Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ntndis.exe


  • Please log in to reply
5 replies to this topic

#1 Gein

Gein

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 November 2007 - 03:19 AM

Not sure how or where I got this problem, but it's happening lol.


I get several boxes. First I get ntndis.exe has encountered a problem and must shut down. I click don't send, or send error report, and it comes right back, along with...."Data execution prevention-Microsoft Windows" "To help protect your computer, windows has closed this program - Name: Windows explorer".

I've rebooted, etc, and the boxes keep coming up, and are even up now as we speak. I've ran a Registry cleaner program, which did not help, etc.

My anti-virus (NOD32) is also coming up with an alert for "C:\WINDOWS\System32\drivers\ntndis.sys

Threat: Win32/IRCbot.SE trojan


I don't want to delete anything until I can get help from someone who knows what's going on, since this is in my system32 file. Don't want to do more damage by not knowing.

Thanks in advance to anyone who can help with this.

BC AdBot (Login to Remove)

 


#2 Gein

Gein
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 November 2007 - 03:22 AM

Sorry for the double post, but I just now noticed another box.


"Error"
General extraction error

#3 Gein

Gein
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 November 2007 - 03:47 AM

Thanks anyway guys, but I got it under control.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:55 PM

Posted 21 November 2007 - 10:29 AM

How did you resolve this? ntndis.sys is a Trojan/Rootkit Component.

Rootkits are very dangerous because they use advanced techniques as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use them as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Gein

Gein
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 November 2007 - 06:54 PM

I did a system restore from the previous day before I downloaded the rootkit. Then I ran the anti-virus again, and it isn't coming up anymore. I still changed all passwords though, just to be safe.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:55 PM

Posted 21 November 2007 - 07:45 PM

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"The Ten Most Dangerous Things Users Do Online".
"The 10 Biggest Security Risks".
"Hardening Windows Security - Part 1" and "Hardening Windows Security - Part 2".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users