The srosa.sys plugin causes the computer blue screen to malfunction

This article mainly describes how to use the Windows PE boot CD to remove stubborn malicious plugins and solve the Windows blue screen failure.

The computer failure that Windows users are most reluctant to see may be a blue screen. Hardware failures such as stable memory operation, bad sectors on the hard disk, and even loose mouse connectors can cause blue screens. Sometimes, when there is a blue screen failure, it needs to be solved from the software side. This article introduces a blue screen failure caused by malware and a solution.

A few days ago, the author conducted a general security check on Windows XP. The report found two unknown bad reviews plugins and asked if they were cleared. I just clicked the "Clear Now" button and the computer has a blue screen. The error message is as follows: "The problem runs to be caused by the following file: srosa.sys. An attempt was made to write to read-only memory". The general idea is that the fault is caused by a file called srosa.sys, and a write operation to read-only memory occurs. It seems that this srosa.sys may be related to the bad reviews plugin found by Security Guard. As a rule of thumb, if a blue screen appears during the cleanup of the bad review plugin, you must enter safe mode. Unexpectedly, when the computer entered the safe mode, a blue screen failure occurred immediately, and the error message was exactly the same as before.

I had to enter Windows in the normal way and search for information on srosa.sys. The search engine took the author to a website called www.prevx.com, which suggested that srosa.sys is a malware that can be cleaned up with the site's Prevx CSI. After downloading and running the software, the results of the system scan are shown in the figure. As you can see, the srosa.sys mentioned in the blue screen information is indeed a malicious plugin. When the author clicks the "Cleanup Now" button, the software prompts that only the payment registration can use the cleanup function. It seems that only the malware has been manually cleaned up.

Prevx CSI found a total of 9 malware, most of which are under the path it gives. When I entered C:\\WINDOWS\\System32\\drivers where srosa.dll is located, I did not find it. Open the "Folder Options -> View" tab, select "Show all files and folders", and uncheck the "Hide Protected Operating System Files" option, still not found. The author searched the Internet again and did not find the killing tool for this malicious plugin.

If you put the hard disk where the malware is located as a slave disk to another system, then all the files on the hard disk can not be started, this malware should be able to show your feet. Thinking of this, I took out the Windows PE boot CD. After booting the computer with it, I entered the directory mentioned by Prevx CSI and found srosa.sys and several other stubborn malicious plugins. After deleting them, the computer starts normally, 360 security guards still find two unknown malicious plug-ins, this should be srosa.sys and "the same party" "residual residue", it should be a good deal. This time I chose to "clean up immediately" and there was no blue screen. After restarting the computer, it can also enter safe mode normally.

Many users reinstall their computers when they encounter a blue screen. In fact, careful analysis of the blue screen information, and take appropriate countermeasures, it is much simpler to install a computer. I hope this article can give readers some inspiration.