Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

mbswissarmy.sys - unable to boot


  • Please log in to reply

#1
nishad1981

nishad1981

    New Member

  • Member
  • Pip
  • 3 posts

Hi

 

I have a Windows 7 machine.  Recently I installed a newer version of Malware Bytes. Now the computer isn't booting. Am getting the MBswissarmy.sys file

 

The machine is a 64 bit machine. I downloaded the FRST64 file and loaded it to USB ut the problem is that I am not able to invoke the cmd prompt option to be able to even run FRST64.

 

Please help !!

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Look at http://www.geekstogo...l/#entry2151691

 

Which step in the instructions fails to work?  

 

 

 

mbswissarmy.sys seems to be very sensitive to file structure problems on the hard disk.  If you do get to a command prompt you might run a disk check.

 

Use this command: 
chkdsk  /f  C:
 
When you use this command, Check Disk performs an analysis of the disk and then repairs any errors it finds, provided that the disk isn’t in use. If the disk is in use, Check Disk displays a prompt that asks whether you want to schedule the disk to be checked the next time you restart the system. Click Yes to schedule this check. 
 
To delete the MBAM drivers and services from the registry from the command line you can type:
 
sc delete MBAMService
sc delete MBAMChameleon
sc delete MBAMFarflt
sc delete MBAMProtection
sc delete MBAMSwissArmy
sc delete MBAMWebProtection
I'm checking out an off-line registry editor which will allow you to remove the MBAM drivers and services but need to reboot to do it so will break this up into two posts.

  • 0

#3
nishad1981

nishad1981

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

So here is where the problem is based on the link you sent me.. the statements  in "red" don't even appear for me to be able to get to the command prompt

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Do you see the safe mode options?


  • 0

#5
nishad1981

nishad1981

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

yes. I do.. but none of them work.. they lead me to the same error


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I would try method 2 on

 

https://www.raymond....ing-in-windows/

 

The registry entries you need to delete are found under:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\

 

and will all start with MBAM


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP