Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows doesn't boot due to corrupt mbamswissarmy.sys


  • Please log in to reply
6 replies to this topic

#1 harmik

harmik

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 September 2017 - 01:52 PM

Hi,

I have a dual boot (Windows 8 and Windows 7) laptop. Based on the OS, I use Legacy BIOS or EFI. The Windows 7 is installed using EFI in GPT partition (I hope I am using the correct terms). I use Windows 7 more often and recently it got infested with viruses / malware. I use Avira AV, Comodo Firewall and Malwarebytes.

With a combination of these, I was able to remove all the viruses and I was using the laptop normally since a couple of days. But then the next day, I was getting the above error. Tried everything : Windows recovery, startup recovery, checkdisk, command prompt bcd rebuild, sfc scan etc. I am not able to boot in Safe Mode or anything like that.

Currently I am posting from the Windows 8 system.

I read that FRST may do the trick with a lot of help. Please advise.



BC AdBot (Login to Remove)

 


#2 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:56 PM

Posted 27 September 2017 - 02:17 PM

You can rename mbamswissarmy.sys driver to mbamswissarmy.sys.old. You can find the mbamswissarmy.sys driver at \Windows\System32\drivers folder.


Posted Image


#3 harmik

harmik
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 September 2017 - 02:37 PM

You can rename mbamswissarmy.sys driver to mbamswissarmy.sys.old. You can find the mbamswissarmy.sys driver at \Windows\System32\drivers folder.

So, after renaming the one in the drivers folder, where do I find its replacement ? Or no replacement required ?



#4 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:56 PM

Posted 27 September 2017 - 02:47 PM

You have to reinstall malwarebytes to replace the driver you have renamed.


Posted Image


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:56 PM

Posted 27 September 2017 - 03:34 PM

Well...if you cannot boot into Windows...reinstalling Malwarebytes will be difficult.

 

I don't see any informtion which would lead me to believe that this file can keep Windows from booting.  The fact that you had malware problems before...and believe you resolved such...would weigh heavily in my decision to treat this as a malware situation.  If this were simply a driver problems...there should be no impact on ability to boot into safe mode, since safe mode only allows a minimal set of drivers to load.

 

Laptop manufacturer and model?

 

Please post the exact error message received when trying to boot into safe mode.

 

Louis

 

I don't know how effective it would be...but I would run the chkdsk /r command on the Win 7 partition from the Win 8 install.  Then I would try a Win 7 startup repair, running it up to 3 times.


Edited by hamluis, 27 September 2017 - 03:40 PM.


#6 harmik

harmik
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 27 September 2017 - 04:59 PM

You have to reinstall malwarebytes to replace the driver you have renamed.


That worked. Thanks a lot !
Trying my best to remove all malware now.

#7 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:10:56 PM

Posted 27 September 2017 - 05:03 PM

You are very welcome!


Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users