«

I accidentally opened a file that was a new trojan downloader, Avast
4.7 did not detect the downloader, it downloaded some files onto my
system. A new virus which the name I am not aware of that I call
'ntos' is on my system.

The files are located in the following locations on a Windows XP
system.

C:\windows\system32\ntos.exe
C:\windows\system32\wsnpoem\video.dll
C:\windows\system32\wsnpoem\audio.dll



I'm writing this post for others to refer to but I may need help, by
booting into Recovery Console on my OEM disc, I removed the Read Only
attribute from the two DLLs and deleted them. I then removed the Read
Only from ntos and deleted it.

The effects of this virus are that you cannot keep Explorer.exe open.
Soon as you logon to your account, it will stay a blank screen. If you
try to open the explorer process in Task Manager it opens and closes
continually.

It appears not to infect system critical files, although it does bind
itself into Registry multiple times to load with 'userinit.exe', which
is required for it to start, therefore when that runs, ntos runs as
well.

Apparately, even with the removal of NTOS my system will not login
correctly, although I am going to remove those values from registry,
which can be found by performing a search for 'ntos.exe'.

Done that, still refuses to load explorer. I can't just format my hard
drive, I have a lot of video on there that I don't want to lose as I'm
not dowloading 200GB again!

I'm ****sed of currently, by a lot. Anyone can help?

You should make a post to alt.comp.anti-virus.

"Travis" <> wrote in message
news: ups.com...
>I accidentally opened a file that was a new trojan downloader, Avast
> 4.7 did not detect the downloader, it downloaded some files onto my
> system. A new virus which the name I am not aware of that I call
> 'ntos' is on my system.
>
> The files are located in the following locations on a Windows XP
> system.
>
> C:\windows\system32\ntos.exe
> C:\windows\system32\wsnpoem\video.dll
> C:\windows\system32\wsnpoem\audio.dll
>
>
>
> I'm writing this post for others to refer to but I may need help, by
> booting into Recovery Console on my OEM disc, I removed the Read Only
> attribute from the two DLLs and deleted them. I then removed the Read
> Only from ntos and deleted it.
>
> The effects of this virus are that you cannot keep Explorer.exe open.
> Soon as you logon to your account, it will stay a blank screen. If you
> try to open the explorer process in Task Manager it opens and closes
> continually.
>
> It appears not to infect system critical files, although it does bind
> itself into Registry multiple times to load with 'userinit.exe', which
> is required for it to start, therefore when that runs, ntos runs as
> well.
>
> Apparately, even with the removal of NTOS my system will not login
> correctly, although I am going to remove those values from registry,
> which can be found by performing a search for 'ntos.exe'.
>
> Done that, still refuses to load explorer. I can't just format my hard
> drive, I have a lot of video on there that I don't want to lose as I'm
> not dowloading 200GB again!
>
> I'm ****sed of currently, by a lot. Anyone can help?
>

"Travis" <> wrote in message
news: ups.com...
>I accidentally opened a file that was a new trojan
>downloader, Avast
> 4.7 did not detect the downloader, it downloaded
> some files onto my
> system. A new virus which the name I am not aware of
> that I call
> 'ntos' is on my system.
>
> The files are located in the following locations on
> a Windows XP
> system.
>
> C:\windows\system32\ntos.exe
> C:\windows\system32\wsnpoem\video.dll
> C:\windows\system32\wsnpoem\audio.dll
>
>
>
> I'm writing this post for others to refer to but I
> may need help, by
> booting into Recovery Console on my OEM disc, I
> removed the Read Only
> attribute from the two DLLs and deleted them. I then
> removed the Read
> Only from ntos and deleted it.
>
> The effects of this virus are that you cannot keep
> Explorer.exe open.
> Soon as you logon to your account, it will stay a
> blank screen. If you
> try to open the explorer process in Task Manager it
> opens and closes
> continually.
>
> It appears not to infect system critical files,
> although it does bind
> itself into Registry multiple times to load with
> 'userinit.exe', which
> is required for it to start, therefore when that
> runs, ntos runs as
> well.
>
> Apparately, even with the removal of NTOS my system
> will not login
> correctly, although I am going to remove those
> values from registry,
> which can be found by performing a search for
> 'ntos.exe'.
>
> Done that, still refuses to load explorer. I can't
> just format my hard
> drive, I have a lot of video on there that I don't
> want to lose as I'm
> not dowloading 200GB again!
>
> I'm ****sed of currently, by a lot. Anyone can help?

Make sure you disable system restore before you remove
the trojan.