NTOS.exe virus

Discussion in 'Computer Information' started by Travis, Jun 7, 2007.

  1. Travis

    Travis Guest

    I accidentally opened a file that was a new trojan downloader, Avast
    4.7 did not detect the downloader, it downloaded some files onto my
    system. A new virus which the name I am not aware of that I call
    'ntos' is on my system.

    The files are located in the following locations on a Windows XP
    system.

    C:\windows\system32\ntos.exe
    C:\windows\system32\wsnpoem\video.dll
    C:\windows\system32\wsnpoem\audio.dll



    I'm writing this post for others to refer to but I may need help, by
    booting into Recovery Console on my OEM disc, I removed the Read Only
    attribute from the two DLLs and deleted them. I then removed the Read
    Only from ntos and deleted it.

    The effects of this virus are that you cannot keep Explorer.exe open.
    Soon as you logon to your account, it will stay a blank screen. If you
    try to open the explorer process in Task Manager it opens and closes
    continually.

    It appears not to infect system critical files, although it does bind
    itself into Registry multiple times to load with 'userinit.exe', which
    is required for it to start, therefore when that runs, ntos runs as
    well.

    Apparately, even with the removal of NTOS my system will not login
    correctly, although I am going to remove those values from registry,
    which can be found by performing a search for 'ntos.exe'.

    Done that, still refuses to load explorer. I can't just format my hard
    drive, I have a lot of video on there that I don't want to lose as I'm
    not dowloading 200GB again!

    I'm pisssed of currently, by a lot. Anyone can help?
    Travis, Jun 7, 2007
    #1
    1. Advertising

  2. Travis

    Mr. Arnold Guest

    You should make a post to alt.comp.anti-virus.

    "Travis" <> wrote in message
    news:...
    >I accidentally opened a file that was a new trojan downloader, Avast
    > 4.7 did not detect the downloader, it downloaded some files onto my
    > system. A new virus which the name I am not aware of that I call
    > 'ntos' is on my system.
    >
    > The files are located in the following locations on a Windows XP
    > system.
    >
    > C:\windows\system32\ntos.exe
    > C:\windows\system32\wsnpoem\video.dll
    > C:\windows\system32\wsnpoem\audio.dll
    >
    >
    >
    > I'm writing this post for others to refer to but I may need help, by
    > booting into Recovery Console on my OEM disc, I removed the Read Only
    > attribute from the two DLLs and deleted them. I then removed the Read
    > Only from ntos and deleted it.
    >
    > The effects of this virus are that you cannot keep Explorer.exe open.
    > Soon as you logon to your account, it will stay a blank screen. If you
    > try to open the explorer process in Task Manager it opens and closes
    > continually.
    >
    > It appears not to infect system critical files, although it does bind
    > itself into Registry multiple times to load with 'userinit.exe', which
    > is required for it to start, therefore when that runs, ntos runs as
    > well.
    >
    > Apparately, even with the removal of NTOS my system will not login
    > correctly, although I am going to remove those values from registry,
    > which can be found by performing a search for 'ntos.exe'.
    >
    > Done that, still refuses to load explorer. I can't just format my hard
    > drive, I have a lot of video on there that I don't want to lose as I'm
    > not dowloading 200GB again!
    >
    > I'm pisssed of currently, by a lot. Anyone can help?
    >
    Mr. Arnold, Jun 7, 2007
    #2
    1. Advertising

  3. Travis

    Neil Green Guest

    "Travis" <> wrote in message
    news:...
    >I accidentally opened a file that was a new trojan
    >downloader, Avast
    > 4.7 did not detect the downloader, it downloaded
    > some files onto my
    > system. A new virus which the name I am not aware of
    > that I call
    > 'ntos' is on my system.
    >
    > The files are located in the following locations on
    > a Windows XP
    > system.
    >
    > C:\windows\system32\ntos.exe
    > C:\windows\system32\wsnpoem\video.dll
    > C:\windows\system32\wsnpoem\audio.dll
    >
    >
    >
    > I'm writing this post for others to refer to but I
    > may need help, by
    > booting into Recovery Console on my OEM disc, I
    > removed the Read Only
    > attribute from the two DLLs and deleted them. I then
    > removed the Read
    > Only from ntos and deleted it.
    >
    > The effects of this virus are that you cannot keep
    > Explorer.exe open.
    > Soon as you logon to your account, it will stay a
    > blank screen. If you
    > try to open the explorer process in Task Manager it
    > opens and closes
    > continually.
    >
    > It appears not to infect system critical files,
    > although it does bind
    > itself into Registry multiple times to load with
    > 'userinit.exe', which
    > is required for it to start, therefore when that
    > runs, ntos runs as
    > well.
    >
    > Apparately, even with the removal of NTOS my system
    > will not login
    > correctly, although I am going to remove those
    > values from registry,
    > which can be found by performing a search for
    > 'ntos.exe'.
    >
    > Done that, still refuses to load explorer. I can't
    > just format my hard
    > drive, I have a lot of video on there that I don't
    > want to lose as I'm
    > not dowloading 200GB again!
    >
    > I'm pisssed of currently, by a lot. Anyone can help?


    Make sure you disable system restore before you remove
    the trojan.
    Neil Green, Jun 7, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    520
    DaveW
    Sep 22, 2003
  2. \Oldschool\ Scotty Flamingo

    What are spoolsv.exe and svchost.exe?

    \Oldschool\ Scotty Flamingo, Oct 10, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    2,977
  3. gary

    QUICKEN.EXE & others with EXE

    gary, Jan 18, 2004, in forum: Computer Support
    Replies:
    12
    Views:
    905
    William Poaster
    Jan 19, 2004
  4. Mike

    ABOARD.EXE and AOSD.EXE

    Mike, Feb 22, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    3,932
    lightning_b0lt
    Feb 24, 2004
  5. Muse Gruppes

    jobseekertool.exe/ntos.exe virus/phisher

    Muse Gruppes, Jan 11, 2007, in forum: Computer Support
    Replies:
    7
    Views:
    1,058
    Walter Mautner
    Jan 13, 2007
Loading...

Share This Page