Wednesday, 19 May 2010

The Ghost File!

From @macnamara_dan

I have recently dealt with a BSOD (Blue Screen of Death) with one of our clients. It was causing constant reboots with message:

Problem seems to be caused by the following file aopyjy.sys.
Fault found in nonpaged area.

My first step was to research for information about the file and see what it is. To my surprise my search yielded no info about this file(!) I tried Google search, Yahoo, Bing, Ask, Livesearch but found nothing-zero! No info whatsoever. The file was located in C:\Windows\System32\Drivers\aopyjy.sys

My first thought was that could be some kind of malware so I started with antivirus scan which returned with: no threats found.
I then I ran Malware bytes antimalware-updated to latest version, full scan- still no threats found.
I then I ran HiJack this -I looked over the log and there was nothing unusual.
Next step was ADS spy scan plus Trojan remover, and yet again – no threats found!
Next I ran the registry scan for this file and found a key in registry under Search assistant-ACMru-5603 folder key (a typical place for storing malware files). I removed this key, but the BSOD kept appearing.
Then I decided to check what why this file was in this particular directory and see if there was any way to remove it manually.

What I noticed was that, the file was around 800kb and the strangest thing is that the file was being modified every minute. It was as if someone or something was constantly using the file and modifying it in the background. That was scary but this was not the only issue.

I tried to delete or rename it however, surprise surprise, this was not possible. To try and remedy this I went into Safe mode-no luck. The file was being loaded with the operating system and was not possible to delete whilst Windows is running.

So my next step was to log on from another windows installation through Windows Live CD boot disk-I have tried couple of them, such as Hiren Boot CD and Erd Commander but no luck- this time I got another blue screen. So I decided to try to logon through Windows recovery console from Windows installation CD but this was not possible-another blue screen.

In this case I gave up and ran some check disk tests, because I had in mind that there was possible hard drive failure (info which I gleaned from the second blue screen. Obviously, if you suspect that the hard drive is failing, you run command prompt "chkdsk" the integrated tool in Windows designed to check the disk for errors. So if you have bad sectors on your hard drive, then you should strongly consider replacing the hard drive, because it's possible to lose all your data when the hard drive eventually fails.

The command prompt returned bad sectors, which confirmed my concerns for failed hard drive. A failed hard drive is obviously a serious issue which can be costly. So I checked the computer was still under warranty by phoning Dell.

At Macnamara we use Dell as our partner because we feel they offer the best after sales service and support in the business. Following my telephone call they have resolved the problem by replacing the hard drive-which resolved my problem once for all. However, I keep wondering, what this file was and why there is no information about it anywhere on the Web!!!

Has anyone else encountered this problem and how did they solve it? If you have read this post whilst researching for a resolution to the aopyjy.sys file, we hope our experience helped you.

If you have used our solutions, we’d love to hear from you. Just drop us a comment on our blog.

No comments:

Post a Comment