Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ntvdm.exe pop-ups - 60 second countdown


  • Please log in to reply
7 replies to this topic

#1 Ken81

Ken81

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 13 September 2009 - 10:47 AM

I tried researching this on a laptop and found that it could maybe be some kind of blaster worm.. I was wondering if i could have a professional opinion or guidance.
Before, i was getting a blue screen periodically
Now, when i turn on the computer, my desktop and icons load. Immediately after this, about ten windows labeled 'ntvdm' stack on top of each other. I am able to exit off of them but then all that remains is my desktop image and a icons. There isn't a start taskbar.
Prior to today, i was getting a 60 second countdown that said 'terminated by NT Authority'. I tried typing in 'windows key + r' to bring up the run box. I typed 'services.msc'. After about a million tries, i think i was able to turn the 'Remote Procedure' option to not restart. However this happened, its the only way i was able to access the browser to type this before my 60 seconds ran out..
I can give any other information needed. I've downloaded Combofix if that would help. Any guidance would be greatly appreciated. Thank you

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 13 September 2009 - 01:08 PM

Moved from XP to a more appropriate forum. Tw

#3 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 13 September 2009 - 05:32 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.


Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#4 Ken81

Ken81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 14 September 2009 - 07:03 PM

Thank you for replying so quickly. I really appreciate your time.

I followed your instructions. I was able to download and install MBAM but not run it. When clicking on the icon (and the icon in the Program folder), i get another black dialogue box with a blinking underscore. This is immediately followed by a box stating:
NTVDM.EXE has encountered a problem and needs to close. We are sorry for the inconvenience.

A while ago, i had downloaded a little clean-up program called Advanced WindowsCare. It scanned through your registry and things. Since having it, when right-clicking an icon, i have a "Boost with Advanced WindowsCare" option. I don't know what it is or does, but its the only thing that opens programs. I tried running the Symantec blaster worm scanner downloaded from a flash drive and this "Boost" option was the only thing that would open it. Double-clicking or opening causes the same black dialogue box to pop up followed by the message four lines above.

I tried using this option to open Malewarebytes, changing the extensions to everything you suggested. I restarted and retried. This is the message that i get:
Malwarebytes' Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience.

#5 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 14 September 2009 - 07:07 PM

Try this:

let's try Fatdcuk's fix.

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and select Quick Scan

At the end of the scan click Remove Selected and then reboot.


Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Computer Pro

#6 Ken81

Ken81
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 14 September 2009 - 09:34 PM

Ugh. I did as you requested. When double-clicking, i'm getting the same 'ntvdm' window and error message. When selecting that "Boost with Windows AdvancedCare" option, i get only the black box without the succeeding message.. Is there anything else that i can do?.

#7 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 15 September 2009 - 05:37 PM

Ok, lets try Dr. Web:

Please download Dr. Web the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr. Web Cureit as follows:
• Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
• Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
• The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
• If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
• If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
• When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
• Now put a check next to Complete scan to scan all local disks and removable media.
• In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
• Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
• When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
• Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
• In the top menu, click file and choose save report list.
• Save the DrWeb.csv report to your desktop.
• Exit Dr.Web Cureit when done.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Computer Pro

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,950 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:59 PM

Posted 17 September 2009 - 12:14 PM

Crashes (BSOD), unexpected shutdowns, sudden freezing, random restarting, and booting problems could be symptomatic of a variety of things to include hardware/software issues, overheating caused by a failed processor fan, bad memory (RAM), failing or underpowered power supply, CPU overheating, motherboard, video card, faulty or unsigned device drivers, CMOS battery going bad, BIOS and firmware problems, dirty hardware components, programs hanging or unresponsive in the background, and even malware.

NTVDM.EXE has encountered a problem and needs to close. We are sorry for the inconvenience.

ntvdm.exe is process that belongs to the Windows 16-bit Virtual Machine
Troubleshooting MS-DOS-based programs in Windows XP

You should be able to see errors or information on why the NTVDM closed by looking in the Event Log. If you don't know how to do that, please refer to How To Use the Event Viewer Applet.

When doing a search on the net for 60 Second Shutdown or Shutdown initiated by NT Authority\system, you will find thousands of complaints with various causes and possible solutions. What works for one person may not work for another.

Some rootkits have been found to be accompanied by BSOD's and various stop error/shutdown messages so a rootkit check should be performed. I recommend performing an anti-rootkit scan to at least investigate that as a possible cause.

A while ago, i had downloaded a little clean-up program called Advanced WindowsCare. It scanned through your registry and things. Since having it, when right-clicking an icon, i have a "Boost with Advanced WindowsCare" option. I don't know what it is or does

Since you already Advanced WindowsCare, chances are it removed registry entries it should not have removed. Further its not a good idea to use programs you are not familiar with.

As for what "Boost with Advanced WindowsCare" option does, I suggest you contact the vendor's Technical support before further damage is caused.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users