I have a computer that will not boot and is displaying the error "File:windowssystem32driverswrkrn.sys" on windows 10 OS. All searches point to an error with WebRoot. How do I fix this issue?

58 replies

Userlevel 7
Badge +35
I believe the build that will resolve this will be coming out next Tuesday (10/18), barring any changes. 
If you're still experiencing the issue after this build update, I recommend you open a ticket so our support team can get the right information escalated up.
Userlevel 7

@WebrootSucks101 wrote:
I can't boot into safe mode, I think this requires me to take the hard drive out and put it into another computer to fix, which I'm not doing. I'm just going to take my computer to Geek Squad. Thanks for the help though.

I'll just leave this here.
How To Boot Into Safe Mode On Windows 8 or 10 (The Easy Way)
Userlevel 7
Badge +45
This is a respectful community where we encourage constructive feedback and offer the unique opportunity to have direct access with our developers. Our developers are working hard on many things and this type of language is not constructive or useful in making those changes. To get your issue resolved, please contact our customer support
No, we can not boot into safe mode. We get the screen that indicates press F8 and then get about 8 options including, boot to safe mode, safe mode with networking, etc..., unfortunately, no matter which option we choose, it reverts back to the previous screen. We are a reseller of your product and this is on a computer of one of our clients. I found this issue last week and they brought the computer into our office. I completely removed WebRoot and reinstalled it hoping it would fix it, but today they are having the same issue.
Userlevel 7
Badge +31
  • Find another computer with webroot installed
  • Copy c:windowssystem32wrkrn.sys from that computer onto a network location
  • Boot the broken computer using your preferred linux OS
  • Connect to the network location with wrkrn.sys
  • Copy file to c:windowssystem32wrkrn.sys
  • Reboot computer
Userlevel 7
Badge +31
There will be a version of WSA that contains a fix for the known causes of this issue out for testing next week.  
I'll post links to it as soon as it has been cleared for release.
Userlevel 7
Badge +31
We addressed all known scenarios that lead to this issue with .   
Hope that helps
Senior Product Manager
WSA Business
i renamed the wkrkrn.sys extension and copy the file from a working computer and the issue got resolved.
Userlevel 7
Badge +56
Ok will do
I find it's almost a for-sure thing if the system is very low on available disk space.  i.e. if the C: drive is under 1gb free or so, it seems 9/10 times when that server reboots, we'll see the issue and have to boot to a recovery prompt and remove the wrkrn.sys file, which will be zero bytes, indicating it was damaged or not properly rewritten during an update.
Your defunct pc that refuses to boot via any of the methods of repair is due to the fact that the wrkrn.sys has been flagged as part of a critical boot file. It will refuse to boot in any of the safemode, debug, etc etc options.
the alternative is to boot from a bootable win10 setup usb/cdrom.
and proceed to click on the "REPAIR" instead of setup. Then you'll be able to select  an advance method to boot in safemode with command prompt using the win10 setup. You can delete the file in question or replace/copy on the command prompt.
So, we know how to fix this. That's great.
But what causes it, and what can be done to prevent it?
Userlevel 7
Badge +31
We're aware of this issue and have been working hard to find the cause.   For background, WSA re-writes it's kernel driver  every so often.  We do this just in case the current driver file has been tampered with or corrupted in some way.  However, there are occasions where Windows is doing something that inteferres with this process.  We've got a solution but this is all kernel driver work and we're taking very cautious approach with our QA.  Once it's ready for release, we'll get it out to you all. 
Senior Product Manager
Userlevel 7
Badge +31
So long as you can access the USB drive  ( I don't have a Windows 10 system to hand ) you shoud be able to 
  • Copy wrkrn.sys from the USB drive to c:windowssystem32wrkrn.sys
  • Reboot computer back into normal startup
Userlevel 7
Badge +31
We have addressed the known scenarios that can lead to this situation in the next WSA release, 9.0.18.xx.  That is due to be released early October with release candidates for testing soon. 
Senior Product Manager
WSA Business
Userlevel 7
Badge +31
Going from memory as I don't have a windows computer to hand at the moment. 
Boot your computer into Windows safe mode. 
