MyNameGifOreilly
741117
2063
30
If you have bitlocker this will not work as you will need a recovery key. Credit to Marty McTech
Jul 20, 2024 2:12 AM
MyNameGifOreilly
741117
2063
30
If you have bitlocker this will not work as you will need a recovery key. Credit to Marty McTech
ViennaCircle
Or just use a Mac.
youreathing
This guy and his tips are SUPER helpful. Sub+ to his Youtube content.
justravenhere10
I was hoping he was suggesting to delete windows 64 for being fake
Derrial
It's a weird sensation coming home from work, browsing Imgur, and seeing a video of someone describing exactly the thing you did 50 fucking times at work that day.
WateryTartan
everyone at Croud Strke should be fired
PineappleLoopsBrOether
Maybe they should be crowdstriked. Kinda sounds like a bad thing.
cruisecontroloffacliff
Idk... i somehow sympathize. Its scary to realise how easy these mistakes are to make for people developing kernel level software
Ginoweinberg
Ngl, was expecting the good ol delete system 32.
NonExistingWisper
The emails from the IT office forbidding us to turn off our computers was quite funny.
FreshwaterViking
"So...if I ACCIDENTALLY turn off my device, I don't have to work today?"
NonExistingWisper
Man, i should've thought of that!
GabbyJayYay
Can we see the wording on that?
NonExistingWisper
Dyou speak any other language?
MidnaDS
Have you tried not turning it off and on again?
NonExistingWisper
Back when I had a desktop computer at work, I had this magnet on it.
FeChefImgur
It probably wouldn't have mattered from what I understand. Mine hung with BSOD by itself in the middle of being used, without me turning it off, then got stuck in a BSOD boot loop. IT dept was able to supply me the bitlocker key about 90 minutes later. I was able to delete the required file and so I only lost about 2hrs to this mess.
TheGammaRae
Our IT put us in a Teams meeting with 800 users on our phones. They asked for our laptop serial numbers and so many people just took pictures of the bottom of their laptop. They didn't even zoom in. Then they bitched about how long it was taking to get the bitlocker keys issued. It was pure chaos.
NonExistingWisper
I got the blue message but my computer did start, lucky me!
DavidRoland
Do yall ALL have auto update on?
NonExistingWisper
No idea, I shall enquire with my IT Office.
FeChefImgur
In most corporate scenarios auto update is often enabled, yes. My work laptop routinely tells me "your organisation has scheduled an update and you must reboot by x/y or device will be restarted for you".
DavidRoland
That's poor oversight. I delay ours a few days until I know the result. I remember xp sp3
michealangleo
totally thought he was gona say to delete system32
discostewsm
Here I was thinking he was going to suggest deleting the System32 folder.
PineappleLoopsBrOether
I was expecting a rickroll.
aoshistark
Further reason to move to Linux and fuck Windows 11.
RickRollEditor
CrowdStrike is on Linux and Mac too, and they have fucked up both SEVERAL times in the past.
Youareincorrectsir
Here is how u get around bitlocker. All you need is local admin password https://x.com/LetheForgot/status/1814203140842868797?t=Q-F-FApK033_gSIvIg6CZA&s=19
KsuviKhor
@OP - Yep, we have full disk encryption via BitLocker on all our C: drives to protect against physical theft - made recovery a bit of a chore for us, but we struggled through.
qshamtech
Left a 25yr career in IT not long ago. Today is one of those days that reminds me why I left.
Also I had no problems with my computer today. Oh wait…it’s a mac :)
JockoV
Yay you're a special boy!
shadowsdustwind
I don't believe you. Mac's in a work environment are horrible.
qshamtech
Wow, calling a stranger a lier just because you have formed an opinion. Near 12 years using a Mac in a windows environment. Loved it! Still run Macs at home. If I need Windows (which is almost never)…my Mac will do that too.
shadowsdustwind
You must not do much but email.
qshamtech
You make a lot of uneducated assumtions
KiLLeRdAcKeL
Does that mean it's an old Mac?
Asking for some friends that where huge fans until the M1 came and bootcamp went.
BurnieCinders
Don't delete the file, rename it from .sys to .bak, which is generally good advice for messing with system files.
RickRollEditor
It's a third party implementation, not a native dependency.
