Please Help!Having problem with NDT2.SYS!

[rangermat]

I'm running Vista 32bits and have been infected with the NDT2.SYS. My sony is just about 1 month old and I am finding it very difficult to get this mess out of my computer. I have used spyware doctor to remove it, but it keeps coming back. Kasperky even picks it up and deletes it, but this keps on returning. It's appearance is very irritating and moreover I believe it will eventually cause more problems. Any help of any kind can be highly appreciated. Thanks in advance!


Got help from Blind Dragon, but got stuck at step 11. Installed AVG anti-rootkit but cannot run it.
Really confused. Can someone please help? Patiently waiting

 

[Blind Dragon]

See if you can install disconnected from the internet and running in Safe Mode (tapping f8 at boot up) select Safe Mode and hit enter.

Boot into Safe Mode
Reboot your computer in Safe Mode.

• Restart
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account not admin.

This thread is for the use of rangermat only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rangermat]

I have done as instructed. Now the application opens in safe mode but does not scan. It says that I should restart my computer and by so doing, the aplication does not open again. Really getting worried!Any more advice?

 

[Blind Dragon]

First
Show hidden files through windows explorer

• Access Windows Explorer by clicking Start, point to All Programs, Accesories (for Vista users), and then click Windows Explorer.
• On the Tools menu in Windows Explorer, click Folder Options.
• Click the View tab.
• Under Hidden files and folders, click Show hidden files and folders.
• If you don't see this option in Vista click on Organize go down to Layout make sure there is a check by Menu bar

hit Ctrl +ALT + DEL and select Task manager

end process on any of the following (if there)
NDT.SYS
93211791.EXE
33201795.SVD
SAMPLE.SYS
84733211.SYS
WMIPRVES[1].EXE
WMIPRVES[2].EXE
NDT2SUSPECT.SYS
11446168.SYS
79840294.SYS
59493876.SVD
31072677.SYS
21338204.SYS
88181595.SVD
63731636.SVD

Then see if you can run AVG

This thread is for the use of rangermat only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rangermat]

Done as told, but none of these processes are in use. Is this strange or what? Just do not know what to do now.

 

[Blind Dragon]

Not really, I just looked it up and even though the instructions say it works with Vista I don't think that it is supposed to.

GMER Uninstall the AVG anti rootkit and install this one

Again download it, disconnect from the net before install

 

[Blind Dragon]

rename gmer.exe to test.exe and click test.exe\Do this by opening the containing folder then right clicking the .exe file and typing in the new name. then run it, do not select the "Show all" checkbox during the scan.

 

[rangermat]

GMER Scan!

Got this one to work, have got the scan log. What do I need to do next? Do I need to continue to step 12? Please let me know and let me know also what to do with the GMER log. Thanks in advance

 

[Blind Dragon]

Finish the instructions then post the 4 logs as attachments in a new thread so that somebody can check them, there is less chance of them checking this one with so many replies.

you should have in your new thread:
1) HJT log renamed as crusty
2) GMER log
3) Combofix log
4) AVG antispyware log