98E8 .....
There are a number of questions in my original post that haven't been answered.
0
 
LVL 9

Accepted Solution

by:
_3mp3ror_ earned 500 total points
ID: 35021528
I thought that by renaming the driver that windows would use it's native driver. Hence the error.

By the way when you first had the bosd was the error stop:0x000000BE ?

Another idea to uninstall the driver is:

- Boot in Safe mode with command prompt (BSOD in regular Safe mode)
- Open device manager with command "devmgmt"
- Browse for "IDE ATA/ATAPI controllers"->"Intel...SATA AHCI Controller".
- Right-Click on it and select properties.
- In "Driver" tab, click on Roll Back Driver.

Source

What about the BIOS settings ?

Regarding combofix I never used it so I can't help you there.
0
 

Author Comment

by:sorush
ID: 35022383
In terms of AHCI or IDE mode, The bios is very low in features.. Aptio Setup Utility - Copyright 2007 American megatreds inc. I can not see any settings for the ID being in AHCI or IDE.
0
 

Author Comment

by:sorush
ID: 35022405
Yes the original error does have 0x000000BE, What does it mean and where can I find more information about these errors

0
 

Author Comment

by:sorush
ID: 35022424
Now when I try to login safe mode I get the error 0x0000007B etc etc.. I'm going to rename the iastor.sys back to its original name.
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35022557
And tell me if you have any luck getting into the command prompt in safe mode.
The error code is explained here
http://aumha.org/a/stop.htm

0x000000BE: ATTEMPTED_WRITE_TO_READONLY_MEMORY
A driver attempted to write to read-only memory. Commonly occurs after installing a faulty device driver, system service, or firmware. If a driver file is named in the error message, try to correct the problem by disabling, removing, or rolling back the driver.

More stop code info is also available here
http://pcsupport.about.com/lr/stop_codes/378033/1/
0
 

Author Closing Comment

by:sorush
ID: 35022668
The resolution of this error has lead to a new error for which I have to open a new discussion
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35022742
Some users from this forum also reported this issue.
Some were infected with a root kit that seems to corrupt the iastor.sys file
This rootkit infects the storage drivers of your computer, by replacing them with modified versions. Such as iastor.sys on intel based machines.

I wanted to add this because the 0x0BE stop code may also refer to this.

By the way is this a fresh install of windows 7 or you had it installed for some time ?
If you just installed it then it may very well be a bad(old) driver but if this happened out of the blue (i.e. without changing anything important to the system such as drivers, registry settings, etc.) and your windows 7 was working well prior to the blue-screen  then this would sound more like malware/rootkit problem then a driver problem.

Although you did scan with kaspersky from a boot cd you should know that the virus definitions are quite old.
0

Featured Post

Windows running painfully slow? Try these tips..

Stay away from Speed Up Computer Programs that do more harm than good.
Try these tips instead.
Step by step instructions in trouble shooting Windows Performance issues.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question