Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to fix infected ntuser.dat.log1&log2 ?


  • Please log in to reply
6 replies to this topic

#1 madhava004

madhava004

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 24 December 2014 - 09:32 AM

In my windows 8.system I have founded ntuser.DAT.log1&2 when I scanned with avast it shows infected and I can't delete it and I have tried hide files also plz fix it guyz plz


Edited by hamluis, 24 December 2014 - 03:02 PM.
Moved from Win 8 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dicke

dicke

    Paraclete


  • Members
  • 2,189 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charlotte, NC
  • Local time:04:23 AM

Posted 24 December 2014 - 02:25 PM

It would appear that you need trained assistance

I've asked a moderator to move the thread t the correct forum so you can get help


Stay well and surf safe [stay protected]

Dick E


#3 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 24 December 2014 - 04:20 PM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this.

:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points

:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

:step4: Please download Malwarebytes Anti-Rootkit to your desktop

  • Double click it and click ok (Make sure to extract it to your desktop)
  • When it opens, click next and then update.
  • After it's updated, click next and then scan.
  • If malware is detected, select clean, then restart your computer.
  • Open 'MBAR' on your desktop and paste the contens in your reply of the following logs:
  • mbar-log-xx.xx.xx.txt and system-log.txt.

:step5: Non-malware removal steps

Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup

Thanks and good luck!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA

Posted 26 December 2014 - 05:24 PM

Hello, those files are logs of changes that have been made to the user registry hives (ntuser.dat) 1& 2.

These are hidden files so how are you seeing them?

Avast is saying Ntuser 1 & 2 are infected.. Can you post the avast log?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 madhava004

madhava004
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 26 December 2014 - 10:16 PM

Hello actually I have lenovo laptop so I pressed rescue button reinstalled the win 8.1 and I have scanned with win thrust by Microsoft and I have cleared registry problems with tat software and now I have found ntuser.DAT and ntuser.dat.back what are these ? and does it cause problem or not ?

#6 madhava004

madhava004
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 26 December 2014 - 10:20 PM

Hello actually I have lenovo laptop so I pressed rescue button reinstalled the win 8.1 and I have scanned with win thrust by Microsoft and I have cleared registry problems with tat software and now I have found ntuser.DAT and ntuser.dat.bak what are these ? and does it cause problem or not ?
Now I have McFee internet security !!!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA

Posted 26 December 2014 - 11:27 PM

They are backups of your registry file. (ntuser.dat)

These are hidden files and should ont be actually seen.

Windows NT User data = nt user dat... log file of user data changes (in registry).

Those files are logs of changes that have been made to the user registry hives

If you run regedit and browse to HK_Current_User everything there is contained in that file.

Now if this is infected, it would be by a rootkit and we will need a new post for a deeper look to be certain. The tools above would not help.

To do so you need to follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Where the guide requests a DDS log you will need to use RSIT below instead as WIN8.1 will not accept DDS..

Let me know if all went well.


Please download RSIT by random/random from the link provided for your operating system and save it to your desktop.This tool needs to run while the computer is connected to the Internet. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everything and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.

Edited by boopme, 26 December 2014 - 11:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users