Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

iaStor.sys BSOD

Posted on 2011-03-02
11
2,837 Views
Last Modified: 2013-12-06
I have a computer that is showing this error in blue screen of death. iastor.sys an attempt was made to write ot read-only memory.
I have used system restore not as far back as possible. But I don't know whether I should restore back to december 2010.
I can boot to safemode. Ran Kaspersky av from boot cd one java threat found and removed.
sfc can not repair all problems. I have the option of manually replacing file. But I need access to windows 7 cd. Does it have to be bit specific? 64 or 32?
I have not run combofix but I don't know if it is possible to run combofix on windows 7, I assumed that it could not be done and was only available for windows xp.
0
Comment
Question by:sorush
  • 6
  • 5
11 Comments
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35020241
I have the option of manually replacing file. But I need access to windows 7 cd. Does it have to be bit specific? 64 or 32?
Yes if there are corrupt files involved.

Also the file is from Intel, since you have windows 7 I hope you installed the latest version

Intel® Rapid Storage Technology

If you get into a command prompt from a windows 7 cd try to delete the iastor.sys (or rename it).
After that it should boot, then uninstall the version you have and get the latest from intel's site. Link.

0
 

Author Comment

by:sorush
ID: 35020959
Would system file checker run from a windows 7 cd resolve the problem?
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35021147
Unlikely, but if you decide to use it then see this KB article on how to use SFC. But as they say "missing or corrupted system files"
While this may be true I am more inclined to believe it's just an older version of the driver.

Another idea is to check the BIOS and see if the hard drive is set to AHCI or IDE mode.  bios-ahci.png
Toggle these settings and see if it boots.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:sorush
ID: 35021184
I tried renaming the iastor.sys to iastor.old and now I get a blue screen  0x0000007B (0xFFFFF880009A98E8 .....
There are a number of questions in my original post that haven't been answered.
0
 
LVL 9

Accepted Solution

by:
_3mp3ror_ earned 500 total points
ID: 35021528
I thought that by renaming the driver that windows would use it's native driver. Hence the error.

By the way when you first had the bosd was the error stop:0x000000BE ?

Another idea to uninstall the driver is:

- Boot in Safe mode with command prompt (BSOD in regular Safe mode)
- Open device manager with command "devmgmt"
- Browse for "IDE ATA/ATAPI controllers"->"Intel...SATA AHCI Controller".
- Right-Click on it and select properties.
- In "Driver" tab, click on Roll Back Driver.

Source

What about the BIOS settings ?

Regarding combofix I never used it so I can't help you there.
0
 

Author Comment

by:sorush
ID: 35022383
In terms of AHCI or IDE mode, The bios is very low in features.. Aptio Setup Utility - Copyright 2007 American megatreds inc. I can not see any settings for the ID being in AHCI or IDE.
0
 

Author Comment

by:sorush
ID: 35022405
Yes the original error does have 0x000000BE, What does it mean and where can I find more information about these errors

0
 

Author Comment

by:sorush
ID: 35022424
Now when I try to login safe mode I get the error 0x0000007B etc etc.. I'm going to rename the iastor.sys back to its original name.
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35022557
And tell me if you have any luck getting into the command prompt in safe mode.
The error code is explained here
http://aumha.org/a/stop.htm

0x000000BE: ATTEMPTED_WRITE_TO_READONLY_MEMORY
A driver attempted to write to read-only memory. Commonly occurs after installing a faulty device driver, system service, or firmware. If a driver file is named in the error message, try to correct the problem by disabling, removing, or rolling back the driver.

More stop code info is also available here
http://pcsupport.about.com/lr/stop_codes/378033/1/
0
 

Author Closing Comment

by:sorush
ID: 35022668
The resolution of this error has lead to a new error for which I have to open a new discussion
0
 
LVL 9

Expert Comment

by:_3mp3ror_
ID: 35022742
Some users from this forum also reported this issue.
Some were infected with a root kit that seems to corrupt the iastor.sys file
This rootkit infects the storage drivers of your computer, by replacing them with modified versions. Such as iastor.sys on intel based machines.

I wanted to add this because the 0x0BE stop code may also refer to this.

By the way is this a fresh install of windows 7 or you had it installed for some time ?
If you just installed it then it may very well be a bad(old) driver but if this happened out of the blue (i.e. without changing anything important to the system such as drivers, registry settings, etc.) and your windows 7 was working well prior to the blue-screen  then this would sound more like malware/rootkit problem then a driver problem.

Although you did scan with kaspersky from a boot cd you should know that the virus definitions are quite old.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question