| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 83932 | 2007-10-18 06:12:00 | What's Indt.sys? Need help!!!!! | aklthomas (12936) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 602867 | 2007-10-20 04:28:00 | Boot into safe mode and delete indt.sys That msspa.exe file by the looks of it, can also use these filenames 95366238.EXE MSSPA.EXE__DELETE_ON_REBOOT 36891883.EXE 14307618.EXE 45165281.EXE 06530601.EXE DC30.EXE 88175924.EXE 24476684.EXE 67655057.EXE 63131571.EXE 15645866.EXE See if any of these filenames are on your hdd. |
Speedy Gonzales (78) | ||
| 602868 | 2007-10-20 09:06:00 | Do it in Safe Mode. | mark c (247) | ||
| 602869 | 2007-11-13 17:27:00 | I have that same issue - the indt.sys file keeps popping up on startup, it tries to access some web sites without running IE. I can hear the click sounds IE makes when loading pages, and a voice comes from the speakers from some site, I check TaskMgr and IE is not running, while it is doing these things. The only thing in your posts I am unable to do is run services.mmc, I've tried from both the control panel and the command line. I get a message that says it either does not exist, is not a console, was made by a later version of MMC or I do not have rights to run it. I am the only person on the machine and am in the admin group. I did everything else you guys mention in safe mode, and I did a search of the registry and found all the files you mention is post #11, I deleted all those entries (found in hkey.current.user/software/microsoft/searchassistant/acmru/5604). I then did a search for all those files again, plus *ndt*.* and it came up with no results, so it appears the registry is clean of those files. I also deleted the file indt.sys from the system32 directory. I did a search of the windows directory/subdirectories for those mentioned files, nothing found. After I rebooted the indt.sys was still found by Kaspersky, and it continued to try to access the net. Any more suggestions? |
carvin (12937) | ||
| 602870 | 2007-11-13 18:40:00 | What folder is Kaspersky, picking it up in Carvin?? | Speedy Gonzales (78) | ||
| 602871 | 2007-11-13 22:04:00 | the c:\windows\system32 directory it finds both Indt2.sys and ndt2.sys | carvin (12937) | ||
| 602872 | 2007-11-13 22:51:00 | Get trojan remover and rogueremover in my sig. If u havent yet. Update both. Then click on scan |
Speedy Gonzales (78) | ||
| 602873 | 2007-11-13 23:31:00 | I've downloaded and ran both and they don't find any problems, I've updated Kasperski AV and it doesn't find any problems. At the same time as these are all running, and as I am writing this on another computer, I hear the click of IE pages loading on that pc. But there is no IExplorer.exe listed in taskmgr, so I know something is trying to access the web behind the scenes. I have IE security set to the highest possible settings (I don't use IE, I use Firefox). Wish there was a way to simply turn off IE altogether. | carvin (12937) | ||
| 602874 | 2007-11-13 23:43:00 | Post a hijackthis log, its in my sig below. We'll see what else is in it. You may have to disable system restore later. |
Speedy Gonzales (78) | ||
| 602875 | 2007-11-13 23:54:00 | try Downloading the Free spyware Doctor in my sig also, install, update then go into the settings button > Scan Settings, tick " Scan for Rootkits" Scan the PC. Also look for this - Go to: Start > Run Type: services.msc Click Enter, Look for "perfmons Service", If its there ( thats the exact spelling without the "" Nothing else) Right click it and select "Properties" Click the "Stop" button and wait for the service to be stopped. Change the "Startup Type" from Automatic to "Disabled" (c/o drop-down menu) Click Apply then OK - Close window - Run Cleaners. |
wainuitech (129) | ||
| 602876 | 2007-11-14 00:23:00 | I have a full scan (Kaperski) running, and will run a full scan with Spyware Doctor when it is finished. I ran HT, below is the log - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:55:43 PM, on 11/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\FRAPS\FRAPS.EXE C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\Steam\Steam.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKCU\..\Run: [MOMORacingFixCenter] "C:\Documents and Settings\Chip\MOMORacingFixCenter.exe" 0 O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{3D908EA4-466D-41AE-82EB-38F1BC000A17}: NameServer = 68.2.16.30,68.1.208.30 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\System32\locator.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6948 bytes |
carvin (12937) | ||
| 1 2 3 4 5 6 | |||||