GLOBAL IT OUTAGE
Recover from the CrowdStrike Blue Screen of Death (BSOD) in just 5 Steps
If you have been affected by the Crowdstrike BSOD bug, Hornetsecurity experts invite you to follow the below steps to recover your system
Step 1: Access Windows Recovery Environment
- Restart your computer.
- Press and hold the Shift key.
- Tap the F8 key repeatedly until you see the Recovery screen.
![Bild1](https://www.hornetsecurity.com/wp-content/uploads/2024/07/Bild1.png)
Step 2: Choose Troubleshoot
- On the Recovery screen, click on Troubleshoot
![Bild2](https://www.hornetsecurity.com/wp-content/uploads/2024/07/Bild2.png)
Step 3: Choose Advanced Options
- In the Troubleshoot menu, click on Advanced options.
![Bild3](https://www.hornetsecurity.com/wp-content/uploads/2024/07/Bild3.png)
Step 4: Choose Command Prompt
- In the Advanced options menu, click on Command Prompt.
![Bild4](https://www.hornetsecurity.com/wp-content/uploads/2024/07/Bild4.png)
Step 5: Enter the Command
- In the Command Prompt window, type one of the following command and press Enter
del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sysTo disable:
@echo off setlocal REM Define the driver file pattern set "driver_pattern=C-00000291*.sys" REM Define the target directory set "target_dir=C:\Windows\System32\drivers\CrowdStrike" REM Change to the target directory cd /d "%target_dir%" || ( echo Failed to change directory to %target_dir% goto :error ) REM Find the driver file for %%f in (%driver_pattern%) do ( set "driver_file=%%f" goto :found ) echo No driver file matching %driver_pattern% found. goto :error :found REM Extract the base name of the driver file (assuming the driver name without extension matches the service name) set "driver_name=%driver_file:~0,-4%" REM Disable the driver sc config %driver_name% start= disabled || ( echo Failed to disable the driver %driver_name% goto :error ) echo Successfully disabled the driver %driver_name% REM Reboot the system shutdown /r /t 0 goto :eof :error echo An error occurred. Exiting without reboot. endlocal pause
Please note: If your device uses BitLocker encryption, you might be asked for your BitLocker recovery key after selecting Safe Mode
You will need to retrieve your recovery Key and enter it here.
- If BitLocker is managed via Intune, this can be found at https://myaccount.microsoft.com, under “devices”. Make sure to match the Hostname of the device and the Key ID
- Otherwise, ask your local IT administrator for your BitLocker Recovery Key
If you do not have it available, the most common methods of recovery are explained here ->
https://support.microsoft.com/en-gb/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6