Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue Screen of death


  • Please log in to reply

#1
robertch

robertch

    Member

  • Member
  • PipPip
  • 14 posts
I have acquired some sort of virus/ malware and have been unable to get rid of it. Running various spyware/ virus detection programs in the normal windows XP mode causes the computer to restart and a blue screen to appear citing vdnt32.sys as the problem. I have run a variety of virus programs in the safe mode with no progress on the problem. I found a post on one of the forums with what seemed to be a description of the same problem. The administrater suggested downloading and running Service Filter which I have done. I was not entirely clear where the results should be posted so I will post them here. This means nothing to me so I hope you can be of some assistance.

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 1
Mar 19, 2005 4:02:08 PM


===> Begin Service Listing <===

Unknown Service #1
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{3ee29ad4-5228-4714-a7af-527e8da5d5d7}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

---> End Service Listing <---

There are 81 Win32 services on this machine.
1 were unrecognized.

Script Execution Time: 9.242188 seconds.
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
...maybe I am reading this wrong--I don't know what system filter is supposed to accomplish.

That is a legitimate file and legitimate service (dllhost)

This, vdnt32.sys, however, is not. It is a trojan horse.

Follow the directions in the pinned thread at the top of this forum:

http://www.geekstogo...o_Here-f37.html

then post a hijackthis log if still needed.
  • 0

#3
robertch

robertch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Maybe I'm just a little slow but I'm having trouble following what you want me to do :tazz: . While I have no idea what "pinned" means I am smart enough to see it written before several of the topics in the link you provided. Do you want me to open the "What to help others?" link. Where exactly should I be looking for instructions? Thanks for your patience and your help. I have also posted a HiJackThis log so we'll see what that does.
  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
read the thread:

Pinned: You Must Read This Before Posting A Hijackthis Log

Then do as you have...it helps because the pre-steps will eliminate some of the easy stuff and make fixing the harder stuff faster.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP