HOWTO - Fix the CrowdStrike "Blue Screen of Death" reboot cycle

HOW-TO fix the Reboot issue caused by CrowdStrike update

Sounds easy... but Windows doesn't make it easy. 

  • Boot the computer 3 times, each time letting it fully boot, bluescreen, and reboot.  The easiest way is to turn the computer on, and walk away for a bit. 
  • After the 3rd reboot, you'll get the WinRE (Windows Recovery Environment) screen.  
  • Click on the See Advanced repair options

WinRE initial screen

  • On the "Choose an Option" screen, click on the Troubleshoot icon.

    WinRE Step 2


  • On the "Troubleshoot" screen, click on Advanced Options

    WinRE Part 3


  • On the "Advanced options" page, click on Startup Settings

    WinRE Step 4


  • At this point, you will either see the "Startup Settings" page, or you will be prompted for a BitLocker key. 

If your machine has BitLocker enabled (this encrypts your hard drive): 

  • You'll be prompted for the BitLocker key. 
    • And no, unfortunately, we can't give these out - having a decryption key floating around sort of defeats the purpose of encrypting the drive in the first place.  
    • If this happens, you'll have to wait for SCS IT staff to come to your office.
    • If you haven't seen someone by the end of the day on Monday, July 22, email scs-computing@illinois.edu and let us know where your office is. 

If your machine does NOT have BitLocker enabled

  • You'll get the screen below.
  • Click on Startup Settings page, click on the Restart button.

    WinRE Step 5


  • Windows will reboot, briefly, then you'll get the "Startup Settings" page. 
  • Press the "4" key on the keyboard to launch Safe Mode. 

    Startup Settings image


  • Log into the computer with an account that is in the local machine's "Administrators" group

Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

  • Press the Windows Key + E - this will bring up a Windows Explorer window

  • In the navigation box, type   C:\Windows\System32\drivers\CrowdStrike    as show in circle, below: 

    Explorer window

Locate the file matching “C-00000291*.sys” and delete it

  • In the "Search" box (see arrow, above), type C-00000291 and press <Enter>

  • Click on the file that comes up, then press<Shift> while pressing <Delete>.  This will permanently delete the file. 

Reboot the host

  • In Safe Mode, the regular "Start Menu" doesn't work.  So the easiest way to reboot is to press the power button, and hold it for ~10 seconds until the computer powers off. 

  • Press the power button again, and the computer should power up and boot into Windows. 


KeywordsBSOD reboot WinRE stuck safe mode   Doc ID138571
OwnerJay G.GroupSchool of Chemical Sciences
UIUC
Created2024-07-19 14:26:11Updated2024-07-20 18:57:53
SitesUniversity of Illinois School of Chemical Sciences
CleanURLhttps://answers.uillinois.edu/crowdstrike-fix
Feedback  2   0