JSI Tip 9255. A diagnostic program may immediately close and you may receive a STOP 0x00000050 or STOP 0x0000000A error message in Windows Server 2003, Windows 2000, or Windows XP?

Microsoft Knowledge Base Article 897079 (at the bottom of this tip) describes a problem that may occur if a computer is infected with a variant of the Sdbot virus.

The article has two (2) problems:

1. It directs you delete an 'entry' from a Services key, but it should have you delete the entire key.

2. The fix process is very labor intensive.

I have scripted KB897079_Sdbot.bat to automate the fix process, one you have booted to Safe Mode.

KB897079_Sdbot.bat contains:

@echo offsetlocal ENABLEDELAYEDEXPANSIONset key="HKCUSoftwareMicrosoftWindowsCurrentVersionRun"call :find1set key="HKCUSoftwareMicrosoftWindowsCurrentVersionRunServices"call :find1set key="HKLMSoftwareMicrosoftWindowsCurrentVersionRun"call :find1set key="HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices"call :find1set key="HKLMSYSTEMControlSet001Services"call :find2set key="HKLMSYSTEMControlSet002Services"call :find2set key="HKLMSYSTEMCurrentControlSetServices"call :find2for /f "Tokens=*" %%a in ('dir /b /a /s /a-d %SystemDrive%^|findstr /I /L "haxdrv.sys msdirectx.sys msdrv.exe sdkcore.exe"') do ( @echo DELETING "%%a" attrib -R -S -H "%%a" del /q "%%a")endlocalgoto :EOF:find1for /f "Tokens=*" %%a in ('reg query %key%^|FINDSTR /I /L "Msdrv.exe sdkcore.exe"') Do ( set VN=%%a call :del1)goto :EOF:del1set /a cnt=0:delloopset /a cnt=%cnt% + 1call set wrk1=%%VN:~0,%cnt%%%set wrk2=%wrk1:REG_=%if "%wrk1%" EQU "%wrk2%" goto delloopset /a cnt=%cnt% - 5:delloop1call set wrk2=%%wrk1:~%cnt%^,1%%if "%wrk2%" EQU " " goto delloop1call set wrk2=%%wrk1:~0,%cnt%%%@echo REG DELETE %key% /V "%wrk2%" /F because %VN%REG DELETE %key% /V "%wrk2%" /Fgoto :EOF:find2for /f "Tokens=*" %%a in ('reg query %key%^|FIND /I "HKEY_LOCAL_MACHINESYSTEMC"') do ( for /f "Tokens=*" %%b in ('reg query "%%a"^|FINDSTR /I /L "msdirectx Haxdrv"') Do (  set key2="%%a"  set VN=%%b  call :del2 ))goto :EOF:del2@echo Delete key: %key2% because %VN%REG DELETE %key2% /F