HellsHegemony
KrondorMocker
CitizenPrime
?
mikeatike
Fuck you, Sybase.
aussysadmin
I feel like I’m missing a reference.
mikeatike
mikeatike
The "fuck you" comes from how loust their database was. They were the predecessors of Microsoft Sql Server.
aussysadmin
I guess I just didn’t understand how it related to the golden ratio
aussysadmin
Oh I know that, I’m midway through migrating reporting systems from Sybase ASE to SQL because my organisation takes decades to do anything. Every time I think we’re about to shit it down, we get told it’s being extended because another vitally important reporting system is running on that system that the project team hasn’t taken into account.
mikeatike
I just looked it up and was shocked that: SAP owns Sybase, both ASE and Powerbuilder are getting updates, ASE is getting discontinued next year, and anyone is still using either.
reineseele
You need to have admin privileges. so a common worker has no way of doin that.
VinteaMK
ILikeRespondingWithWillSmithGifs
Gently expecting a Skyrim intro there or a Rick Roll.
JasonFndrbrkr
*laugh in linux*
RickRollEditor
CrowdStrike has fucked up both Linux and Mac in the past as well. Actually, more times than Windows.
Hammerwell
I got news for you. Crowdstrike has Linux software too.
honkhonkhonk
I got news for you too, because the news specifically stated Linux and Mac were unaffected
Hammerwell
Yet. They had a fun moment too in the past. But it's rare for an international company using linux instead of MS on employee PCs.
RickRollEditor
In THIS case. CrowdStrike has fucked up both Linux and Mac in the past as well.
OddSoull
me who never updates my PC or PHONE ever unless i Physically have too... because I hate change to something thats not broken
RickRollEditor
You don't have CrowdStrike anyways.
Hammerwell
That depends on the use of the devices. An unpatched webserver is a bad idea.
johnspeck2
And that’s how you end up with the countless other showstopping viruses and malware, good job.
OddSoull
me after 15 years waiting for a showstopping virus and malware to affect my PC and Phone... i think im good if i dont download dumb stuff
johnspeck2
Laughs in blaster worm.
fedupwithhumanity
Our IT dept deputized us remote workers to be junior sys admins ... gave us the stupid long bit key thing and the ridiculous admin password to delete the driver. Unfortunately it worked and i had to go back to being a normal worker for the afternoon.
WhatAreYouTalkingAboutEh
Dang-it
JKGoose
Me using Linux
RickRollEditor
CrowdStrike is on Linux and Mac too, and they have fucked up both SEVERAL times in the past.
ACAB247
Or if you’re us and only allow admin access to make changes, you have to guide users through the blue screens, ensure they connect an ethernet cable and remote on to delete the file, reboot. What a fuckin mess.
RageMojo
Cant do any of this when your company has a tight admin policy and no one can access shit.
LerryV2
I just deleted everything from from 7/19 in that folder. 1000x faster then searching for a specific file. Then since Im a sysadmin I deleted it crowdstrike off my computer and put dummy files in their place so it wont reinstall.
NewTitaniumCorvid
Yeah... "I deleted CrowdStrike off my computer" sounds exactly like something a sysadmin would do. You should tell your head of IT security what a brilliant idea this is.
LerryV2
Ill tell you what, when you are in charge of keeping a manufacturing plant up and running and your computer goes down because an idiot pushed an update that nuked millions of computer across the planet and u have to explain to the planet manager you cant do anything because of said issue, no one cares. They want hte plant running, I dont want my computers broken.
NewTitaniumCorvid
Deleting CrowdStrike (or any security software for that matter), instead of temporarily disabling it, is a fucking clown move. It leaves systems unprotected. It doesn't fix the problem any faster, and all those systems will need to be rebooted when they put security software back on, taking the plant down again. Short-term knee-jerk noob behaviour.
LerryV2
k
todayok
I mean a good system admin can find a file in seconds and might notice other things needing maintenance in the process. But hack deleting a day's files is cool too.
YouMagnificentBastard
It won't reinstall anyway, the update was removed and a fix pushed (293*.sys) about 2 hours later.
MarcoPoloOnPollo
I just deleted the System32 folder entirely.
PobbitBreakers
its good to start fresh
Makerofthingsmasherofstuff
Your start bar is in the middle you heathen!
sesamestreetfighter
Mine came like that on my surface pro like... 4 years ago. I didn't know you could move it, but I also don't use the programs on the machine so I never bothered looking into it.
layinginbedfeelinglikeaquesarito
Welcome to windows 11
PineappleLoopsBrOether
That's 84 versions of windows less than my favorite one.
