Adlice forum
Software feedback => RogueKiller => Topic started by: Kalypige on October 26, 2015, 08:03:22 PM
-
I get a message "antirootkit driver failed to load with error (c000035f)
-
Hi Kalypige,
Was your system in safe mode when you encoutered this issue ?
Regards.
-
yes it was. each time I run RogueKiller in normal mode, the computer crash and I get a blue screen. It used to function well in safe mode.
-
Hi Kalypige,
Could you please try RogueKiller 11 beta (http://forum.adlice.com/index.php?topic=555.0) in normal mode ?
If you got a BSOD, please follow the instructions in the "I have a BSOD, what do I do?" section.
BTW, is your native language french ?
Regards.
-
yes, my native language is French
When I was running RK in normal mode, I usually crashed and ended up with a blue screen. I should try again with the new version.
-
Bonsoir Kalypige,
La version 11 est à présent la version stable.
Peux-tu tester celle-ci ?
Meilleures salutations.
-
Hello, sorry to renew this old post, but it is the only instance I found on the forum about the driver not loading.
I have the same problem. I installed and ran RogueKiller v.12.9.2, but the driver never loaded. I checked the Windows/System32/drivers folder, and TrueSight.sys is present. The log says error 3221226335. I have attached the log.
thank you,
Alain
-
Hi Alain,
Thanks for your feedback.
Was your system booted in safe mode when you RogueKiller reported this error ?
Regards.
-
Yes, sorry, forgot to say that. It was booted in Safe Mode with Networking.
(Also, I am using Windows Vista Home on a very old Toshiba laptop.)
-
Hi Alain,
When running in safe mode, RogueKiller driver cannot be loaded.
Is the driver able to load when running Windows in normal mode ?
Regards.
-
The driver loaded when I booted in normal mode, so that is good. However, I would recommend that the program be rewritten to permit full operation in safe mode, if that is possible (I am not a software engineer, obviously), to avoid interference by malware.
Unfortunately for me, whatever is affecting my computer is working through an svchost.exe process, and it consumes all of my RAM within a few minutes of startup (I do not have this problem in Safe Mode). As a result, RogueKiller crashes before it can complete a scan. I submitted a crash report after the last attempt. Since then I have been trying to find another way to clean my system. I hope the crash report is helpful for development.
Thank you for your efforts.
Alain
UPDATE: I ran a memory check/repair from the F8 boot menu, just because. It did not find anything, but the system ran better after. I ran RogueKiller again,but it still crashed. However, I noticed shortly before the crash that Microsoft Security Essentials alerted that it detected something. I thought it had been disabled, but I saw that Real Time Protection was still checked. I turned that off and did another scan with RogueKiller; this time it completed the scan and detected a couple of problems: TeaTimer.exe from Spybot Search & Destroy, and ZwDeleteAtom (hook) in win32k.sys
merci beaucoup (did I spell that correctly?) :)
Alain
-
Hi Alain,
Thanks for your feedback.
Would you agree to do a live debugging session ?
RogueKiller driver is instanciated on application launch (SERVICE_DEMAND_START) through Service Control Manager.
I cannot go into details, but running a driver in safe mode will require a full rewrite of the code. Related documentation : Load Order Groups and Altitudes for Minifilter Drivers (https://msdn.microsoft.com/en-us/windows/hardware/drivers/ifs/load-order-groups-and-altitudes-for-minifilter-drivers)
Yes, this is the correct spelling. :)
Meilleures salutations.