Ntos file caused Havoc on my comp for almost a month now

G

Gabe2k2

New member
Hi Im new to the forum but have been using Spybot Search and destroy for years it isnt the only Spyware removal tool I use but I still think its one of the best.

I`m hoping that my recent email containing the infected files will be added to Spybot detections and have created a small tool for Manual removal of this now I know what it is Etc Basically search your system32 dir for the file Ntos.exe if its there close the handles using Process Explorer

Open Process Explorer and select winlogon.exe (in the upper pane).

In the lower pane, look for the following files and close their Handles (by right clicking over it)
%windir%\system32\wsnpoem\video.dll
%windir%\system32\wsnpoem\audio.dll
%windir%\system32\ntos.exe

then delete the affending files Manually

these files can cause SVCHOST to crash
Cause problems in USERINIT
and in EXPLORER

they sent packets to Easyglimor.info, and a few others I blocked them initially firewall rules but couldnt locate the files causing the packets Hope this might help !
 
Seems others are having simalar problems with this Virus.

My removal tool Only removes the files responsible for the problem Ive discovered registry Entries Pointing to the problem but Im not entirely sure about which ones to remove as its in a dangerous area I tried deleteing them all and found Userinit wouldnt let me back into windows so for the moment these keys are still in my registry but simply do nothing.
 
Any of them from England !
Besides that I also use Hijack this on a regular Basis and this time of no use whatsoever !
Ive Also been removing Malware/spyware/adware/viruses from systems for over 4 years now in my present job, using every tool available to me but thanks for the Urls taught me well one or two things that might be usefull !
 
Last edited:
I’ve also been writing software since the days of the ZX81 25 years + ago
I confess I’m not an experienced c# writer but the tools I create do the job more than adequately have already sent this tool to a few peeps and had their thanks for removing the problem.

I don’t mean to be obstinate but I feel your criticism was that I was some kind of newbie to the scene I’m not I offered a fast response to a threat that I’m hoping Spybot will include as they are much more experienced in these matters but as there time and resources are finite I offered some hope to the readers of this forum.

I was also not aware that were not actually supposed to fix fixes to our problems, perhaps I should simply and blindly send info on the problem offering no help `hmmmm then I would feel like a newbie` but as the program still doesn’t offer any removal for the problem I would still have 15 or more firewall rules and a set of missing toolbars from my Explorer.

As I say don’t mean to be rude but I know enough to offer some helpful and useful advice at times and wouldn’t have offered any advice if I wasn’t sure this would fix the problem.

By all means offer me additional advice but don’t treat me as if I don’t know what I’m doing!
 
that was quick ! lol
Oh ok your a nice guy
Hmmm ok

I guess I wont get a strop on then
so far first two url`s both all programs used do not detect this threat !
Ok checked all of the sites you offered None of which offered any tool that detects this threat lol I know Im being a pain in the bum
 
Last edited:
So far the only info Ive found is using a spyware program you have to pay for. Great thanks but no thanks !


Ive joined two of the forums of the above links although so far I confess It looks like I could get lost in so meny people who know very little about removal of their problems !
 
Last edited:
Its rare that I have any problems with malware/spyware/viruses but this one got me Hijackthis didnt really show it up the only way I found it is using a utility not mentioned on any of the above url`s and compairing it with a `clean install list` something I feel should be available both to hijack this and Process Explorer (now from Microsoft ) if you want to know more about me try this lol

Oh and dont have your volume too loud

http://Gabe2k2.youaremighty.com/
 
Last edited:
I do know about Malware lol why are so many of you determined to insult my knowledge.

Again I have over 25 years of experience programming and have been repairing Pc`s both software and Hardware since the 90`s. I’m feeling a little insulted by the fact I may not have had the training some of you have but properly have had far more experience and repair over 10-20 computers a week infested with Malware/spyware If I had time I properly would be able to be extremely beneficial to this forum and program. However only the infestations that manage to get onto my own systems and cause problems are the ones I can devote the time and attention I have with this one others I simply delete without further investigation Vie used Hijack this and many other apps including some I’ve written Myself to find and irradiate problematic software.
 
Gabe2k2 said:
that was quick ! lol
Oh ok your a nice guy
Hmmm ok

I guess I wont get a strop on then
so far first two url`s both all programs used do not detect this threat !
Ok checked all of the sites you offered None of which offered any tool that detects this threat lol I know Im being a pain in the bum
Click to expand...

HI Gabe2k2, first off, if you just joined TomCoyote and haven't applied for the classroom there, then you are only seeing people needing help, not our classroom, secondly, with all the problems happening now, one program will not fix them, it takes a range of products and solutions to fix these problems now, if you are offering advice on a forum such as this without knowing the total picture of what needs to be fixed then you are not helping the users out there get control of thier computer back, you are only removing part of the threat on their machine.

So in closing, I would suggest you join one of the schools out there that are free to users such as mine http://TomCoyote.org/classroom/

You do have to send in an email to be approved or not and so you know, Tashi is not a dude.

Tom Coyote Wilson
http://TomCoyote.org
May your day be blessed by those you love and those you love be blessed by HIM ;-) (Tom Coyote Wilson)
 
You must log in or register to reply here.
Back
Top