Guest Thufir Posted August 21, 2007 Posted August 21, 2007 Here's the scenario: can only boot into safemode, safemode with networking gives a BSoD regarding spooldr.sys, which may be the result of malware. From services.msc, should the print spooler be enabled or disabled? Use task manager to kill a process? That is, how to get into safe mode with networking at least, if not normal mode? thanks, Thufir
Guest Pegasus \(MVP\) Posted August 21, 2007 Posted August 21, 2007 Re: General BSoD question "Thufir" <hawat.thufir@gmail.com> wrote in message news:HRDyi.76631$fJ5.62187@pd7urf1no... > Here's the scenario: > > can only boot into safemode, safemode with networking gives a BSoD > regarding spooldr.sys, which may be the result of malware. > > From services.msc, should the print spooler be enabled or disabled? Use > task manager to kill a process? That is, how to get into safe mode with > networking at least, if not normal mode? > > > > thanks, > > Thufir You can disable the print spooler but you won't be able to print, of course.
Guest teh XKnight Posted August 21, 2007 Posted August 21, 2007 RE: General BSoD question "Thufir" wrote: > Here's the scenario: > > can only boot into safemode, safemode with networking gives a BSoD > regarding spooldr.sys, which may be the result of malware. > > From services.msc, should the print spooler be enabled or disabled? Use > task manager to kill a process? That is, how to get into safe mode with > networking at least, if not normal mode? > > > > thanks, > > Thufir > Recent changes that sparked the boot into safemode only? Did you install any software or hardware or attempt to change the boot screen? That's where I would start with the troubleshooting.
Guest Bruce Chambers Posted August 22, 2007 Posted August 22, 2007 Re: General BSoD question Thufir wrote: > Here's the scenario: > > can only boot into safemode, safemode with networking gives a BSoD > regarding spooldr.sys, which may be the result of malware. > > From services.msc, should the print spooler be enabled or disabled? Use > task manager to kill a process? That is, how to get into safe mode with > networking at least, if not normal mode? > > > If you spelled the file name ("spooldr.sys") correctly, it's almost certainly malware. The proper name for the Print Spooler is "spoolsv.exe." If you can get into the Recovery Console, try deleting, or at least renaming, the suspect file. -- Bruce Chambers Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin Many people would rather die than think; in fact, most do. -Bertrand Russell
Guest Thufir Posted August 22, 2007 Posted August 22, 2007 Re: General BSoD question On Tue, 21 Aug 2007 20:57:32 -0600, Bruce Chambers wrote: > If you spelled the file name ("spooldr.sys") correctly, it's almost > certainly malware. The proper name for the Print Spooler is > "spoolsv.exe." If you can get into the Recovery Console, try deleting, > or at least renaming, the suspect file. Yes, I saw many references to Trojans regarding that file. It's so arbitrary, spooldr.sys *sounds* genuine to me, I was assuming that this file was a (possibly critical) system file which the Trojan had hijacked. Aside from deleting or renaming the file, would the task manager come into play? Is there a particular process to kill? I found http://blog.misec.net/tag/rootkits/ http://www.greatis.com/security/ Removal_Spooldr.exe_Spooldr.sys_rootkit.htm Which give more information. Actually, it appears to be a rootkit. thanks, Thufir
Recommended Posts