Home > General > Spooldr.sys


Thanks in advance Mar 26, 2012 #1 evilcaterpillar TS Rookie Topic Starter Posts: 57 Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2012.03.26.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer Advertisement Prestonzee Thread Starter Joined: Oct 20, 2007 Messages: 40 I believe my computer is infected with the spooldr.sys virus. In addition, I ran a antivirus check (Webroot) and a Malwarebytes sweep. The spooldr.sys infects computers running on MS Windows by making use of the Trojan.Packed.13 malware application.

Open Notepad and copy/paste the text in the below quote box into it: KILLALL:: File:: C:\ads_err.adi C:\ads_err.adm C:\ads_err.adt C:\autoruns.exe C:\WINDOWS\epfwis.ini C:\WINDOWS\idwbinstall.err C:\WINDOWS\idwsendm.ini C:\WINDOWS\idwbin~1.err C:\WINDOWS\readwin.ini C:\WINDOWS\epfwhcnf.cnf C:\WINDOWS\Downloaded Program Files\atcliun.exe C:\WINDOWS\Downloaded Program Files\atgpcdec.dll No, create an account now. Staff Online Now etaf Moderator Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links Search Forums Recent cd Spyware-folder) To delete a file in folder, type in del To delete the entire folder, type in mdir /S Follow Us! http://www.bleepingcomputer.com/startups/spooldr.sys-19591.html

Join thousands of tech enthusiasts and participate. The executable actually runs the program. RecycleBin -> emptied. I followed the preliminary instructions...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop. March 14 2016 Released RegRun Security Suite Full version is available for download. Use RegRun Warrior for rootkit removal Rootkit detection and removal takes 10 minutes with one computer reboot! Browser Services Yahoo!

Examiner reveals hidden rootkits and infected system drivers! This product might be malware. File delete failed. http://www.exterminate-it.com/malpedia/file/spooldr.sys Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe At this point, you MUST EXIT ALL BROWSERS NOW

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Group: Gold beta testers Posts: 56947 Joined: 28.01.2006 From: Timisoara, Romania helloare you sure it said " spooldr.sys".if so, it's likely a virus, post an avz log please, use the standalone Name spooldr Filename spooldr.sys Command C:\Windows\System32\spooldr.sys Description Added by the Trojan.Peacomm.C rootkit. Oh man, it got rid of all the malware gamevance.

The following error occurred: The operation was canceled by the user. . http://www.techspot.com/community/topics/windows-reports-error-with-spooldr-sys-probable-malware.179173/ Step 3: Default Security Settings To Default Security Settings: For Internet Explorer 6 users: Click Start > Run > type inetcpl.cpl and press ENTER, when Internet Properties comes up navigate to Search Startups Startup Database Navigation Startups Home Newest Entries Rootkit List Startup Database Forum How to use the Startup Database Submit a Startup RSS Feed Newsletter Sign Up

Follow If my computer has this virus, anyone know of a cure?

Never run more than one scan at a time. BSOD from spooldr.sys and/or bad device/driver Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Diannemstevens, Nov 13, 2008. Windows told me this after a crash. Update is free for registered users Released RegRun Reanimator - free software for detecting and removing rootkits & malware.

Your cache administrator is webmaster. Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the Pre-Run: 11,573,751,808 bytes free Post-Run: 11,556,081,664 bytes free . - - End Of File - - E0589CD192A900D06D2603C1A5EE43F7 Mar 26, 2012 #7 Broni Malware Annihilator Posts: 53,079 +348 I don't That may cause it to stall.

Contents of the 'Scheduled Tasks' folder . 2012-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34] . 2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 22:46] . 2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 Noskrnl.config is located in the Windows folder. If Combofix asks you to update the program, always do so.

Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7. Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dllTB: Yahoo! When finished, it will produce a report for you. scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,ee,95,f2,d4,80,46,4a,86,aa,f6,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,ee,95,f2,d4,80,46,4a,86,aa,f6,\ . --------------------- DLLs Loaded Under Running

Notes: The deletion of spooldr.sys will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). Site Message (Message will auto close in 2 seconds) Welcome Guest ( Log In | Register ) Kaspersky Lab Forum>English User Forum>Virus-related issues spooldr.sys/blue screen Options coroos View Member Profile is there a way to see if its ok now? Restart your computer.

Edge Reset Button Edge Reset Button is a free tool for resetting Microsoft Edge Browser. The QVOD player installer may be a Trojan... C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Instructions on how to do this can be found here.

IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2