antirootkit driver failed to load

[Kalypige]

I get a message "antirootkit driver failed to load with error (c000035f)

[Curson]

Hi Kalypige,

Was your system in safe mode when you encoutered this issue ?

Regards.

[Kalypige]

yes it was.  each time I run RogueKiller in normal mode, the computer crash and I get a blue screen.  It used to function well in safe mode.

[Curson]

Hi Kalypige,

Could you please try RogueKiller 11 beta in normal mode ?
If you got a BSOD, please follow the instructions in the "I have a BSOD, what do I do?" section.

BTW, is your native language french ?

Regards.

[Kalypige]

yes, my native language is French

When I was running RK in normal mode, I usually crashed and ended up with a blue screen.  I should try again with the new version.

[Curson]

Bonsoir Kalypige,

La version 11 est à présent la version stable.
Peux-tu tester celle-ci ?

Meilleures salutations.

[AlainDuPuy]

Hello, sorry to renew this old post, but it is the only instance I found on the forum about the driver not loading.

I have the same problem. I installed and ran RogueKiller v.12.9.2, but the driver never loaded. I checked the Windows/System32/drivers folder, and TrueSight.sys is present. The log says error 3221226335. I have attached the log.

thank you,
Alain

[Curson]

Hi Alain,

Thanks for your feedback.
Was your system booted in safe mode when you RogueKiller reported this error ?

Regards.

[AlainDuPuy]

Yes, sorry, forgot to say that. It was booted in Safe Mode with Networking.
(Also, I am using Windows Vista Home on a very old Toshiba laptop.)

[Curson]

Hi Alain,

When running in safe mode, RogueKiller driver cannot be loaded.
Is the driver  able to load when running Windows in normal mode ?

Regards.

[AlainDuPuy]

The driver loaded when I booted in normal mode, so that is good. However, I would recommend that the program be rewritten to permit full operation in safe mode, if that is possible (I am not a software engineer, obviously), to avoid interference by malware.

Unfortunately for me, whatever is affecting my computer is working through an svchost.exe process, and it consumes all of my RAM within a few minutes of startup (I do not have this problem in Safe Mode). As a result, RogueKiller crashes before it can complete a scan. I submitted a crash report after the last attempt. Since then I have been trying to find another way to clean my system. I hope the crash report is helpful for development.

Thank you for your efforts.
Alain

UPDATE: I ran a memory check/repair from the F8 boot menu, just because. It did not find anything, but the system ran better after. I ran RogueKiller again,but it still crashed. However, I noticed shortly before the crash that Microsoft Security Essentials alerted that it detected something. I thought it had been disabled, but I saw that Real Time Protection was still checked. I turned that off and did another scan with RogueKiller; this time it completed the scan and detected a couple of problems: TeaTimer.exe from Spybot Search & Destroy, and ZwDeleteAtom (hook) in win32k.sys

merci beaucoup (did I spell that correctly?)
Alain

[Curson]

Hi Alain,

Thanks for your feedback.
Would you agree to do a live debugging session ?

RogueKiller driver is instanciated on application launch (SERVICE_DEMAND_START) through Service Control Manager.
I cannot go into details, but running a driver in safe mode will require a full rewrite of the code. Related documentation : Load Order Groups and Altitudes for Minifilter Drivers

Yes, this is the correct spelling.
Meilleures salutations.