Crowd strike Command Mode Solution without Safe Mode
Sreejish Nair
Delivery Director, NTT Data Services ( Banking Projects , Prince2,ITIL , AWS ,VMware ,Automation, Scripting , People Management, Client Escalation Handling, New Deals, Cost Model reviews ,SOW reviews, Risk Management )
Command-line method
1.?????? In vSphere, right-click the VM, choose guest OS, install VMtools. ?That'll mount vmTools iso in D: drive.?
2.??On the blue screen, hit TAB and then use the down-arrow to select US keyboard.? Next window, tab again and select troubleshooting, and then command prompt at the next window?
3.???? In the command prompt, ?run: drvload "D:\Program Files\VMware\VMware Tools\Drivers\pvscsi\win8\amd64\pvscsi.inf" .? An easier way is to just type out “drvload D:\prog”, then use TAB and Back-slash key repeatedly to fill out the rest of the command.? Change win10 to win8, and .cat to .inf.?
4.???? That'll load the pvscsi driver into recovery console, you'll then see your disks. ?you run command:?
5.???? C: \>(Or it might loaded as E: or F: drive).?
6.???? Del C:\windows\system32\drivers\crowdstrike\c-00000291*.sys?
7.???? If no error message appears, type exit to quit the command prompt.? Select “continue” button to restart the server.?
8.????? (rare) In case C: drive is not mounted correctly, run command “Diskpart” to start disk partition manager, and then “ list volume” to find out where the old C: drive has mounted to.? OS drive should have label starting with “windows 20xx”.? Sometimes OS drive is mounted on letter other than C:?
9.????? (rare) If the system disk did not receive any drive letter.? Run Disk part, then “list volume” to find the volume of the OS drive content.? Run “Select volume #” to select the correct volume, then run command “assign letter=(letter you want)” to assign the letter to the OS volume.