Welcome to GeekPolice!
Homemalware shutdown
- eholmes
Beginner
-
OS : vista 32-bit
Posts : 2
Rubies : 2603
Likes : 0 
eholmes on 24th July 2010, 3:14 am
trying to find out how to stop a bsod and computer shutdown. The bsod reads "vbshld.sys" page_fault_ etc..
I am running windows vista 32-bit. I have vexira antivirus software. and just installed webroot to try and solve this problem. I also have a "subspooler app has closed" error. don't know if it is related
I am running windows vista 32-bit. I have vexira antivirus software. and just installed webroot to try and solve this problem. I also have a "subspooler app has closed" error. don't know if it is related
- eholmesBeginner
-
OS : vista 32-bit
Posts : 2
Rubies : 2603
Likes : 0 -
eholmes on 24th July 2010, 3:22 am
mbr report:
MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\F: --> \\.\PhysicalDrive1
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
931 GB \\.\PhysicalDrive1 MBR Code Faked!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk1...
Enter filename to dump to: Dumped successfully!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk1...
Enter filename to dump to: Dumped successfully!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk2...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk2...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk2...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk3...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit):
Done! Press ENTER to exit...
MBRCheck, version 1.1.1
(c) 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\F: --> \\.\PhysicalDrive1
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
931 GB \\.\PhysicalDrive1 MBR Code Faked!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk1...
Enter filename to dump to: Dumped successfully!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk1...
Enter filename to dump to: Dumped successfully!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk2...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk2...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk2...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit): Dumping \\.\PhysicalDisk3...
Enter filename to dump to: Error opening disk (2)!
Enter the physical disk number to dump (0-99, -1 to exit):
Done! Press ENTER to exit...
- Sneakyone
Security Colleague -
OS : Windows 7 Ultimate 64-bit
Anti-Malware : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Posts : 2706
Rubies : 33643
Likes : 0 -
Sneakyone on 24th July 2010, 6:55 am
Hi, welcome to GeekPolice.net! 
Just to let you know, each of these fixes are specific to the computer they are intended for.
Download Bootkit Remover to your Desktop.
Just to let you know, each of these fixes are specific to the computer they are intended for.
Download Bootkit Remover to your Desktop.
- You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
- After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
- It will show a Black screen with some data on it.
- Right click on the screen and click Select All.
- Press CTRL C
- Open a Notepad and press CTRL V
- Post the output back here.
I'm livin' life in the fast lane.
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:
You can reply to topics in this forum
