Question BSOD - (i forced shutdown after installation...) ATTEMPTED-WRITE-TO-READONLY-MEMORY Write failed: diskpt.sys

Toggle sidebar Toggle sidebar
S

sanman98

Commendable
May 25, 2022
78
1
1,535
trying to get ShadowDefender installed and used some alternative install for drivers compatibility or something on Windows11
someone on WildersSecurity forum had some upload

Explorer.exe was closed and i didn't get a Shutdown menu available so i pressed the shutdown button on the computer but may have been set to Standy to press. So I held the button which was a mistake and now after the installation I've got BSOD
it attempted automatic repair
and i did SFC /scannow

it appears i have 1 restore point from earlier today, but it failed to restore apparently due to lack of Storage space
https://imgur.com/vdqTE7R

ATTEMPTED-WRITE-TO-READONLY-MEMORY
Write failed: diskpt.sys


I could try to boot a system backup. I might need to make a rescue USB unless there's any Command Prompt options to try first.
then maybe prevent this sequence of events or better prepared, such as finding a proper shutoff and have a rescue media. also probably make sure i have system Restore Points and available storage.
 
All that is needed is:

1) Windows Defender/Security which is included with Windows.

2) A backup application such as Macrium Reflect which would need to be purchased. (There is a 30 day free trial version available.)

3) Some planning to work out what you need to backup, how often, and where to save the backups.
(Images, clones, folders, files, etc..)

4) Configuring the OS and application software to do 1,2, and 3.

If there are specific concerns that need to be addressed then post accordingly.
 
sanman98 said:
ATTEMPTED-WRITE-TO-READONLY-MEMORY
Write failed: diskpt.sys
Click to expand...
that is Shadow Defender.

Shadow Defender is used to create a virtual environment so that if you want to install something to play with it and then return to the status you had before the install, you run Shadow Mode in Shadow Defender, and then on reboot it reverts back to how it was before you turned mode on ... i use it sometimes on a Virtual Machine but never installed it on a live install. Not exactly a security program.

it seems it can have problems with core isolation on
www.wilderssecurity.com

Shadow Defender on Windows 11

Good evening, on my old home PC with Windows 7 pro, I've always used the fantastic Shadow Defender for internet browsing and also for testing new...
www.wilderssecurity.com www.wilderssecurity.com

You can delete the driver from windowre

You can uninstall a driver from the Windows RE (Recovery Environment) command prompt by using the following steps:

Boot your computer into Windows RE by pressing the appropriate key during startup (usually F8 or F11).

Once in Windows RE, click on "Troubleshoot" and then "Command Prompt."

In the command prompt, type the following command and press Enter: "pnputil -e" This command will list all of the drivers currently installed on your system.

Find the driver that you want to uninstall in the list and make note of its .inf file name.

Type the following command and press Enter: "pnputil -f -d oemXX.inf" (replace "XX" with the number of the inf file that you want to uninstall)

Restart your computer to complete the uninstallation process.

You can also use the system restore option in the recovery environment to revert back to a restore point dated before the installation of the said driver.
Click to expand...

https://answers.microsoft.com/en-us...-command/acc5a62d-48d9-4fa1-a098-c494db8c9f6f


The F8 part won't work unless you do this first:

Here is another way to try to get to Safe Mode.

Boot to the Command Prompt of your boot disk . Enter these BOLD commands and press ENTER after each.

(Note the colon after C with no space; then the spaces which are important - one after T before / & T before { & } before B & Y before L)

C:

BCDEDIT /SET {DEFAULT} BOOTMENUPOLICY LEGACY

EXIT

You are back to the boot screen -> Shutdown the computer.

Boot back up and "immediately" start tapping F8 (That means power button - then F8).

Hopefully that should get you into Safe Mode.

--------------------------------------------------------------------------------------

To reverse that you can use the same steps and type these (again note spaces)

C:

BCDEDIT /SET {DEFAULT} BOOTMENUPOLICY STANDARD

Restart but F8 will not work now.



hope that helps :)

if it doesn't, another answer might be:
What I did was boot from a Windows 10 CD and run the bcdedit command to put the boot in safe mode, then I installed the shadow and then uninstalled it. Thank you very much for the prompt response. Greetings.

that uses the F8 comnmand above. Could be only way to remove it... complete install and then remove.
malwaretips.com

Solved - Completely uninstall Shadow Defender.

Hello, yesterday I uninstalled shadow defend by force with revo. Turns out there's still the shadowdaemon left in my system and I can't remove it. I can't reinstall shadow defender either because it tells me I'm in shadow mode. There's also an orphan icon on my desktop that never fades away...
malwaretips.com malwaretips.com
 
Last edited:
Colif said:
that is Shadow Defender.

Shadow Defender is used to create a virtual environment so that if you want to install something to play with it and then return to the status you had before the install, you run Shadow Mode in Shadow Defender, and then on reboot it reverts back to how it was before you turned mode on ... i use it sometimes on a Virtual Machine but never installed it on a live install. Not exactly a security program.

it seems it can have problems with core isolation on
www.wilderssecurity.com

Shadow Defender on Windows 11

Good evening, on my old home PC with Windows 7 pro, I've always used the fantastic Shadow Defender for internet browsing and also for testing new...
www.wilderssecurity.com www.wilderssecurity.com

You can delete the driver from windowre



https://answers.microsoft.com/en-us...-command/acc5a62d-48d9-4fa1-a098-c494db8c9f6f


The F8 part won't work unless you do this first:

Here is another way to try to get to Safe Mode.

