Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Information > NTOS.exe virus

Reply
Thread Tools

NTOS.exe virus

 
 
Travis
Guest
Posts: n/a
 
      06-07-2007
I accidentally opened a file that was a new trojan downloader, Avast
4.7 did not detect the downloader, it downloaded some files onto my
system. A new virus which the name I am not aware of that I call
'ntos' is on my system.

The files are located in the following locations on a Windows XP
system.

C:\windows\system32\ntos.exe
C:\windows\system32\wsnpoem\video.dll
C:\windows\system32\wsnpoem\audio.dll



I'm writing this post for others to refer to but I may need help, by
booting into Recovery Console on my OEM disc, I removed the Read Only
attribute from the two DLLs and deleted them. I then removed the Read
Only from ntos and deleted it.

The effects of this virus are that you cannot keep Explorer.exe open.
Soon as you logon to your account, it will stay a blank screen. If you
try to open the explorer process in Task Manager it opens and closes
continually.

It appears not to infect system critical files, although it does bind
itself into Registry multiple times to load with 'userinit.exe', which
is required for it to start, therefore when that runs, ntos runs as
well.

Apparately, even with the removal of NTOS my system will not login
correctly, although I am going to remove those values from registry,
which can be found by performing a search for 'ntos.exe'.

Done that, still refuses to load explorer. I can't just format my hard
drive, I have a lot of video on there that I don't want to lose as I'm
not dowloading 200GB again!

I'm ****sed of currently, by a lot. Anyone can help?

 
Reply With Quote
 
 
 
 
Mr. Arnold
Guest
Posts: n/a
 
      06-07-2007
You should make a post to alt.comp.anti-virus.

"Travis" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I accidentally opened a file that was a new trojan downloader, Avast
> 4.7 did not detect the downloader, it downloaded some files onto my
> system. A new virus which the name I am not aware of that I call
> 'ntos' is on my system.
>
> The files are located in the following locations on a Windows XP
> system.
>
> C:\windows\system32\ntos.exe
> C:\windows\system32\wsnpoem\video.dll
> C:\windows\system32\wsnpoem\audio.dll
>
>
>
> I'm writing this post for others to refer to but I may need help, by
> booting into Recovery Console on my OEM disc, I removed the Read Only
> attribute from the two DLLs and deleted them. I then removed the Read
> Only from ntos and deleted it.
>
> The effects of this virus are that you cannot keep Explorer.exe open.
> Soon as you logon to your account, it will stay a blank screen. If you
> try to open the explorer process in Task Manager it opens and closes
> continually.
>
> It appears not to infect system critical files, although it does bind
> itself into Registry multiple times to load with 'userinit.exe', which
> is required for it to start, therefore when that runs, ntos runs as
> well.
>
> Apparately, even with the removal of NTOS my system will not login
> correctly, although I am going to remove those values from registry,
> which can be found by performing a search for 'ntos.exe'.
>
> Done that, still refuses to load explorer. I can't just format my hard
> drive, I have a lot of video on there that I don't want to lose as I'm
> not dowloading 200GB again!
>
> I'm ****sed of currently, by a lot. Anyone can help?
>


 
Reply With Quote
 
 
 
 
Neil Green
Guest
Posts: n/a
 
      06-07-2007

"Travis" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
>I accidentally opened a file that was a new trojan
>downloader, Avast
> 4.7 did not detect the downloader, it downloaded
> some files onto my
> system. A new virus which the name I am not aware of
> that I call
> 'ntos' is on my system.
>
> The files are located in the following locations on
> a Windows XP
> system.
>
> C:\windows\system32\ntos.exe
> C:\windows\system32\wsnpoem\video.dll
> C:\windows\system32\wsnpoem\audio.dll
>
>
>
> I'm writing this post for others to refer to but I
> may need help, by
> booting into Recovery Console on my OEM disc, I
> removed the Read Only
> attribute from the two DLLs and deleted them. I then
> removed the Read
> Only from ntos and deleted it.
>
> The effects of this virus are that you cannot keep
> Explorer.exe open.
> Soon as you logon to your account, it will stay a
> blank screen. If you
> try to open the explorer process in Task Manager it
> opens and closes
> continually.
>
> It appears not to infect system critical files,
> although it does bind
> itself into Registry multiple times to load with
> 'userinit.exe', which
> is required for it to start, therefore when that
> runs, ntos runs as
> well.
>
> Apparately, even with the removal of NTOS my system
> will not login
> correctly, although I am going to remove those
> values from registry,
> which can be found by performing a search for
> 'ntos.exe'.
>
> Done that, still refuses to load explorer. I can't
> just format my hard
> drive, I have a lot of video on there that I don't
> want to lose as I'm
> not dowloading 200GB again!
>
> I'm ****sed of currently, by a lot. Anyone can help?


Make sure you disable system restore before you remove
the trojan.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
virus or not virus Dangermouse Computer Support 5 10-13-2005 01:57 PM
SWsoft Acronis Disk Director Suite 9.0 Build 508, Acronis OS Selector 8.0 Build 917, Acronis Partition Expert 2003 Build 292, Acronis Power Utilities 2004 Build 502, F-SECURE.ANTI vIRUS.PROXY v1.10.17.WINALL, F-SECURE.ANTI vIRUS v5.50.10260 for CITRI vvcd Computer Support 0 09-25-2004 01:38 AM
Virus in virus? DS Computer Support 3 02-08-2004 09:30 AM
Virus, Virus, Virus..... Phil B Computer Support 2 09-22-2003 05:02 PM



Advertisments