Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ntio256.sys Is Killing My Computer

  • Please log in to reply
4 replies to this topic

#1 MrFightGuy


  • Members
  • 5 posts
  • Local time:07:23 PM

Posted 13 November 2007 - 11:28 PM

So I'm getting a DRIVER_IRQL_NOT_LESS_OR_EQUAL blue screen that comes on just as Windows is booting up. I get as far as the login screen, and after that nothing helps except to reboot, and then it happens again. ntio256.sys is listed in the technical section of the blue screen report, and I know by googling it that it's malware and that Windows is shutting down to keep it from screwing with my machine. How do I get it off? Any ideas? Heeeeeelp!

Edited by KoanYorel, 14 November 2007 - 11:36 AM.
Moved from Win XP Home forum to more appropriate

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,551 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:23 PM

Posted 14 November 2007 - 10:50 AM


I think this belongs in the HJT forum.


#3 DaveM59


    Bleepin' Grandpa

  • Members
  • 1,355 posts
  • Gender:Male
  • Location:TN USA
  • Local time:06:23 PM

Posted 14 November 2007 - 12:08 PM

Hi MrFightGuy,

It looks like you have access to another computer that you are using to communicate. That's good. Do you have a thumb drive that you can use to transfer files from it to the infected machine?

Next question. Can you boot the infected computer into safe mode? Here's how to do that:
  • Power on or reboot the computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows boot menu.
  • When you have the menu on the screen, use the arrow keys to move to the line that says Safe Mode.
  • Then press on your keyboard to boot into Safe Mode.

If you can boot into safe mode, and can download files on your working computer and transfer them to the infected one, then you should be able to run a HijackThis scan on the infected machine and post the log in the HJT forum. Here is a link to the download page for HijackThis. Download the .zip file, unzip it, then put it on your thumb drive and transfer it to your infected computer. Then run the program. This pinned topic has instructions on how to run the program and post a log. Note, it also has instructions for a number of preliminary steps, these you cannot do because you cannot boot into normal mode.

Also please note, the log should be posted in the HJT forum, not here. When you post the log, include an explanation that the scan was done in safe mode because the computer will not boot into normal mode.


#4 upperlevel


  • Banned
  • 59 posts
  • Gender:Male
  • Local time:05:23 PM

Posted 14 November 2007 - 01:56 PM

You can press f8 to get to the startup options screen as you are starting up and select the one that says it won't restart on malfunction and then end the process and start a scan with ad-aware

#5 MrFightGuy

  • Topic Starter

  • Members
  • 5 posts
  • Local time:07:23 PM

Posted 14 November 2007 - 05:25 PM

Thanks! Actually, I already figured out safe mode. I ran spybot, and ad-aware was running when I left this morning. I have HijackThis, but I've stupidly never figured out how to use it, and I desperately need to update my virus definitions, too, so thanks BUNCHES for the instructional link! I'll post more on my progress later...also, I googled info on how to specifically remove this bit of malware.

And yes, I have access to machines at work, and my fiancee and our roomate each have one, too, so I'm set in that dept.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users