BSOD spooldr.sys file

PooLips · Aug 26, 2007

Hi all,
My wife was using the laptop and whilst on the internet the computer restarted then kept restarting.
The BSOD message says its caused by the file spooldr.sys
PAGE_FAULT_IN_NONPAGED_AREA
I can't seem to start in safe mode.
Thanks
Andre

abri · Aug 26, 2007

Hi PooLips !!

You may have a trojan. Please read through the box below and then click on the link to READ & RUN ME FIRST and follow the instructions. If you have any questions, please ask. We'll look at your logs when you get done!
abri

Welcome to Major Geeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

CounterSpy

AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy

Bitdefender - from step 6

Panda Scan - from step 6

runkeys.txt - the log from GetRunKey.bat

newfiles.txt - the log from ShowNew.bat

HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
Click to expand...

PooLips · Aug 26, 2007

Thanks for the reply Abri. Unfortunately i cannot get windows to boot normally or in safemode. I am not very computer savvy so don't know what to do now.
Thanks

TimW · Aug 26, 2007

This may not be a symptom of malware .....do you have an installation disc?
Have you tried a repair install?
Wordy xp repair install:
http://www.informationweek.com/windows/showArticle.jhtml?articleID=189400897

PooLips · Aug 26, 2007

Thanks TimW. I ended up doing a repair install which fixed the problem then AVG found the trojan and healed it. Everything seems to be working well now.
Do you think I should proceed with the Read and Run process anyway or just see how it goes?
Thanks

abri · Aug 27, 2007

Hi PooLips!!

There's a rootkit virus with the name you mentioned: spooldr.sys
What you did may have fixed your problem or not, depending on what caused it, but it would be a good idea to run the following scan.

Please download F-Secure's BlacklightBeta

Download fsbl.exe and save it to the Desktop.

Once saved... double click fsbl.exe to install the program.

Click accept agreement and Click scan

This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.

If it displays any items...don't do anything with them yet. Just hit exit (close)

It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.
Click to expand...

abri

PooLips · Sep 3, 2007

Thanks heaps Abri for your help.
The Blacklight scan did not turn up anything.
A few times AVG has healed somethings to do with spooldr.sys. I wonder where that nasty thing came from.

Andre

abri · Sep 3, 2007

PooLips said: ↑

Thanks heaps Abri for your help.
The Blacklight scan did not turn up anything.
A few times AVG has healed somethings to do with spooldr.sys. I wonder where that nasty thing came from.

Andre
Click to expand...

Hi Andre,
Are you able to get into the computer since you did the repair install? We have a removal tool for the spooldr.sys problem, but it would be nice to identify it first. Has AVG continued to find it and heal it since then? When you did the repair installation, did your computer set a new restore point? Could you check? Go to Start/All Programs/Accessories/System Tools/System Restore. Click on Restore My Computer to an Earlier Time, then click on next. You'll see a calendar. See if any dates are darkened in. Then hit cancel.
If AVG is still finding this, I will give you instructions for a removal tool.
abri

PooLips · Sep 3, 2007

Hi Abri,
I am able to use the computer since the repair. Since then AVG has managed to locate several trojans once each time then heal them. I don't think they keep reappearing. (I probably should have paid closer attention and written them down). I've done a full scan with AVG and nothing turns up now.
The computer set a new restore point after the repair install.
Thanks
Andre

abri · Sep 3, 2007

PooLips said: ↑

Hi Abri,
I am able to use the computer since the repair. Since then AVG has managed to locate several trojans once each time then heal them. I don't think they keep reappearing. (I probably should have paid closer attention and written them down). I've done a full scan with AVG and nothing turns up now.
The computer set a new restore point after the repair install.
Thanks
Andre
Click to expand...

PooLips,
since AVG is still finding trojans, it would be a very good idea if you would go through the READ & RUN ME FIRST instructions. They take some time but are not difficult. I'll post you the link below. We can tell you a lot more about what's going on with that computer if we can take a look at your logs. I think with the possibility that you have a rootkit, it would be time well spent.
Here's the link:

READ & RUN ME FIRST

abri

Log in or Sign up

BSOD spooldr.sys file

PooLips Private E-2

abri MajorGeek

PooLips Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

PooLips Private E-2

abri MajorGeek

PooLips Private E-2

abri MajorGeek

PooLips Private E-2

abri MajorGeek