NTNDIS.EXE is found and deleted. Now how to get rid of the error message?

I had a problem with a file called NTNDIS.EXE. This file was some form of malware or adware etc. I found and deleted it so it's gone now. BUT, there is still a "call" for it in some start-up program that I want to find and permanently delete so that I don't get an error message everytime I boot telling me that the file is missing.

You smart guys always seem to be able to figure this kind of mystery. Can U help with this one?

 

Try running a good registry cleaning program like Regcure. This should take care of your annoying error message. Good luck, Rev

 

Thanks for the idea Rev... Sadly I've tried RegCure and it fails to find the "call" anywhere.

 

Here's an old thread about this:

http://forums.afterdawn.com/thread_view.cfm/595210

There's more to removal than just deleting it.

 

C:\Windows\System32\drivers\ntndis.exe
Added by the W32/Rbot-DPG worm and IRC backdoor.

In Windows NT/XP/Vista/2000/2003, this startup entry is being started via the Shell= line in the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

If you are skilled, you can delete the Start key in the registry. If not, I suggest that you download and Run SUPERAntiSpyware Free

That should clean up the registry Start… and the leftover traces...

2oG

 

Yea I use SuperAntiSpyware and it works like a charm. It gets rid of all spyware, not just the easy ones.

 

Thanks for this info. I installed SUPERANTISPYWARE and ran it (along with other registry cleaners at other times. I didn't solve the problem altho it did find and repair many many other entries. The Problem with MY registry is that there is NO Shell subdirectory under WINLOGON. Your post indicated as follows: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell. So I am stymied with no SHELL directory.

But.. thanks so much for the try!!

 

Shell is not a sub dir. It’s in the WINLOGON folder. Open the winlogon folder and look over in the right pane for it.
Shell also contains explorer.exe and that is what runs your desktop so, don’t delete That!

The data in Shell should look something like this: "Explorer.exe C:\WINDOWS\system32\drivers\ntndis.exe"

Only delete all after Explorer.exe and leave IT alone……

2oG

 

Aha... got it! Fixed it. ALl is well with the world now!

For so long I've seen how you guys work out these problems for hacks like me... I'm not totally sure you understand how good it is for a person like me to fix a minor problem like the one I had with help from people like you... Thanks so much.

 

And, I'm not totally sure you understand how good it is for a person like me to be able to help a newbie hack like you. When I started hacking computers, over 30 years ago, there was no internet or anyone that knew anything about a computer that I could ask. I went through a lot of trial and error and peeing on fences to get where I am today.
So, you are very welcome and learn from your experiences..

2oldGeek gets the bugs out… oops


Safe Surfing: