BSOD 7E kdcom.dll Windows XP
Okay, so here is what is going on. Customer brought a computer in that has a STOP 7E error. I do not know what they have done to it, though they THINK it might be infected. This is running Windows XP. STOP 0x0000007E, kdcom.dll is the problem. I have tried replacing the file. I have pulled the hard drive and scanned with Avast! Free Antirivus and Malwarebytes' Anti-Malware. I have even ran a complete CHKDSK to no avail. I have ran Windows Memory Diagnostic overnight with no issues.
I have also just recently tried a repair install. It loads the files, then when I reboots the first time, it goes back to the same issue.
Any suggestions?
I have also just recently tried a repair install. It loads the files, then when I reboots the first time, it goes back to the same issue.
Any suggestions?
ASKER
I have tried copying kdcom.dll, I have also tried expanding it. Neither worked :(
Sounds like your MBR may still be infected with the kdcom.dll rootkit:
http://www.dataprotectioncenter.com/antivirus/sunbelt/how-the-tdl4-rootkit-gets-around-driver-signing-policy-on-a-64-bit-machine/
http://www.dataprotectioncenter.com/antivirus/sunbelt/how-the-tdl4-rootkit-gets-around-driver-signing-policy-on-a-64-bit-machine/
can you post the minidump from windows\minidumps?
ASKER
Unfortunately I cannot post the minidumps because there are none. I never understand that... :(
Is there a way to check for TDSS or TDL4 with slaving the drive?
Is there a way to check for TDSS or TDL4 with slaving the drive?
maybe your system is not set to make them; right click my computer>properties> advanced settings> startup & restart section
also, what do you mean with : TDSS or TDL4 ?
ASKER
Well, a utility to check a slaved drive for MBR infection or rootkits. Unfortunately, i cannot boot into WIndows at all to change any settings nobus.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It looks like that is what we are going to do, but to let you know, TDSS is a type of rootkit infection that is very commonly attached to the Master Boot Record. Check out...
http://support.kaspersky.com/faq/?qid=208280684
TDL4 is a variant of TDSS if I remember right. Also another commone rootkit going around is ZeroAccess.
http://support.kaspersky.com/faq/?qid=208280684
TDL4 is a variant of TDSS if I remember right. Also another commone rootkit going around is ZeroAccess.
tx for the info, always useful
maybe time to run DBAN before the reinstall ? http://www.dban.org/
maybe time to run DBAN before the reinstall ? http://www.dban.org/
I have been having the same problem with an XP computer not booting due to kdcom.dll. I have done all the same remediation steps and nothing has worked. I have renamed, replaced; attempted repair installations; ran chkdsk and virus/malware scans on the hard drive as an externally attached usb drive as well as directly connected to SATA on another computer.
I just found this post trying to resolve my issue. I connected the drive to a running computer via USB external enclosure and the Kapersky TDSSKiller utility found (Rootkit.Boot.Pihar.b) on the drive. I cleaned, reinstalled the drive into my computer, and it is now booting successfully.
This has been driving me crazy and the utility found the problem and corrected it in about 45 seconds.
Thank you PC Solutions.
I just found this post trying to resolve my issue. I connected the drive to a running computer via USB external enclosure and the Kapersky TDSSKiller utility found (Rootkit.Boot.Pihar.b) on the drive. I cleaned, reinstalled the drive into my computer, and it is now booting successfully.
This has been driving me crazy and the utility found the problem and corrected it in about 45 seconds.
Thank you PC Solutions.
ASKER
Ended up reloading the system, the customer did not want to wait anymore. Thank you for your help!
Thank you E-E. And, special thanks to NDEMAN3. Like others here, a client computer had the same BSOD 7E error with reference to kdcom.dll. I did all the multiple malware scans and Win XP safe reinstalls to no avail. Since I'd promed the new non-profit client that I'd fix the apparently "easy" problem for no more than one hour's effort I was stuck eating hours and hours of time trying to fix this thing. I finally stumbled on this thread which contained the answer. After, each time of seemingly "fixing" the PC it would randomly revert back to it's failed state just before I was about to return it. It seemed like erratic hardware or a system bug, but since the various malware detectors had removed other stuff and were now showing a "clean" system I was about ready to quit. The answer was using TDSSKILLER.EXE from Kapersky to scan the MBR for rootkits (which I thought was included in my other malware scanners). Kapersky found Rootkit.Boot.Pihar.b and cured it. After a reboot and double-check scan to insure the varmint was gone, the PC was golden!
ASKER
I'm glad that worked for you! I actually just had a Windows XP system with the kdcom.dll BSOD issue, and this time TDSSKiller worked thank goodness. Rootkits are getting worse...
http://www.tomshardware.com/forum/253183-45-safe-mode-boot-hangs-load-kdcom
I am currently repairing a dell that has that exact same issue. That kdcom.dll file seems to be the issue. This is what I did to fix. I'm sorry that it's long but hang in there. If you're tech savvy, just skip through what ever you already know.
Boot From Disk
Insert your Windows XP disc and boot from it. If you don't know how to boot from a disc, during the Sony splash there is, hopefully, a legend that pop's up briefly (most often at the top right of the screen but not always). It will usually say two things: SETUP and BOOT MANAGER. Next to those will be the keys to press to start either. Press the one for the BOOT MANAGER. Unfortunately its not the same for every computer, but usually its something like F10 or F12.
Enter Repair
So once your fully booted into the XP disc, you'll have three options. Choose the REPAIR option by pressing R.
Select Installation
Recovery Console is command based. You'll be asked for the drive that your Windows is installed on. Typically its "1" unless you have multiple installs.
CD Drive Letter
When you get to the prompt C:\WINDOWS>, you will need to figure one thing out before moving on and that's what your CD drive letter is. Try typing "D:" without quotes. When D:\> comes up, type "DIR" without quotes. If a list comes up that has "I386" in it, then remember your drive letter is "D." If not then replace "D" in the above directions with "E."
The Repair
Once you have found your disc drive letter, follow each of the following commands line by line.
C:\WINDOWS\>CD system32
this will move you to the system32 folder
C:\WINDOWS\system32>COPY kdcom.dll C:\
this copy is a backup in case things don't work
C:\WINDOWS\system32>DEL kdcom.dll
this will delete the original not the backup
C:\WINDOWS\system32>COPY D:\I386\kdcom.dl_
replace the D if you have to with whatever your disc drive letter was above. the kdcom.dl_ is not a typo either.
C:\WINDOWS\system32>REN kdcom.dl_ kdcom.dll
renames kdcom.dl_ you copied to kdcom.dll
C:\WINDOWS\system32>EXIT
reboots your computer.