Boot to the Command Prompt of your boot disk . Enter these BOLD commands and press ENTER after each.

(Note the colon after C with no space; then the spaces which are important - one after T before / & T before { & } before B & Y before L)

C:

BCDEDIT /SET {DEFAULT} BOOTMENUPOLICY LEGACY

EXIT

You are back to the boot screen -> Shutdown the computer.

Boot back up and "immediately" start tapping F8 (That means power button - then F8).

Hopefully that should get you into Safe Mode.

--------------------------------------------------------------------------------------

To reverse that you can use the same steps and type these (again note spaces)

C:

BCDEDIT /SET {DEFAULT} BOOTMENUPOLICY STANDARD

Restart but F8 will not work now.



hope that helps :)

if it doesn't, another answer might be:
What I did was boot from a Windows 10 CD and run the bcdedit command to put the boot in safe mode, then I installed the shadow and then uninstalled it. Thank you very much for the prompt response. Greetings.

that uses the F8 comnmand above. Could be only way to remove it... complete install and then remove.
Click to expand...
Yeah that's where i got the installer from Google Drive
but no luck finding the Driver listed in CMD


still trying to find a spare memory card to boot a restore disk
the 1TB USB drive i have didn't work for the boot disk
 
Ralston18 said:
All that is needed is:

1) Windows Defender/Security which is included with Windows.

2) A backup application such as Macrium Reflect which would need to be purchased. (There is a 30 day free trial version available.)

3) Some planning to work out what you need to backup, how often, and where to save the backups.
(Images, clones, folders, files, etc..)

4) Configuring the OS and application software to do 1,2, and 3.

If there are specific concerns that need to be addressed then post accordingly.
Click to expand...
Maybe get a Server/Workstation license if there's non-subscription of Macrium
Yep i can work on some backups or through network drive (it's a USB drive attached to a miniPC)

then sort using Beyond Compare or managing with SyncBack and such.
just keep some OS partitions backed up separately maybe
and i need a spare USB drive for recovery disk. maybe an extra backup drive or portable also.
 
1tb is a bit big

as per last thing I added:
Colif said:
if it doesn't, another answer might be:
What I did was boot from a Windows 10 CD and run the bcdedit command to put the boot in safe mode, then I installed the shadow and then uninstalled it. Thank you very much for the prompt response. Greetings.
Click to expand...
malwaretips.com

Solved - Completely uninstall Shadow Defender.

Hello, yesterday I uninstalled shadow defend by force with revo. Turns out there's still the shadowdaemon left in my system and I can't remove it. I can't reinstall shadow defender either because it tells me I'm in shadow mode. There's also an orphan icon on my desktop that never fades away...
malwaretips.com malwaretips.com

sanman98 said:
but no luck finding the Driver listed in CMD
Click to expand...
that seems strange since its causing a BSOD... its there somewhere.
 
Colif said:
1tb is a bit big

as per last thing I added:

malwaretips.com

Solved - Completely uninstall Shadow Defender.

Hello, yesterday I uninstalled shadow defend by force with revo. Turns out there's still the shadowdaemon left in my system and I can't remove it. I can't reinstall shadow defender either because it tells me I'm in shadow mode. There's also an orphan icon on my desktop that never fades away...
malwaretips.com malwaretips.com


that seems strange since its causing a BSOD... its there somewhere.
Click to expand...
i can check again
but i've got the recovery disk booted now, but keyboard and mouse won't work
even external doesn't seem to. wireless mouse won't, but keyboard i can switch to corded USB
and even tried checking BIOS for any USB legacy settings....don't see any

ohhh...safe mode? well i can try that duhh
ok..logging in. BCDEdit worked
i did Safe mode w/ CMD, but it only loaded a fullscreen command prompt and if i close it was black screen
now it only reboots into the same login screen without giving options for Regular safe mode again
i can only get the login screen and now the keyboard won't even work

gonna keep rebooting till i get something
edit: I got Task Manager and to open Explorer.exe... hopefully i get out of this puzzle
 
got Windows booted
but keyboard and trackpad still won't work

forgot to mention this is Lenovo 82bh 14itl5 7i laptop
gonna try Macrium restore inside Safe mode maybe

edit: had to do BCDEdit again, but got Safe Mode booted and Macrium restored
still wondering if this was only due to improperly shutting down after Shadow Defender installed
maybe not try again
 
Last edited:
sanman98 said:
I could try to boot a system backup.
Click to expand...
have you tried this?
It appears your best bet is to load a backup from before you installed SC. Its a shame system restore had no previous records.

strange how description of all these are downgrades
https://pcsupport.lenovo.com/us/en/...-7-14itl5/82bh/downloads/order-recovery-media

you probably wouldn't need those anyway as its just as fast to install from win 11 installer and get drivers via their auto update on website.

anything on laptop you need to save?

Boot from an installer or just get to CMD
  • on screen after languages, choose repair this pc, not install.
  • choose troubleshoot
  • choose advanced
  • choose command prompt
  • type notepad and press enter
  • in notepad, select file>open
  • Use file explorer to copy any files you need to save to USB or another drive apart from C.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom