BleepingComputer.com: ntvdm.exe

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

ntvdm.exe hello

#1 User is offline   ryan12313 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 25-March 10

Posted 20 November 2010 - 12:19 PM

Well I'm aware that ntvdm.exe isn't a virus, but I'm just wondering why theres 23 processes of it open in my taskmanager.

#2 User is offline   hamluis 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 31,439
  • Joined: 03-September 05
  • Gender:Male
  • Location:Killeen, TX

Posted 20 November 2010 - 12:48 PM

Can't answer that...I don't have any on this system.

I'll move you to Am I Infected for a deeper look.

Louis
Am I Infected, What Do I Do?
Preparation Guide, Malware Log Topics
Using The Report Button
Misplaced Malware Logs
Discussion Forum Rules

#3 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,516
  • Joined: 09-July 05
  • Gender:Male
  • Location:Virginia, USA

Posted 20 November 2010 - 02:09 PM

Quote

The ntvdm.exe process is used when you run DOS or 16-Bit software on your windows pc. It will emulate the old DOS/16-bit os to allow older programs to run. If you are running DOS based (or 16-bit) programs on your computer, you should leave this process running.
ntvdm.exe (NT DOS Virtual Machine) – Details

Since it simulates a 16-bit environment for MS-DOS and 16-bit Windows applications, the first question I would ask, is what other programs are you using at the time the multiple ntvdm processes starting appearing?

Monitoring Win16 Applications

Quote

Almost all performance monitoring tools can monitor 16-bit applications on Windows NT 4.0 Server and Workstation. However, because they run in the same process, the trick to monitoring more than one 16-bit application is to distinguish among the threads of the NTVDM process.

To monitor one 16-bit application, simply select the NTVDM process in Performance Monitor, Task Manager, Process Explode, Process Viewer, Process Monitor, or another tool. If you have multiple 16-bit processes running in NTVDM, you can distinguish them by their thread IDs in all tools except Process Monitor. You might have to start and stop the 16-bit process to determine which thread ID is associated with which 16-bit process...


Tools to investigate running processes and gather additional information to identify them and resolve problems:
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#4 User is offline   ryan12313 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 21
  • Joined: 25-March 10

Posted 20 November 2010 - 11:09 PM

Ahh, must be my DOS Shells for DDoSing. (Legal purposes) Thanks for the information.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users