• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 563
  • Last Modified:

spyware error - spoolsvv.sys

Spyware -
When i boot up my computer and login i get a blue screen with the errror
"page fault in nonpaged area"
stop 0x00000050 (ox803f5000,0x000000000,0xF79BD9A3,0x00000000)
"spoolsvv.sys"

I have looked up the eror of spoolsvv.sys and it stated this and this is what i found, i have deleted the file many times using WINPE but after i reboot i keep receiving the same error and blue screen.

any help?

-------------------------------------------------------------
FiveSec.Spam.Agent.vx
Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Trojan
Category Description Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.
Level High
Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type Remove
Release Date Sep 14 2006  
Last updated on Sep 26 2007  
File Traces  
  %SYSTEM%\ spoolsvv.exe
  %SYSTEM%\ spoolsvv.sys
  %WINDOWS%\ temp\ svchost.exe
  autoexec.exe
  clcbt.exe
  s01.exe
  spoolsvv.exe
  spoolsvv123.exe
  spoolsvv321.exe

--------------------------------------------------------------------------------
0
NHChats
Asked:
NHChats
  • 5
  • 4
  • 2
2 Solutions
 
rpggamergirlCommented:
Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back


If problem persists, run Hijackthis and show us the log please.
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.


or run Combofix:
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
0
 
NHChatsAuthor Commented:
What is SDFix.exe?
0
 
rpggamergirlCommented:
SDFix.exe is an anti-malware tool to remove SDBot/IRCBot variants on 2000.XP systems. It removes spoolsvv.exe.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
NHChatsAuthor Commented:
Georges computer
0
 
NHChatsAuthor Commented:
Running SDFIX did not fix it... can you think of anything else?
0
 
rpggamergirlCommented:
Sorry for very late reply.
Can you paste the SDFix.txt here? the log can be helpful because it lists reg entries as well.

Also a hijackthis log will be helpful.
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
0
 
NHChatsAuthor Commented:
problem still presist!!!
0
 
rpggamergirlCommented:
Can you at least show us some logs? like logs from SDFix, Hijackthis for us to go on.

What mainstream scanners have you already run?
Everything we based our diagnosis and suggestions are all based from what info you can give us. we are not infront of the pc, it will help if we see some logs to look at.


Can you give us a log from this tool?
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
* In the 'Files Created Within' group click 30 days
* In the 'Files Modified Within' group select 30 days
* In the 'File String Search' group select Non-Microsoft
* In the 'Drivers Services' group select Non-Microsoft
* In the 'Additional Scans' group select 'Desktop Components'

Now click the "Run Scan" button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked.
If it is, then click on it to uncheck it.

0
 
mperez738Commented:
try
0
 
mperez738Commented:
Try running ComboFix, in safe mode!  then run SmitfraudFix windows and then run SDFix in safe mode.  you could try running fixwareout.exe in windows.

then try running counterspy.exe  and Hijakthis.exe and locate the registry files that are corrupted, back up first then manually remove them.


0
 
NHChatsAuthor Commented:
thnaks for the help guys.  alll worked great!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now