TechSpot

Ndt2.sys infected

By undiscovered
Dec 20, 2007
  1. I have used SUPER anti spyware free edition to locate and quarantine the file ndt2.sys, but it continues to re-appear. I have checked systems32 folder and have noticed ndt2.sys and ndptsp.tsp. However, I was told ndt2.sys is a normal working file for windows in most cases. The software shows it as a trojan.

    I have ran viewpoint killer - found nothing
    I have ran AVG root - found nothing.

    What I have is my hijackthis file, but it does not appear that anything is out of the ordinary.

    I read another user who has had the same issue and resolved it, but he had .exe files (I believe ip.exe) associated with it.

    Any suggestions?
    Thanks
     
  2. Daveskater

    Daveskater Banned Posts: 1,687

    Please read this thread If your system is infected, read this before deciding whether to Clean or Format.

    If you decide to clean your system, follow these instructions Virus/Spyware/Malware, preliminary removal instructions and post fresh HJT, Combofix, and AVG Antispyware logs as attachments to a new reply in this thread as well as the result of the Panda Antirootkit scan.


    This thread is for the use of undiscovered only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Rik

    Rik Banned Posts: 3,814

    undiscovered, you need to follow Daveskater's instructions as your HJT log DOES show some bad entries, it also tells me you have no active virus scanner or firewall software. That is an infection invitation and should be remedied as soon as possible.



    This thread is for the use of undiscovered only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. Daveskater

    Daveskater Banned Posts: 1,687

    Cheers Rik, I had a headache earlier so I just copy and pasted my message ;) You said everything I would have though.
     
  5. undiscovered

    undiscovered TS Rookie Topic Starter

    Thanks. I followed the directions, but could not obtain AVG antispyware log (yet).

    Panda Antirootkit scan shows no errors.

    Attached are Hijackthis and Combofix logs.

    Hope you all can help me!

    Thanks!
     
  6. Daveskater

    Daveskater Banned Posts: 1,687

    You can have HJT fix this entry because it's been deactivated:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to enable those startup entries by doing the following:

    Please click on start, then run, and type msconfig and then press enter. When the window opens, click on the startup tab and make sure there are check marks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot.

    Now please create a new HijackThis Log and attach it to a new reply in this thread.

    As Rik said, you have no anti-virus or firewall software. These are good programs, and all free:

    Anti virus: AVG or Avast - use only ONE

    Anti-spyware: Spybot S&D and Ad-aware - use both

    Firewall: Kerio, Comodo or ZoneAlarm - use only ONE
    There are multiple version of Zone Alarm, one of which is the free, firewall only version.


    This thread is for the use of undiscovered only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. undiscovered

    undiscovered TS Rookie Topic Starter

    I have S&D, SuPER antivirus software, and AVG software. All of which have been used (along with the others mentioned above).

    Here is the new hijackthis log.
     
  8. undiscovered

    undiscovered TS Rookie Topic Starter

    ...Anyone?
     
  9. Daveskater

    Daveskater Banned Posts: 1,687

    I don't think I can see anything else in your log that seems out of the ordinary so I'm gonna leave it for Rik to look at.

    What are the exact symptoms that you're getting?

    Please wait 24 hours before asking for more help, our members are all over the world and can't post when they're asleep ;) As for me, I would have answered yesterday if I wasn't in a different city all day.
     
  10. undiscovered

    undiscovered TS Rookie Topic Starter

    Thank you for replying.

    I began noticing a pop up window saying Ndt2.sys was no longer working and would have to close the prompt. I felt this was unusual so I google'd the file and stumbled across several members posts stating they have been infected with this trojan; however, other says NDT2.sys is a normal working file within Vista.

    I decided to run antispyware in hope that it would tell me the truth. After running SUPER Antispyware, it had picked up (and continues to after being removed) ROOTKIT.NDT2 and NDT2.sys saying it is a threat.

    Thank you.
     
  11. Rik

    Rik Banned Posts: 3,814

    I see no evidence of antivirus or firewall software in your log which is just asking to be infected.

    You need to get both in place as soon as possible.

    There are links to free software within the insturctions that you have worked through.


    This needs to be sorted or your pc will probably keep being infected.




    This thread is for the use of undiscovered only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Daveskater

    Daveskater Banned Posts: 1,687

    I have provided links to a load of free AV and AS software above, download one of the AV software, both of the AS and one of the firewalls.

    If you have gone through the preliminary removal instructions then you should already have a nice bunch of software on your PC. The ones that you want to keep are from steps 2, 4, 6, 7, 8 and 9, so you should have AVG/Avast, HJT, AVG AS, Spybot, Ad-Aware and CCleaner, among others. Every thing else can be deleted/uninstalled when your PC is clean. Never tell HJT to fix things unless you know what you're doing because it finds a lot of legitimate entries and deleting everything can and will mess up your PC (I've seen someone do this before ;))


    This thread is for the use of undiscovered only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...