Ntos file caused Havoc on my comp for almost a month now

[Gabe2k2]

Hi Im new to the forum but have been using Spybot Search and destroy for years it isnt the only Spyware removal tool I use but I still think its one of the best.

I`m hoping that my recent email containing the infected files will be added to Spybot detections and have created a small tool for Manual removal of this now I know what it is Etc Basically search your system32 dir for the file Ntos.exe if its there close the handles using Process Explorer

Open Process Explorer and select winlogon.exe (in the upper pane).

In the lower pane, look for the following files and close their Handles (by right clicking over it)
%windir%\system32\wsnpoem\video.dll
%windir%\system32\wsnpoem\audio.dll
%windir%\system32\ntos.exe

then delete the affending files Manually

these files can cause SVCHOST to crash
Cause problems in USERINIT
and in EXPLORER

they sent packets to Easyglimor.info, and a few others I blocked them initially firewall rules but couldnt locate the files causing the packets Hope this might help !

[Gabe2k2]

Ive created a removal tool if anyone wants it Email me

[Gabe2k2]

Seems others are having simalar problems with this Virus.

My removal tool Only removes the files responsible for the problem Ive discovered registry Entries Pointing to the problem but Im not entirely sure about which ones to remove as its in a dangerous area I tried deleteing them all and found Userinit wouldnt let me back into windows so for the moment these keys are still in my registry but simply do nothing.

[tashi]

Hello Gabe2k2.

For our members safety we do not permit people to post fixes unless a known and authorized malware fighter.

Please see: "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D

If you would like to train in malware removal there are schools available and the opportunity to learn and provide fixes.

A few samples:

Classroom.
Malware University.
Boot Camp Admission.
GTG University

Regards.

[Gabe2k2]

Any of them from England !
Besides that I also use Hijack this on a regular Basis and this time of no use whatsoever !
Ive Also been removing Malware/spyware/adware/viruses from systems for over 4 years now in my present job, using every tool available to me but thanks for the Urls taught me well one or two things that might be usefull !

[tashi]

Any of them from England !

Yes indeed.

[Gabe2k2]

I’ve also been writing software since the days of the ZX81 25 years + ago
I confess I’m not an experienced c# writer but the tools I create do the job more than adequately have already sent this tool to a few peeps and had their thanks for removing the problem.

I don’t mean to be obstinate but I feel your criticism was that I was some kind of newbie to the scene I’m not I offered a fast response to a threat that I’m hoping Spybot will include as they are much more experienced in these matters but as there time and resources are finite I offered some hope to the readers of this forum.

I was also not aware that were not actually supposed to fix fixes to our problems, perhaps I should simply and blindly send info on the problem offering no help `hmmmm then I would feel like a newbie` but as the program still doesn’t offer any removal for the problem I would still have 15 or more firewall rules and a set of missing toolbars from my Explorer.

As I say don’t mean to be rude but I know enough to offer some helpful and useful advice at times and wouldn’t have offered any advice if I wasn’t sure this would fix the problem.

By all means offer me additional advice but don’t treat me as if I don’t know what I’m doing!

[Gabe2k2]

that was quick ! lol
Oh ok your a nice guy
Hmmm ok

I guess I wont get a strop on then
so far first two url`s both all programs used do not detect this threat !
Ok checked all of the sites you offered None of which offered any tool that detects this threat lol I know Im being a pain in the bum

[Gabe2k2]

So far the only info Ive found is using a spyware program you have to pay for. Great thanks but no thanks !


Ive joined two of the forums of the above links although so far I confess It looks like I could get lost in so meny people who know very little about removal of their problems !

[Gabe2k2]

Its rare that I have any problems with malware/spyware/viruses but this one got me Hijackthis didnt really show it up the only way I found it is using a utility not mentioned on any of the above url`s and compairing it with a `clean install list` something I feel should be available both to hijack this and Process Explorer (now from Microsoft ) if you want to know more about me try this lol

Oh and dont have your volume too loud

http://Gabe2k2.youaremighty.com/