Eoa42.sys causing BSOD

Discussion in 'Software' started by Georgos, Jun 29, 2008.

  1. Georgos

    Georgos Private E-2

    Hey, guys. I need help. I keep getting the Blue Screen of Death lately and it's really annoying. I got one today just short while ago.

    Here are some details for you guys to figure out for me what exactly is Eoa42.sys.


    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\WINDOWS\Minidump\Mini062908-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 2600.xpsp_sp2_rtm.040803-2158
    Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
    Debug session time: Sun Jun 29 19:47:44.718 2008 (GMT+10)
    System Uptime: 0 days 6:47:50.426
    Loading Kernel Symbols
    ............................................................................................................
    Loading User Symbols
    Loading unloaded module list
    ................
    Unable to load image Eoa42.sys, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for Eoa42.sys
    *** ERROR: Module load completed but symbols could not be loaded for Eoa42.sys
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1000007E, {c0000005, f7173029, f790ec78, f790e974}

    Probably caused by : Eoa42.sys ( Eoa42+19029 )

    Followup: MachineOwner
    ---------


    So what to do? Thanks in advance.
     
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    Eoa42.sys as a file doesnt ring any bells with me and I did a search of OS files and that one doesnt popup, so would possibly be aiming in the direction of malware or a driver issue.

    What is the BSOD code in full? will or may help narrow this down more easily.

    If you boot into Safe Mode do you still get the same errors.

    Did you install anything new around the time that this started to happen? if so what.

    Have you run some security scans on your PC to rule out malware as the cause?
     
  3. Georgos

    Georgos Private E-2

    From what I've concluded, seems like a driver issue. Malware is definitely not an option. Neither is installation of anything new.

    As for the safe mode, I wouldn't know.

    Anyway, I got the BSOD again few min ago. And again ... it's caused by Eoa42.sys

    Here's the Technical Stuff that's stated on the blue screen

    STOP: 0x0000007E (0xC0000005, 0xF7173029, 0xF790EC78, 0xF790E974)
    Eoa42.sys - Address F7173029 base at F715A000, DateStamp 482bdb63

    I can't provide you with what WinDbg says since for some reason there's no minidump ???

    I hope the above is good enough info.
     
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    Yes Stop 0x0000007Es tend to be hardware/driver related, so I would boot to Safe Mode ( F8 at boot ) and see if with windows base drivers your PC is stable.

    Maybe worth running sfc /scannow to check windows file integrity and also running chkdsk /r to test for corruption on HD, especially as these seem random events.

    Also on the tack of random events, what temp is the room your PC is in and what are the PC ( CPU/Motherboard ) temps, can use Everest once run click Computer > Sensor for temps of PC, is the insides of yoru PC clean adn free from dust and fluff, mainly around CPU, as temp issues can cause random BSODs
     
  5. Georgos

    Georgos Private E-2

    Here's what Everest tells me:

    Field Value
    Sensor Properties
    Sensor Type ITE IT8712F (ISA 290h)

    Temperatures
    Motherboard 30 °C (86 °F)
    Aux 34 °C (93 °F)
    IBM IC35L040AVVN07-0 30 °C (86 °F)
    MAXTOR STM3160211AS 37 °C (99 °F)

    Cooling Fans
    CPU 3214 RPM

    Voltage Values
    CPU Core 1.33 V
    +3.3 V 3.34 V
    +12 V 12.61 V
    VBAT Battery 3.17 V
    Debug Info F D2 FF 00
    Debug Info T 34 30 128
    Debug Info V 53 FF D1 FF C5 63 FF (F7)

    ___

    Does this shed any light?

    I don't know what exactly is the temp of the room but it seems cool - not too hot nor too cold.

    Those two commands you told me to run didn't do much.

    And I stayed in Safe Mode for a few hours but nothing happened in those few hours. But surprisingly, when the list of drivers were displayed on the screen before the Safe Mode loaded, Eo42.sys was mentioned in the last line!! So it must be a driver problem, don't you reckon?
     
  6. plodr

    plodr Major Geek Super Extraordinaire

    Eo42.sys or Eoa42.sys?
    If you google either of those tems you come up with no hits except for your posts here. So if it is a driver, you are the only person having a problem which seems most unusual.
    Search and see where this file is located. Post the exact full path. Also right click the file and choose properties and tell us anything it says about this file.
     
  7. Georgos

    Georgos Private E-2

    It's Eoa42.sys.

    I did a search for the file on all my drives many times. Not one result. Which is very strange. Yet I see it on the list of drivers before the Safe Mode loads.

    Is there a program I can use to automatically fix my drivers and update them?
     
  8. plodr

    plodr Major Geek Super Extraordinaire

    Before you try and fix something - let's be sure it isn't malware.
    Why would you be the only person with this driver? It doesn't make sense.
    Perhaps your computer was infected, something was removed and now it is looking to load something "Eoa42.sys" which should not be loaded.
     
  9. Georgos

    Georgos Private E-2

    You know ... funnily enough ... as I was scanning with Super AntiSpyware, I noticed the file Eoa42.sys stated in C:\Windows\System32\Drivers\ but when I go there to see if it's there, I can't find it (even though I have set all files to be shown: hidden and system files are shown).

    The program didn't identify it as malware. But you think this is malware trying to fool me into thinking it's a driver issue?
     
  10. plodr

    plodr Major Geek Super Extraordinaire

    Do You have your computer set to show you all the file extensions and all system files? Most of the time this is turned off by default to protect you. That file might be in your computer, since SuperAntiSpyware saw it but because you have system file viewing off, you wouldn't be able to see .sys files.

    I'd still like to know the properties, size and anything that can be discovered...like when it got on your computer.
     
  11. Georgos

    Georgos Private E-2

    All files, including system files, and file extensions have been set to shown from a long time ago.

    The problem is whoever programmed that malware is very smart. He made it into an invisible file! :confused

    Anyway, I managed to get rid of it. We'll see if there'll be anymore BSODs soon.

    Here's how to get rid of it for those who want to know.

    You need Unlocker and MoveOnBoot.

    Run Unlocker Assistant.

    Now first thing you need to do is select every folder and file shown in the system32/drivers folder and copy/paste them in a new folder on the desktop. Eoa42.sys will not be copied along with the rest of the files since it's invisible.

    Then, with the help of Unlocker, delete the system32/drivers folder. That will put Eoa42.sys in the Recycle Bin.

    Create a new folder called "drivers" in the system32 folder. And put back in it all the files you have from the new folder that you created on the desktop.

    As for the malware in the recycle bin, use MoveOnBoot to delete C:\recycler since, because of the malware, it is otherwise impossible to empty the recycle bin. And on the next reboot, it will become possible to empty the recycle bin. And, thus, no more Eoa42.sys. Hallelulyah!

    Thank you for your support, Halo and plodr.:cool
     
  12. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi Georgos

    Good stuff on removing this, and many thanks for posting your fix info as it will help others, especially if this is a new varient of malware, although malware is sneeky and random names itself these days.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds