Okay, this is a nasty one. Virus infection on a Compaq laptop running XP. It's so bad the laptop will not even start on safe mode unless you're working from the command prompt. Ohterwise, the desktop wallpaper comes up with no icons, then BSOD.

BSOD display reads-

A problem has been detected and Windows has been shut down to prevent damage to your computer.

The problem seems to be caused by the following file: ndisio.sys

DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS

If this is the...

...select safe mode.

Technical Information:

*** STOP: 0x000000CE (0xF975384D, 0x00000008, 0xF975384D, 0x00000000)

ndisio.sys
Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.




This apparently started when my friend got a pop-up for an update to Spyware Guard 2008. She downloaded and installed the "update", and this was the result.

Can't get online with the laptop, and I'm not sure I can install anything from CD yet. We're trying to find the restore CD and, failing that, an XP install CD to reinstall after format.

I've tried the Advanced Options menu, and Safe Mode with Command Prompt is the only one which works. I'm not willing to delete the file that is supposedly causing the problem, since I don't know what it does and don't know if that's really where the problem is.

I hope someone can help with this.

Urban Werebear

Hello urbanwerebear

Welcome to the Whatthetech Malware Removal Forum,

All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


SpywareGuard by JavaCool <---is a respected program
Spyware Guard 2008 <--This is a trojan

ndisio.sys <-- This is a backdoor trojan that lets other garbage in.

You need to get the CD and do a System Repair, then post a HJT log and lets see where we stand

Download Trendmicros Hijackthis to your desktop.

• Double click it to install
• Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
• Open HJT Scan and Save a Log File, it will open in Notepad
• Go to Format and make sure Wordwrap is Unchecked
• Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Submit Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Cool. Thanks for the help so far.

I should have an update within a couple of days. I work weekends, so Tuesday will be the earliest I can work on the laptop again.

Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log