WhatAreYouTalkingAboutEh
You just move it, where it belongs
JackoW
You can change it, first thing I did with my new build earlier this year.
Xenarion
Yeah same. Why is Windows trying to be more like Mac now?
khora
Now do that on 5,000 servers…
lljkstonefish
The enterprise probably already has PXE boot as the default first option, then local HDD, and the minimal PXE image just doesn't do anything unless you hit the hotkey on boot. So, temporarily replace the central image with one that automatically boots an environment, deletes the file and then reboots itself.
TsubakiTragic
I didn't think this error hit servers as most servers run on Linux. The BSODs are hitting workstations/terminals.
lljkstonefish
"Most servers run on Linux" is absolutely true... sometimes. Other organisations run Windows shops and can't think of a reason they'd need a Linux box.
TsubakiTragic
I can think of 2 reasons to use Linux... better security and no BSODs. According to W3Techs, Linux holds an 80% market share, while Windows Server accounts for 20%."
lljkstonefish
That's not much of an argument, tbh.
Neither OS is especially insecure when correctly used.
Both are equally capable screeching to a halt when you let Crowdstrike inject broken code into your kernel.
It mostly comes down to your application, as usual. If the program you want runs on Windows, get Windows. If it runs on Linux, get Linux. If it runs on both, get whatever you're already invested in.
camcam1234
Can someone tell me what crowdstrike is and what it does?
HybridReindeer
It’s a self destructing form of a company. Self destruct begin at 5-4-3-2-1. Bankcrupt.
maas2908
The one thing I’m really noticing from this is how many customers they have.
Chemicalbondage
It’s like a more intense anti-virus that hooks deeper into the system and watches the telemetry for activity related to cyber attacks.
stseregh
Messes up computers real good apparently
maas2908
Its some sort of advanced “endpoint threat detection” - I think it’s sort of like an antivirus, but it looks for suspicious behavior then reports back to a server so a human (working in a SOC) can investigate and figure out what to do about it. A competing product can quarantine computers, kill processes like 10 different ways, do remote forensics, etc.
maas2908
Its called Crowdstrike Falcon if you want to look it up.
mystik42
It's supposed to be a endpoint protection system,(anti-malware/virus) and the driver in question is loaded directly into the windows core. "The only way to beat rootkits is to be a rootkit yourself". This part of the software, since it runs *in* the windows core, has to be more careful about errors and faults, because just "crashing out" kills the whole computer, like we saw. Allegedly, they are one of the best, but today's incident clearly revealed some holes in their processes.
lookalive07
Ehh, it showed a hole in one person or one team's process. They weren't meticulous enough in their QA so they released a massive bug into half the internet. Someone's getting fired, but CrowdStrike will be just fine.
wizard07ksu9000
No its worse than that. They did a direct release to clients which bypassed the normal process. There are staging areas where clients and run new updates to see what the effects are on their systems before installing, a necessity when you cant tolerate a large outage (e.g. banks/planes/hospitals). That they forced this update omto clients computers has lots of implications, all terrible.
Dakksys
It stops people from hacking your computer by bricking it.
Mattd4ddy
Underrated comment right here.
ButeoTags
"Endpoint management"
/Corp spyware
jorune1001
If you are a regular user of Windows then it's highly likely you will not have crowdstrike software on your machine. This is specialist software for business.
makeSX
Should have re-started my laptop at work... Dang it.
BobTheWeak
If you're familiar with Denuvo copy protection (for video games), it's basically the same thing, but for business devices. If that still means nothing to you, it's basically a cloud & AI-powered virus scanner.
ProfessorHerpDerp
From what I know about "the cloud" "AI" and "virus scanners" that makes something like this happening inevitable and only surprising in that it probably should've been worse.
PotatOSLament
It’s a firewall company meant to protect from cyberattacks and viruses. Their last update stuck Microsoft computers in a loop, causing them to crash. Unfortunately some 24k companies use Crowdstrike’s service and every compute at all those companies got the update. Among the affected were airlines, hospitals, banks and payroll companies. The IT outage was a disastrous coding error, nothing malicious.
CheeseGreaterGood
It hit state agencies too.
HeresYourSauce
Only computers with the software on them, I've seen a few people saying this affects all windows machines, but that's not the case.
The vast majority of us are on windows machines and have had no problems with our own machines. CrowdStrike doesn't make software built for consumers.
