Recovery steps for Windows:
Boot system in Safe Mode or Windows Recovery Environment
Got to: C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it or rename it “C-00000291*.bak”
Boot host machine
Steps for Virtual Server (You can also use the procedure above or as below:
Detach the OS disk volume from the affected server.
For your security make a backup/copy of this disk.
Attach/mount this disk to a working server.
Got to: C:\Windows\System32\drivers\CrowdStrike directory.
Locate the file matching “C-00000291*.sys”, and delete it or rename it “C-00000291*.bak”
Detach volume from working server.
Reattach fixed disk volume to affected virtual server.
If BitLocker is enabled:
In the first option above, the disk can be removed and attached to another computer.
For servers, the 2nd option can be used.
*** In both cases, you must definitely have a backup of the bitlocker recovery key***