GLOBAL IT OUTAGE

Recover from the CrowdStrike Blue Screen of Death (BSOD) in just 5 Steps

If you have been affected by the Crowdstrike BSOD bug, Hornetsecurity experts invite you to follow the below steps to recover your system

Step 1: Access Windows Recovery Environment

  1. Restart your computer.
  2. Press and hold the Shift key.
  3. Tap the F8 key repeatedly until you see the Recovery screen.

Step 2: Choose Troubleshoot

  1. On the Recovery screen, click on Troubleshoot

Step 3: Choose Advanced Options

  1. In the Troubleshoot menu, click on Advanced options.

Step 4: Choose Command Prompt

  1. In the Advanced options menu, click on Command Prompt.

Step 5: Enter the Command

  1. In the Command Prompt window, type one of the following command and press Enter
  To delete: 
del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
  To disable: 
@echo off
setlocal
REM Define the driver file pattern
set "driver_pattern=C-00000291*.sys"
REM Define the target directory
set "target_dir=C:\Windows\System32\drivers\CrowdStrike"
REM Change to the target directory
cd /d "%target_dir%" || (
    echo Failed to change directory to %target_dir%
    goto :error
)
REM Find the driver file
for %%f in (%driver_pattern%) do (
    set "driver_file=%%f"
    goto :found
)
echo No driver file matching %driver_pattern% found.
goto :error
:found
REM Extract the base name of the driver file (assuming the driver name without extension matches the service name)
set "driver_name=%driver_file:~0,-4%"
REM Disable the driver
sc config %driver_name% start= disabled || (
    echo Failed to disable the driver %driver_name%
    goto :error
)
echo Successfully disabled the driver %driver_name%
REM Reboot the system
shutdown /r /t 0
goto :eof
:error
echo An error occurred. Exiting without reboot.
endlocal
pause
  



			

			

				
				
				
				
			

				

				
				
				
				
				

			

				
				
				
				
			

				

				
				
				
				
				

				
				
				
				
				
Please note: If your device uses BitLocker encryption, you might be asked for your BitLocker recovery key after selecting Safe Mode


You will need to retrieve your recovery Key and enter it here.


    

  • If BitLocker is managed via Intune, this can be found at https://myaccount.microsoft.com, under “devices”. Make sure to match the Hostname of the device and the Key ID
    • 

  • Otherwise, ask your local IT administrator for your BitLocker Recovery Key
    • 



 


If you do not have it available, the most common methods of recovery are explained here ->
https://support.microsoft.com/en-gb/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6