ProjectDA
there was also a problem that microsoft had that was unrelated. maybe they are conflating the two?
LivesInThe90s
I work in retail, half our registers wouldn't work. Just kept restarting.
ArcaneM37
I'm concerned that hospitals were affected. I had urgent blood work, and they got it to work eventually, but then the radiology department came into the lab department and said they couldn't get even one of theirs to work.
LordHosk
Ascension Health Care is the 6th largest healthcare system in the US, it owns dozens of hospitals and hundreds of medical facilities. They were hacked a couple months ago and lost all access to their computer network systems for over a month and still aren't fully recovered.
They switched to paper files, charts, and record keeping, they were running essential services in under an hour and full services in under 24, just at reduced capacity.
AsABiologistWhoIsNotFunAtParties
People will have died because of this, and others will have lost millions due to halted business operations. Curious if the software company will be held liable.
wizard07ksu9000
Hopfully. Possibly. When a company screws over individuals they usually get a slap on the wrist. When a big company screws over other big companies the consequences are much more severe. And they've already started.
The stock has lost like 20% which hurts the CEOs of CS, and Ive seen lots of claims that contracts are being cancelled left and right with CS being uninstalled. So lost revenue. And they violated a bunch of industry standards so lots of people are out for blood.
MyNameGifOreilly
I’m also looking into making a auto run program and putting it on a usb to find file C-00000291*.sys and delete it. So I can help other companies in my area effected by the outage.
incendras
Make a .ps script and roll it out.would because one or two liner.
CarlPearce
Yeah, roll it out to machines that cannot boot.
DavidRoland
Just load into live linux and delete manually, then dump the SAM dB for the keys
gesel
The right way to fix the problem is to make a bootable usb key with a linux installer.
GabbyJayYay
*affected
DocTanner
Imagine running CrowdStrike on your machines, but letting a random person off the street plug in an unknown USB device to fix it. 😆
To be clear: it's awesome that you're trying to help. It's just hilarious that anyone would let you.
OMGamIImguringCorrectly
Just delete the file with gpo and be done?
KsuviKhor
Group Policy has a hard time applying when a PC blue screens .5 seconds after it tries to start up the Windows GUI.
NewSnekWhoHiss
You'll still have to manually type the bitlocker keys, which any business worth it's salt should run in to. Ah, who am I kidding? Most businesses who would need this help probably don't have bitlocker configured, let alone *properly* configured, or hell, even documented.
Z0op
Yeah this is the actual problem, the fix is relativity easy. But most systems running this software are usually managed and such people wont be able to perform these actions themselves. Cant also just make a generic tool that does it.
tiderfish
That bit locket list is prolly an excel file on a server that is in a remote data center with a BSOD🤔
ChikaChickaBowWow
No, it's stored on the computer object in active directory and in Intune so support can give the code to the user. You can also enable users to see their own bitlocker code in Azure so the user can see it on mysignins.microsoft.com.
[deleted]
[deleted]
mcdoolz
And it's bitlockered.
DavidRoland
Sticky note in IT office. Or look for the guy with a penguin blushing. There is one, I guarantee
Zed152
Crowdstrike is just there to tick a corporate checkbox. Your first guess was correct. Most of them will be running bitlocker.
HighFlyKai
There are businesses that document things?
zugz003
A WinPE enviro might work for what you want. Or a Windows setup USB (SHIFT-F10 for command prompt) with a Batch file copied onto it could also work. Both probably wouldn't be fully automated.
Lionheart4G
We ended up building a stripped down PE that automated this and the mbr fix required on some servers. Helped greatly.
vegivamp
Or just use a Linux stick and use a real os to fix your fisher price 😋
terajack2048
If you have a bitlocker Linux won’t help, you’d have to boot winpe or equivalently , run unlocker with codes, then remove file….
vegivamp
Iirc there are bitlocker drivers for Linux. Never bothered to look into it though.
MyNameGifOreilly
Do you think a autorun.inf file with custom code would work? I should I start in PowerShell and work up for there?
zugz003
Honestly haven't dabbled too much w/ either, and been out of IT (as profession) for four years now I wouldn't be a good source for that answer. In my mind the major hurdle will be finding and setting the system drive letter correctly, from a remote environment, in a fully automated fashion.
lljkstonefish
Just include a line in the script that deletes that file from every drive letter. If it doesn't exist, move on.