Delete the  windowssystem32driverswrkrn.sys
Userlevel 7
Badge +31
HI ,
Can you confirm that your servers were rebooted since the release and that the sympton you are seeing is a zero byte wrkrn.sys file? 
Deeply grateful! Your tip was exactly what I needed. Now working as if nothing ever happened! Tanks a lot!
It;s become my opinion that webroot is totally inept. Fortunately for me, the machine that this happened to (which no longer has webroot installed, <3), had Ubuntu on another disk. It doesn't sound like you're so lucky.
If you have access to ANY other computer, and a thumb drive, jhere's what you do, here's what worked for me but can applied to you since you dont have linux.
1) On another machine, download software called Rufus and download Ubuntu 16.04 LTS. These are both free downloads. Use Rufus to make a bootable Ubuntu USB drive. There are guides for this online, but it's very straightforward. In short, you tell Rufus where the ISO for Ubuntu and press go. Default settings are usually correct.
2) Boot from usb drive. DO NOT INSTALL UBUNTU. There is an Option called 'Try ubuntu without installing'
3). Youre in Ubuntu. Open a terminal by pressing the winkey and find terminal.
4) You need to identify the windows data partition. Type sudo blkid. It should be called Basic data partition, and it should be of TYPE="ntfs""
5) The second most popular answer described here: Tells you how to 'repair' the volume so it can be mounted. Because of Webroot's shitty driver, Windows files are in an unclean state and cant be mounted. The ntfsfix command described here fixees this issue and allows Ubuntu to mount the drive by typing sudo mkdir /media/windows and then 
sudo mount -t ntfs-3g -o rw /dev/*DRIVE FROM 4)* /media/windows.
*since you're running Ubuntu from a usb, the folder you make may not be /media/windows, make a new folder to use to examine your windows drive wherever you want* *the command to make the folder is the 'sudo mkdir /media/windows', instead use sudo mkdir /path/folder*
Navigate to media/windows/ and you will find your windows file structure in read / write mode! Delete webroot's Trojan-ware and you should be good to go.
I sincerely hope this helps, it's inane that a Webroot admin doesnt understand that we cant make it into safe mode reliably or at all. They haven't worked on this problem at all, and I would be shocked if a solution comes in October. 
You really have no idea, do you? We get BSOD the moment Windows starts to load. There is no login screen, there is no opportunity to enter safe mode. There wasn't for me.
If you read what I posted, I was constructively trying to help another user. Please forgive my frustration with your customer service, as this issue is over a year old, and, to be honest, the trouble shooting suggestions that the community has gotten from Webroot reps has not not always been respectful -- my point being is that the respectful thing to do would be to read how sysadmins have described how the problem prevents booting into safemode and not make that the starting point of troubleshooting suggestions.
To the point, I don't feel respected as a customer. It's disrespectful to customers to tell us that you will have a solution patched last october, when clearly that has not occured and now the promise is for a patch this coming October. Perhaps you can understand the frustration that I and others feel, and perhaps you cam empathize with feeling disrespected. The fact is that customers have a choice when installing anti-virus and anti-malware, and the purpose of this software is to prevent computer issues that disrupt your life. When antivirus software is itself the reason I cannot boot -- that software is a Trojan Horse: installed for one purpose, but instead locking me out completely.
Hi Razied, 
Kindly share the cmd used in deleting mailicious program from your system.
I had the same issue yesterday and luckily my laptop is now properly functioning. I just deleted that file. You could do that by using the cmd. It was really frustrating because I couldn't even access the command prompt. But because of my cleverness, I managed to search the drive using system image recovery option. Just click the add driver button then search the directory folder and delete it and then reboot. And viola! You're good to go.
Userlevel 5
Badge +5
Any updates on this...?
We are still experiencing the issue on a few systems here and there...
Easy enough to fix but the end user freaks out...
Userlevel 7
Badge +25
welp I had this happen tonight on both a server 2012 R2 system and a windows 7 laptop. This is not good. Luckally I was able to command prompt and delete the file but still is not good.


    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings