Resolve Error Code 0x0000008e Problem

One or more of the following error messages or problems may occur on your Microsoft Windows 2003, Windows 2000, and Windows XP computer:

  • One of the following stop error messages may display on the screen:

Stop Error Message with Error Code 0x0000008e

A problem has been detected and Windows has been shut down to prevent damage to your computer...
Technical information:STOP: 0x0000008e (0xc0000005, 0x00000120, 0xfd28eaa4, 0x00000000)
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)Stop Error Message with Error Code 0x00000050

A problem has been detected and Windows has been shut down to prevent damage to your computer...Technical information:STOP: 0x00000050 (0xf8655000, 0x00000001, 0xfc7cc465, 0x00000000)

PAGE_FAULT_IN_NONPAGED_AREA (50)

  • The following error message may display after you log on to the system.

Microsoft Windows
The system has recovered from a serious error.
A log of this error has been created.
Please tell Microsoft about this problem.We have created an error report that you can send to help us improve Microsoft Windows. We will treat this report as confidential and anonymous.To see what data this error report contains, click here.

When you click on the click here link, error signature similar to one of the following samples may display:

Signature sample 1

BCCode : 0000008e BCP1 : c0000005 BCP2 : 00000120 BCP3 : fd28eaa4 BCP4 : 00000000 OSVer : 5_1_2600 SP : 0_0 Product : 256_1

Signature sample 2

BCCode : 00000050 BCP1 : f8655000 BCP2 : 00000001 BCP3 : fc7cc465 BCP4 : 00000000 OSVer : 5_1_2600 SP : 0_0 Product : 256_1

  • If you open the System Event log in the Event Viewer tool, you may view error messages similar to the ones given below:

Error Message 1

Date: date_of_error
Source: System
Error Time: time
Category: (102)
Type: Error
Event ID: 1003
User: N/A
Computer: Your_Computer_NameDescription: Error code 00000050, parameter1 f8655000, parameter2 00000001, parameter3 fc7cc465, parameter4 00000000. For more information, see Help and Support Center at http://support.microsoft.com. Data: 0000: 53 79 73 74 65 6d 20 45 System E 0008: 72 72 6f 72 20 20 45 72 rror Er 0010: 72 6f 72 20 63 6f 64 65 ror code 0018: 20 30 30 30 30 30 30 35 0000050 0020: 30 20 20 50 61 72 61 6d 0 Param 0028: 65 74 65 72 73 20 66 66 eters ff 0030: 66 66 66 66 64 31 2cError Message 2

Date: date_of_error
Source: System
Error Time: time
Category: (102)
Type: Error
Event ID: 1003
User: N/A
Computer: Your_Computer_Name
Description: Error code 0000008e, parameter1 c0000005, parameter2 00000120, parameter3 fd28eaa4, parameter4 00000000. For more information, see Help and Support Center at http://support.microsoft.com. Data: 0000: 53 79 73 74 65 6d 20 45 System E 0008: 72 72 6f 72 20 20 45 72 rror Er 0010: 72 6f 72 20 63 6f 64 65 ror code 0018: 20 30 30 30 30 30 30 35 000008e 0020: 30 20 20 50 61 72 61 6d 0 Param 0028: 65 74 65 72 73 20 66 66 eters ff 0030: 66 66 66 66 64 31 2c

  • Your PC may automatically restart.

Note: The error messages and the problems may differ based on the system failure options of your computer. Additionally, the parameters that are displayed within the parentheses of the Stop error messages may vary based on the configuration of your system.

Cause of the Errors

These errors occur if your Windows computer is infected with a HaxDoor virus variant.

Virus Details

The HaxDoor virus does the following after gaining access to your Windows system:

  • Creates a hidden process.
  • Hides files registry keys and files.
  • Copies malicious executable file to your system-although the name of this file may vary, the most common name is Mszx23.exe.
  • Some virus variants copy a driver with name Vdmt16.sys or Vdnt32.sys on the system-this driver assists the virus by hiding its process.
  • Variants can restore all these files even if you remove them from the PC.

Resolution Method

Warning: The resolution method discussed here requires you to perform direct edits to the registry. It is recommended that you back up the registry before proceeding with these steps. You can backup the registry using the File & Export command of the Registry Editor tool or by using a reliable third-party registry tool.

You resolve the HaxDoor virus problem by performing the following steps:

  1. Open the Start menu, select Run, type regedit, and then press Enter.
  2. Navigate to the following registry key in the Registry Editor, and then locate and delete any subkey under it that reference draw32 or drct16:

    3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogin\Notify

  3. Insert Windows XP installation CD in the CD-drive and then boot your system from the CD.
  4. Press R when Welcome to Setup screen is displayed.
  5. Select your operating system, supply administrator password, if required and then press Enter.
  6. At Command Prompt, type the following command and then press Enter:

    7. cd C:\Windows\System32

  7. Next, use the ren command to rename the following files and then press Enter.

    8. 1.a3d, cm.dll, cz.dll, draw32.dll, drct16.dll, dt163.dt, fltr.a3d, hm.sys, hz.dll, hz.sys, i.a3d, in.a3d, klo5.sys, klogini.dll, memlow.sys, mszx23.exe, p2.ini, ps.a3d, redir.a3d, tnfl.a3d, vdmt16.sys, vdnt32.sys, w32tm.exe, WD.SYS, winlow.sys, wmx.a3d, wz.dll, wz.sys

    Note: You may change the file name extensions of the file to .bad. If you do not find a file, move on to rename the next file.

  8. Remove the Windows XP installation CD and then restart your system.
  9. Open Registry Editor again and then locate the following keys and delete them and any entries under them:

    10. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdnt32
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memlow
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdmt16
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdnt32
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winlow
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\memlow
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDMT16
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_VDNT32
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_WINLOW
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ENUM\ROOT\LEGACY_MEMLOW

    Note: If you do not find a particular key, proceed to search for and delete the next key.

  10. Navigate to the following registry keys-if they exist-and then delete any entries that contain Mszx23.exe file name under them:

    11. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

  11. Close the Registry Editor window and restart your system.

Virus infections can cause severe problems on your Windows computers. This is the reason why, it is recommended that you use a reliable and updated antivirus tool, such as STOPzilla Antivirus to regularly scan and clean your system. Additionally, you must use a reliable and efficient registry cleaner tool, such as RegServe to clean your registry and ensure that no malicious registry keys are added to it.