...
Write
OneWriteup
  • Login
  • Register
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
  • Trending
  • Articles
  • Blog
  • Tutorials
  • News
  • Research
  • Top 10 Lists
  • Case Studies
  • Writeup
  • Interviews
  • Personal Stories
  • Infographics
No Result
View All Result
OneWriteup
No Result
View All Result

How to fix Windows 10 BSOD (Blue Screen of Death) Stuck at Recovery Due to CrowdStrike?

FOUNDER by FOUNDER
July 19, 2024
Reading Time: 3 mins read
14
0
Share on FacebookShare on Twitter

 

Several media companies, tech firms, and educational institutions have reported encountering the Blue Screen of Death (BSOD) on Windows 10 systems. The affected PCs are stuck at the “Recovery” screen, displaying the message: “It looks like Windows didn’t load correctly. If you’d like to restart and try again, choose Restart my PC below.”

Update from Microsoft and CrowdStrike

In a statement to Windows Latest, Microsoft acknowledged the issue, attributing it to a recent update from a third-party software platform. Microsoft assured users that a resolution is forthcoming.

Security company CrowdStrike has confirmed that the massive Windows 10 BSOD outage is due to a new update to its sensors. CrowdStrike, known for its endpoint protection services, identified that the update is causing significant issues.

Identifying the Cause

On various social media platforms, there are widespread reports of BSOD errors linked to multiple versions of CrowdStrike sensors. Windows Latest’s tests revealed that the csagent.sys (or C-00000291*.sys) file is the culprit. Deleting or renaming this file or its containing folder can resolve the boot issue.

Fixing the Blue Screen of Death and “Recovery” Loop

windows BSOD error crowdstrike

Method 1: Use Safe Mode and Delete the Affected File

  1. Boot to Safe Mode:
    • On the Recovery screen, click “See advanced repair options.”
    • Select “Troubleshoot” > “Advanced options” > “Startup Settings” > “Restart.”
    • After restarting, press 4 or F4 to boot into Safe Mode.

    Alternatively, you can shut down the PC, turn it on, and repeatedly press F8 until the Advanced Boot Options menu appears. Select Safe Mode from there.

  2. Open Command Prompt:
    • In Safe Mode, open Command Prompt (Admin) or Windows PowerShell (Admin).
  3. Navigate to the CrowdStrike Directory:
    • Type cd C:\Windows\System32\drivers\CrowdStrike in Command Prompt.
  4. Delete the Affected File:
    • Locate the file matching the pattern C-00000291*.sys by running dir C-00000291*.sys.
    • Delete the identified file using del C-00000291abc.sys (replace abc with the actual file name).

Method 2: Use Safe Mode and Rename the CrowdStrike Folder

  1. Boot to Safe Mode:
    • Follow the same steps as in Method 1 to boot into Safe Mode.
  2. Open Command Prompt:
    • In Safe Mode, open Command Prompt.
  3. Navigate to the Drivers Directory:
    • Type cd \windows\system32\drivers in Command Prompt.
  4. Rename the CrowdStrike Folder:
    • Use the command ren CrowdStrike CrowdStrike_old to rename the folder.
  5. Restart the Computer:
    • This should allow the PC to boot to the desktop.

Method 3: Use Registry Editor to Block CSAgent Service

  1. Boot to Safe Mode:
    • Follow the same steps as in Method 1 to boot into Safe Mode.
  2. Open Registry Editor:
    • Use Win+R to open the Run dialog, type regedit, and press Enter.
  3. Navigate to the CSAgent Key:
    • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent.
  4. Edit the Start Value:
    • Find the Start entry on the right pane, double-click it, and change its value from 1 to 4.
    • Click OK to save the changes.
  5. Restart the Computer:
    • This change disables the CSAgent service, allowing Windows to boot normally.

Understanding the Registry Changes

The path HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent contains configuration settings for the CSAgent service, part of the CrowdStrike agent. The Start value determines when the service starts:

  • 0: Boot start (rarely used).
  • 1: System start (loaded by the I/O subsystem).
  • 2: Automatic start (loaded during system startup).
  • 3: Manual start (requires manual initiation).
  • 4: Disabled (service does not start).

Changing this value to 4 turns off the service, resolving the boot loop issue caused by csagent.sys.

By following these methods, you can resolve the BSOD and “Recovery” loop issues caused by the recent CrowdStrike update on Windows 10 systems.

ADVERTISEMENT
ADVERTISEMENT
FOUNDER

FOUNDER

Cybersecurity aficionado committed to disseminating expertise, crafting articles that empower others to resolve errors and fortify online defenses with ease.

Recently Posted

HOW To BECOME AN ETHICAL HACKER ROADMAP

Free Cybersecurity Roadmap for Ethical Hacking Career in 2025

November 15, 2024
750
How to use bloodhound tool for pentesting

How to use Bloodhound / Sharphound for Pentesting Active Directory?

November 6, 2024
516
Pass The Hash

How to perform Pass The Hash Attack on Active Directory in 2024?

November 2, 2024
154
DC Sync Attack

How to perform DC Sync Attack in Active Directory?

November 2, 2024
134
Load More

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

ADVERTISEMENT

Recommended

How to Create and Connect Users in Active Directory?

How to Create and Connect Users in Active Directory?

October 6, 2024
200
Termux-top-10-most-powerful-tools

Termux Top 10 Most Powerful Tools in 2024

September 24, 2024
1.8k

Popular Story

  • Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    Download the Top 100 Free Cybersecurity Courses, Resources, and Study Materials for 2024

    845 shares
    Share 338 Tweet 211
  • Termux Top 10 Most Powerful Tools in 2024

    321 shares
    Share 128 Tweet 80
  • How To Setup Cybersecurity HomeLab for Red Team and Blue Team?

    163 shares
    Share 65 Tweet 41
  • Top 10 Ethical Hacking and Exam Prep Books: including free PDF links

    89 shares
    Share 36 Tweet 22
  • NoSQL Injection Complete Guide, Types, Examples, Cheat Sheet

    49 shares
    Share 20 Tweet 12
ADVERTISEMENT
OneWriteup

Discover expert cybersecurity articles, tutorials, and the latest trends to protect your digital world.

  • OneWriteup Labs
  • About Us
  • Feedback
  • Contact Us
  • Report
  • Privacy Policy
  • Community Guidelines
  • Terms Of Service

© 2024 OneWriteup

No Result
View All Result
  • Trending
  • Articles
  • News
  • Blog
  • Tutorials
  • Research
  • Top 10 Lists
  • Case Studies
  • Interviews
  • Login
  • Sign Up

© 2024 OneWriteup

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.