MyNameGifOreilly
Same Iv been out of the IT game for about adecade. Was trying to find/make a way to load an automated code on to a usb and delete file C-00000291*.sys. This would help people who aren’t tech savvy. I’m running in a lot of path way issues. But thanks for your comment:)
zugz003
At the very least probably gives you a frame work to start with.
TricksForDays
Sounds like a job for rubber ducky. https://shop.hak5.org/products/usb-rubber-ducky
theduckening
Strikeforce is still causing me problems. I deleted system 32 folder but now nothing works... /s (adding that because I've heard enough IT stories that it would be very possible)
NotTinyPancakes
i did that once as a kid soemhow tryign to dleete the sims never did get that pc workign again doubly so after a siblign pulle dit appart and put it togtehr again somehow with extra parts
FestusMA
Did you try rebooting it?
CakeOrGlory
Yep. I deleted everything from c:\ root to make more space for Duke Nukum 2. That's the one BEFORE 3D.
hotrodny
I see autocorrect doesn't work.
NotTinyPancakes
no it sjudst me that doesnt
Kringon
Boot from thst USB, navigate drive and delete the sys file and bobs your uncle. But companies with managed pcs that use bitlocker probably have disabled boot from USB aswell
makeSX
What is a bit locker, I'm not familiar with the term
ChikaChickaBowWow
Encryption of a drive. A feature build in to Windows using the TPM chip. On boot the system checks for hardware changes. If it trips it requires a long hexadecimal string to decrypt the harddrive. It's to prevent theft of data by moving drives to another computer and read the contents. In enterprise IT the key is stored on the computer object in active directory.
makeSX
Does this work solely based on the data stored at a hard drive and not bios based like the store pre built computers do where they prevent you from upgrading your computer?
ChikaChickaBowWow
I'm not sure I understand the question. If you refer to the thing where Windows will ask for a new registration key if you replace the motherboard or some other major component, it's not the same thing. This key is generated when you encrypt the drive with bitlocker and Windows will print it on the screen so you can put it in a safe location.
MyNameGifOreilly
# Define the directory path where you want to search and delete files $directory = "C:\Path\To\Directory" # Specify the pattern of the files you want to delete $filePattern = "C-00000291*.sys" # Get the list of files that match the pattern $filesToDelete = Get-ChildItem -Path $directory -Filter $filePattern # Loop through each file and delete it foreach ($file in $filesToDelete) { Remove-Item $file.FullName -Force Write-Output "Deleted $($file.FullName)" }
johnspeck2
Depending on partitioning structure, you may need to programmatically account for the windows partition sometimes showing up as D in a WinPE environment.
johnspeck2
Could add some if exists, or just be lazy and try to delete on both c and d.
sleete
Or a bat file that does del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"
somethingdark
I'd recommend using "%windir%\System32\drivers\CrowdStrike\C-00000291*.sys" for the five people in the world that don't have Windows installed to C:\Windows
kurastwolf
We had a contracted tech install windows onto the storage drive partition. We're still trying to get someone out to reimage it because it's a little embarrassing to have 14tB for a Windows partition and only 250GB for the storage...
TheOlHaroldHolt
Reminder not to blindly follow random instructions from a stranger on the internet. If you don’t know what you’re doing and what the impact of doing so, then you should leave it to the people paid to do so for your organization. Perform at your own risk.
JockoV
That's still great advice but in this case the steps in the video are 100% correct. Source: I'm in IT and I was walking end users through these steps all day.
Z0op
Maybe 100% but only a handful will be able to do this, like actually able, the fix is easy, bitlocker is your problem. And bitlocker is on there for a reason, average office worker shouldn’t be messing with those files, how correct these instructions may be
gumshoe99
Crowdstrike documentation suggests these actions, but yes, very good advice
ThoroughBurrow
I think their comment also applies to your comment.
ArnoldRimmerWhatAGuy
Ok well maybe people can just search for how to fix it and find the hundreds of articles that all say the same fucking thing, how about that?
ThoroughBurrow
Yep that would be better for sure!
dreikommavierzehn
As another guy in IT: It's more important people learn not to blindly trust some tech tutorial they see on social media. So while correct I give the same advice online as @TheOlHaroldHolt
Theghostaboveeurope
As someone who studies Cyber Sec, this. It doesn't matter if this set of instructions are correct. This is one step away from blindly clicking any links in emails, because this one link in that one email was legit. Your organisation has professionals to deal with these kind of issues. Report the issue to them and let them walk you through the fix.