1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

guyz help me out, frrom this ntndis.exe thing!!

Discussion in 'Windows - Virus and spyware problems' started by jeynash, Dec 3, 2007.

  1. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    This thing wont disappear even after using anti spyware or adware or anything of its kind.....
    every time when ma pc login, this thing shows up...

    [​IMG]
    and advanced thanks tooo
     
  2. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    http://www.bleepingcomputer.com/startups/not_used-14934.html
    This appears to be in startup programs.
    Try this: START> RUN> TYPE REGEDIT> EXPAND HKEY_LOCAL_MACHINE> SOFTWARE> MICROSOFT> WINDOWS> CURRENTVERSION> RUN> IN THE RIGHT WINDOW PANE LOOK FOR THE ITEM YOU WANT TO REMOVE FROM STARTUP> RIGHT CLICK THE ITEM> SELECT DELETE. CLOSE HKEY_LOCAL_MACHINE, AND OPEN HKEY_CURRENT_USER> PERFORM THE SAME STEPS. THIS WILL GET RID OF UNWANTED STARTUPS.
     
    Last edited: Dec 3, 2007
  3. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    need to run your updated resident anti-virus and do a online scan:

    F-secure scan:
    http://support.f-secure.com/enu/home/ols.shtml

    uses Internet Explorer only

    click on the "start scanning button" near bottom of page.
    click to accept/install the ActiveX applet
    "accept" the License Agreement, click "full system scan"
    Once the download of files completes,the scan will begin automatically.
    The scan may take some time to finish.
    When the scan completes, click the Automatic cleaning (recommended) button.
     
  4. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    thnx for ur suggestions... but those didnt solve the problem...it keep scomin out as
    "windows cannot find the'c:windows/system32/drivers/ntndis.exe'"
    even though i have installed de os in partition "D"
     
  5. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Try looking here. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
     
  6. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    there is probably a left over registry entry pointing to the file that is now missing. a hjt log might be useful.

    Download HiJackThis log - Trend Micro HijackThis 2.0.2

    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    * Save HJTInstall.exe to your desktop.
    * Doubleclick on the HJTInstall.exe icon on your desktop.
    * By default it will install to C:\Program Files\Trend Micro\HijackThis .
    * Click on Install.
    * It will create a HijackThis icon on the desktop.
    * Once installed, it will launch Hijackthis.
    * Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    * Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log in next reply.
     
  7. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    wow!!
    auickdraw u were rite....
    i saw de below

    Value Data
    "Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe"

    what should i do now??
     
  8. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Thanks to echoreply!!
    i fixed the error by installing HT...and fixing the errors...thnx buddy!
     
  9. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Great! Glad you were able to fix it. To answer your earlier question. After you located the file in the registry, you would of just deleted it. However, both suggestions would of worked. I just thought editing the registry would be easier.
     
    Last edited: Dec 3, 2007
  10. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Thnx for the information buddy!
     
  11. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Not a problem. That's what we do here. Have a nice day!
     
  12. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Well, I do have one more problem.
    There is an icon in the task bar, just like the windows security alert,
    which cant be found in the "process" in the task manager and i also cant exit the program. when i click it, it opens the internet explorer, and guides to "http://www.antivirgear.com/?aff=1012", which does not exist.
    this been there for the past 2 weeks.
     
  13. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    The quick launch icons, is this what you mean?
     
    Last edited: Dec 3, 2007
  14. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    yes an icon in the system tray
     
  15. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Remember this fix I showed you earlier for startup programs?
    Try this: START> RUN> TYPE REGEDIT> EXPAND HKEY_LOCAL_MACHINE> SOFTWARE> MICROSOFT> WINDOWS> CURRENTVERSION> RUN> IN THE RIGHT WINDOW PANE LOOK FOR THE ITEM YOU WANT TO REMOVE FROM STARTUP> RIGHT CLICK THE ITEM> SELECT DELETE. CLOSE HKEY_LOCAL_MACHINE, AND OPEN HKEY_CURRENT_USER> PERFORM THE SAME STEPS. THIS WILL GET RID OF UNWANTED STARTUPS.

    If this appears in the system tray next to the clock, it is a startup. This can also be removed manually with Microsoft Configuation Utility. START> RUN> TYPE MSCONFIG> CLICK THE START TAB> SCROLL THROUGH THE LIST UNTIL YOU LOCATE THE FILE NAME> UNCHECK THE FILE> CLICK APPLY> CLICK OK. REBOOT YOUR COMPUTER. However, the problem with doing it this way, is you don't actually delete the file, you only disable it. Removing it from the registry deletes it.
     
  16. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    i know de msconfig option.
    i had tried it. there is nothing in the startup item that has any relation to the icon in the system tray. even if i "disable all" in the startup, it keeps comin.
    Please chk de image:

    [​IMG]

     
  17. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    In the registry editor,
    i found only 2 entries
    1, Default
    2, daemon tools
    which, i think, are not the source of the problem
     
  18. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    If your not sure. You'll need to work with MSCONFIG start tab. Here's what you do. START> TYPE MSCONFIG> CLICK ON THE STARTUP TAB> SELECT DISABLE ALL> CLICK APPLY> AND GET OUT OF THERE AND REBOOT. SEE IF THE ICON HAS DISAPPEARED. IF SO, AND I SUSPECT IT HAS, THE NEXT THING TO DO IS GO BACK INTO MSCONFIG START TAB AND PUT THREE GREEN CHECKS MARKS ON THE FIRST THREE PROGRAMS IN THE LIST THEN REBOOT. KEEP ADDING THREE MORE CHECK MARKS AT A TIME TO THE REST OF THE PROGRAMS IN THE LIST UNTIL YOU HAVE THE PROGRAM IN QUESTION STARTING AGAIN IN SYSTEM TRAY. GO BACK TO THE START TAB AGAIN AND REMOVE ONE CHECK MARK AT A TIME, STARTING AT THE BOTTOM OF THE LIST, REBOOTING EACH TIME, UNTIL THE PROGRAM DISAPPEARS. BINGO! YOU FOUND WHICH ONE IT IS. HOW GO BACK INTO THE REGISTRY WHERE I SHOWED YOU TO GO AND LOCATE THIS STARTUP. RIGHT CLICK IT AND SELECT DELETE. THEN BOB'S YOUR UNCLE! OPPS, JUST NOTICED I'M SHOUTING WITH CAPITOL LETTERS, SORRY ABOUT THAT.
     
    Last edited: Dec 4, 2007
  19. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    dude, this is ma startup

    check the image

    [​IMG]


    do you still think i got anything to do in the msconfig.exe

     
  20. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16

    i had unchecked all the items

     

Share This Page