TechSpot

Please Help!Having problem with NDT2.SYS!

By rangermat
Jan 18, 2008
  1. I'm running Vista 32bits and have been infected with the NDT2.SYS. My sony is just about 1 month old and I am finding it very difficult to get this mess out of my computer. I have used spyware doctor to remove it, but it keeps coming back. Kasperky even picks it up and deletes it, but this keps on returning. It's appearance is very irritating and moreover I believe it will eventually cause more problems. Any help of any kind can be highly appreciated. Thanks in advance!


    Got help from Blind Dragon, but got stuck at step 11. Installed AVG anti-rootkit but cannot run it.
    Really confused. Can someone please help? Patiently waiting
     
  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    See if you can install disconnected from the internet and running in Safe Mode (tapping f8 at boot up) select Safe Mode and hit enter.

    Boot into Safe Mode
    Reboot your computer in Safe Mode.
    • Restart
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account not admin.

    This thread is for the use of rangermat only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. rangermat

    rangermat TS Rookie Topic Starter

    I have done as instructed. Now the application opens in safe mode but does not scan. It says that I should restart my computer and by so doing, the aplication does not open again. Really getting worried!Any more advice?
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    First
    Show hidden files through windows explorer
    • Access Windows Explorer by clicking Start, point to All Programs, Accesories (for Vista users), and then click Windows Explorer.
    • On the Tools menu in Windows Explorer, click Folder Options.
    • Click the View tab.
    • Under Hidden files and folders, click Show hidden files and folders.
    • If you don't see this option in Vista click on Organize go down to Layout make sure there is a check by Menu bar


    hit Ctrl +ALT + DEL and select Task manager

    end process on any of the following (if there)
    NDT.SYS
    93211791.EXE
    33201795.SVD
    SAMPLE.SYS
    84733211.SYS
    WMIPRVES[1].EXE
    WMIPRVES[2].EXE
    NDT2SUSPECT.SYS
    11446168.SYS
    79840294.SYS
    59493876.SVD
    31072677.SYS
    21338204.SYS
    88181595.SVD
    63731636.SVD

    Then see if you can run AVG

    This thread is for the use of rangermat only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. rangermat

    rangermat TS Rookie Topic Starter

    Done as told, but none of these processes are in use. Is this strange or what? Just do not know what to do now.
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Not really, I just looked it up and even though the instructions say it works with Vista I don't think that it is supposed to.

    GMER Uninstall the AVG anti rootkit and install this one

    Again download it, disconnect from the net before install
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    rename gmer.exe to test.exe and click test.exe\Do this by opening the containing folder then right clicking the .exe file and typing in the new name. then run it, do not select the "Show all" checkbox during the scan.
     
  8. rangermat

    rangermat TS Rookie Topic Starter

    GMER Scan!

    Got this one to work, have got the scan log. What do I need to do next? Do I need to continue to step 12? Please let me know and let me know also what to do with the GMER log. Thanks in advance
     
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Finish the instructions then post the 4 logs as attachments in a new thread so that somebody can check them, there is less chance of them checking this one with so many replies.

    you should have in your new thread:
    1) HJT log renamed as crusty
    2) GMER log
    3) Combofix log
    4) AVG antispyware log
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...