spyware error  - spoolsvv.sys

Posted on 2007-09-30
Last Modified: 2013-11-22
Spyware -
When i boot up my computer and login i get a blue screen with the errror
"page fault in nonpaged area"
stop 0x00000050 (ox803f5000,0x000000000,0xF79BD9A3,0x00000000)

I have looked up the eror of spoolsvv.sys and it stated this and this is what i found, i have deleted the file many times using WINPE but after i reboot i keep receiving the same error and blue screen.

any help?

Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Trojan
Category Description Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.
Level High
Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type Remove
Release Date Sep 14 2006  
Last updated on Sep 26 2007  
File Traces  
  %SYSTEM%\ spoolsvv.exe
  %SYSTEM%\ spoolsvv.sys
  %WINDOWS%\ temp\ svchost.exe

Question by:NHChats
    LVL 47

    Expert Comment

    Download SDFix and save it to your desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    *  Instead of Windows loading as normal, a menu with options should appear;
    *  Select the first option, to run Windows in Safe Mode, then press "Enter".
    *  Choose your usual account.

    *  Open the extracted folder and double click "RunThis.bat" to start the script.
    *  Type "Y" to begin the script.
    *  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    *  Press any Key and it will restart the PC.
    *  Your system will take longer that normal to restart as the fixtool will be running and removing files.
    *  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
    *  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back

    If problem persists, run Hijackthis and show us the log please.
    Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.

    or run Combofix:
    Download ComboFix to your Desktop, from either of these locations:

    Double click "combofix.exe" and follow the prompts.
    When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Author Comment

    What is SDFix.exe?
    LVL 47

    Expert Comment

    SDFix.exe is an anti-malware tool to remove SDBot/IRCBot variants on 2000.XP systems. It removes spoolsvv.exe.

    Author Comment

    Georges computer

    Author Comment

    Running SDFIX did not fix it... can you think of anything else?
    LVL 47

    Expert Comment

    Sorry for very late reply.
    Can you paste the SDFix.txt here? the log can be helpful because it lists reg entries as well.

    Also a hijackthis log will be helpful.
    Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.

    Author Comment

    problem still presist!!!
    LVL 47

    Accepted Solution

    Can you at least show us some logs? like logs from SDFix, Hijackthis for us to go on.

    What mainstream scanners have you already run?
    Everything we based our diagnosis and suggestions are all based from what info you can give us. we are not infront of the pc, it will help if we see some logs to look at.

    Can you give us a log from this tool?
    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    * In the 'Files Created Within' group click 30 days
    * In the 'Files Modified Within' group select 30 days
    * In the 'File String Search' group select Non-Microsoft
    * In the 'Drivers Services' group select Non-Microsoft
    * In the 'Additional Scans' group select 'Desktop Components'

    Now click the "Run Scan" button on the toolbar.
    When the scan is complete Notepad will open with the report file loaded in it.
    Click the Format menu and make sure that Wordwrap is not checked.
    If it is, then click on it to uncheck it.

    LVL 1

    Expert Comment

    LVL 1

    Assisted Solution

    Try running ComboFix, in safe mode!  then run SmitfraudFix windows and then run SDFix in safe mode.  you could try running fixwareout.exe in windows.

    then try running counterspy.exe  and Hijakthis.exe and locate the registry files that are corrupted, back up first then manually remove them.


    Author Closing Comment

    thnaks for the help guys.  alll worked great!

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now