?
Solved

iaStor.sys BSOD

Posted on 2011-03-02
11
Medium Priority
?
3,043 Views
Last Modified: 2013-12-06
I have a computer that is showing this error in blue screen of death. iastor.sys an attempt was made to write ot read-only memory.
I have used system restore not as far back as possible. But I don't know whether I should restore back to december 2010.
I can boot to safemode. Ran Kaspersky av from boot cd one java threat found and removed.
sfc can not repair all problems. I have the option of manually replacing file. But I need access to windows 7 cd. Does it have to be bit specific? 64 or 32?
I have not run combofix but I don't know if it is possible to run combofix on windows 7, I assumed that it could not be done and was only available for windows xp.
0
Comment
Question by:sorush
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35020241
I have the option of manually replacing file. But I need access to windows 7 cd. Does it have to be bit specific? 64 or 32?
Yes if there are corrupt files involved.

Also the file is from Intel, since you have windows 7 I hope you installed the latest version

Intel® Rapid Storage Technology

If you get into a command prompt from a windows 7 cd try to delete the iastor.sys (or rename it).
After that it should boot, then uninstall the version you have and get the latest from intel's site. Link.

0
 

Author Comment

by:sorush
ID: 35020959
Would system file checker run from a windows 7 cd resolve the problem?
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35021147
Unlikely, but if you decide to use it then see this KB article on how to use SFC. But as they say "missing or corrupted system files"
While this may be true I am more inclined to believe it's just an older version of the driver.

Another idea is to check the BIOS and see if the hard drive is set to AHCI or IDE mode.  bios-ahci.png
Toggle these settings and see if it boots.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 

Author Comment

by:sorush
ID: 35021184
I tried renaming the iastor.sys to iastor.old and now I get a blue screen  0x0000007B (0xFFFFF880009A98E8 .....
There are a number of questions in my original post that haven't been answered.
0
 
LVL 9

Accepted Solution

by:
_3mp3ror_ earned 1500 total points
ID: 35021528
I thought that by renaming the driver that windows would use it's native driver. Hence the error.

By the way when you first had the bosd was the error stop:0x000000BE ?

Another idea to uninstall the driver is:

- Boot in Safe mode with command prompt (BSOD in regular Safe mode)
- Open device manager with command "devmgmt"
- Browse for "IDE ATA/ATAPI controllers"->"Intel...SATA AHCI Controller".
- Right-Click on it and select properties.
- In "Driver" tab, click on Roll Back Driver.

Source

What about the BIOS settings ?

Regarding combofix I never used it so I can't help you there.
0
 

Author Comment

by:sorush
ID: 35022383
In terms of AHCI or IDE mode, The bios is very low in features.. Aptio Setup Utility - Copyright 2007 American megatreds inc. I can not see any settings for the ID being in AHCI or IDE.
0
 

Author Comment

by:sorush
ID: 35022405
Yes the original error does have 0x000000BE, What does it mean and where can I find more information about these errors

0
 

Author Comment

by:sorush
ID: 35022424
Now when I try to login safe mode I get the error 0x0000007B etc etc.. I'm going to rename the iastor.sys back to its original name.
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35022557
And tell me if you have any luck getting into the command prompt in safe mode.
The error code is explained here
http://aumha.org/a/stop.htm

0x000000BE: ATTEMPTED_WRITE_TO_READONLY_MEMORY
A driver attempted to write to read-only memory. Commonly occurs after installing a faulty device driver, system service, or firmware. If a driver file is named in the error message, try to correct the problem by disabling, removing, or rolling back the driver.

More stop code info is also available here
http://pcsupport.about.com/lr/stop_codes/378033/1/
0
 

Author Closing Comment

by:sorush
ID: 35022668
The resolution of this error has lead to a new error for which I have to open a new discussion
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35022742
Some users from this forum also reported this issue.
Some were infected with a root kit that seems to corrupt the iastor.sys file
This rootkit infects the storage drivers of your computer, by replacing them with modified versions. Such as iastor.sys on intel based machines.

I wanted to add this because the 0x0BE stop code may also refer to this.

By the way is this a fresh install of windows 7 or you had it installed for some time ?
If you just installed it then it may very well be a bad(old) driver but if this happened out of the blue (i.e. without changing anything important to the system such as drivers, registry settings, etc.) and your windows 7 was working well prior to the blue-screen  then this would sound more like malware/rootkit problem then a driver problem.

Although you did scan with kaspersky from a boot cd you should know that the virus definitions are quite old.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question