| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 78477 | 2007-04-17 03:13:00 | ntos.exe | gum digger (6100) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 541653 | 2007-04-17 03:13:00 | Hi I am trying to get rid of ntos.exe which is a extremly nasty spyware according hijackthis. ive used lavasoftadaware, also scanned using avg internet security. both of the apps are updated. when i remove using hijacthis it comes back again when windows restarted. |
gum digger (6100) | ||
| 541654 | 2007-04-17 03:24:00 | From here (www.sophos.com) Troj/Agent-ECU includes the functionality to access the internet and communicate with a remote server via HTTP. When Troj/Agent-ECU is installed it creates the file <System>\ntos.exe. The following registry entry is changed to run ntos.exe on startup: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit <System>\userinit.exe,<System>\ntos.exe, The following registry entry is set: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon pathx pathname of the Trojan executable If regedit opens, go to the above entry delete the ntos.exe entry. You may have to turn system restore off, then boot into safe mode, then delete ntos.exe. Or use trojan remover in my sig, run update it click on scan. And select the 3rd to 7th option in the utilities menu. |
Speedy Gonzales (78) | ||
| 541655 | 2007-04-17 05:44:00 | From here (www.sophos.com) Troj/Agent-ECU includes the functionality to access the internet and communicate with a remote server via HTTP. When Troj/Agent-ECU is installed it creates the file <System>\ntos.exe. The following registry entry is changed to run ntos.exe on startup: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit <System>\userinit.exe,<System>\ntos.exe, The following registry entry is set: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon pathx pathname of the Trojan executable If regedit opens, go to the above entry delete the ntos.exe entry. You may have to turn system restore off, then boot into safe mode, then delete ntos.exe. Or use trojan remover in my sig, run update it click on scan. And select the 3rd to 7th option in the utilities menu. so u mean to say i delete the key userlist which contains the ntos.exe path.? |
gum digger (6100) | ||
| 541656 | 2007-04-17 05:59:00 | Umm I've just gone there. I would run regedit, then go here (Actually I would get offline until u get rid of this, boot into safe mode to do this). HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. To the right you'll see Userinit. Double click on it, you may or should see C:\WINDOWS\system32\userinit.exe,<System>\ntos.exe, I think the <system> on yours will be C:\system(or system32)\ntos.exe,. Delete the <System>\ntos.exe, bit so it shows C:\WINDOWS\system32\userinit.exe, ONLY Reboot, then boot into safe mode, find ntos.exe then delete it. |
Speedy Gonzales (78) | ||
| 541657 | 2007-04-17 06:15:00 | Umm I've just gone there . I would run regedit, then go here (Actually I would get offline until u get rid of this, boot into safe mode to do this) . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon . To the right you'll see Userinit . Double click on it, you may or should see C:\WINDOWS\system32\userinit . exe,<System>\ntos . exe, I think the <system> on yours will be C:\system(or system32)\ntos . exe, . Delete the <System>\ntos . exe, bit so it shows C:\WINDOWS\system32\userinit . exe, ONLY Reboot, then boot into safe mode, find ntos . exe then delete it . I have made mess here . instead of doing this ive deleted userinit key . now the problem is when i come to logon screen i cannot get into any account . i click on admin for e . g . and it says loading settings . . bla then it shows wallpaper for half a sec then logs me off . . right now iam writing from windows vista which set as dual boot form xp . urgent help |
gum digger (6100) | ||
| 541658 | 2007-04-17 06:19:00 | I would have used trojan remover, it may have been easier. You may have this (www.symantec.com) Which steals information. |
Speedy Gonzales (78) | ||
| 541659 | 2007-04-17 06:29:00 | I have made mess here. instead of doing this ive deleted userinit key. now the problem is when i come to logon screen i cannot get into any account. i click on admin for e.g. and it says loading settings..bla then it shows wallpaper for half a sec then logs me off.. right now iam writing from windows vista which set as dual boot form xp. urgent help Will XP boot into safe mode?? |
Speedy Gonzales (78) | ||
| 541660 | 2007-04-18 07:31:00 | I reinstalled windows by the reapir (r) option. but now i have few questions 1) Since vista and xp pro were dual bootup i had an option to select between both. but now it straightly boots into xp. how do i fix this?. 2) I had installed few patches before using autopatcher, what happned to those?. will they be still sitting on the hard drive and doing their job?. |
gum digger (6100) | ||
| 541661 | 2007-04-18 08:25:00 | I reinstalled windows by the reapir (r) option. but now i have few questions 1) Since vista and xp pro were dual bootup i had an option to select between both. but now it straightly boots into xp. how do i fix this?. 2) I had installed few patches before using autopatcher, what happned to those?. will they be still sitting on the hard drive and doing their job?. Any windows updates will have to be reinstalled after doing a repair. give vistabootpro a try. I haven't used it myself, but it sounds like it can do what you need from it. |
Greven (91) | ||
| 541662 | 2007-04-18 10:03:00 | 1) Since vista and xp pro were dual bootup i had an option to select between both. but now it straightly boots into xp. how do i fix this?. You will have to edit boot.ini to add back the option to boot to Vista. I guess you should have made a backup of it before your did the repair. |
johnd (85) | ||
| 1 2 | |||||