When you try to run one of the following diagnostic programs, the program may immediately close:
- Registry Editor (Regedit.exe)
- Task Manager (Taskmgr.exe)
- System Configuration Utility (Msconfig.exe)
- System Information (Msinfo32.exe)
- The computer automatically restarts.
- After you log on, you receive the following error message:
The system has recovered from a serious error.
A log of this error has been created.
Please tell Microsoft about this problem.
Data sample 1
BCCode : 00000050 BCP1 : ffffff60 BCP2 : 00000000 BCP3 : 804fa26f BCP4 : 00000000 OSVer : 5_1_2600 SP : 0_0 Product : 256_1
Data sample 2
BCCode : 0000000A BCP1 : ffffff94 BCP2 : 00000000 BCP3 : 00000000 BCP4 : 804e15ef OSVer : 5_1_2600 SP : 0_0 Product : 256_1
- You receive one of the following Stop error messages:
Message 1A problem has been detected and Windows has been shut down to prevent damage to your computer...
*** STOP: 0x00000050 (0xffffff60, 0x00000000, 0x804fa26f, 0x00000000) PAGE_FAULT_IN_NONPAGED_AREA address 0x804fa26f in 0x50_nt!ObReferenceObjectSafe+e
Message 2A problem has been detected and Windows has been shut down to prevent damage to your computer...
*** STOP: 0x0000000A (0xffffff94, 0x00000000, 0x00000000, 0x804e15ef) IRQL_NOT_LESS_OR_EQUAL address 0x804fa26f in 0xA_nt!ExpCopyThreadInfo+a
- When you view the System log in Event Viewer, you may see
an entry that is similar to one of the following:
Entry 1Date: date
Error Time: time
Event ID: 1003
Description: Error code 00000050, parameter1 ffffff60, parameter2 00000000, parameter3 804fa26f, parameter4 00000000.
This problem may occur if the computer is infected with a variant of the Sdbot virus.
The Sdbot virus creates a hidden process. This process closes programs that system administrators use for diagnostic and configuration purposes. The process may also prevent these programs from running.
The file name of the Sdbot virus varies. Many variants of this virus put a driver that is named Msdirectx.sys or Haxdrv.sys on the computer. This driver is used to hide the virus process. The file names that the virus frequently uses include Msdrv.exe and Sdkcore.exe. These virus variants can restore the virus if you delete the files.