stemardue

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About stemardue

  • Rank
    Newbie
  1. Hello, this is how i solved it in my PC (same problem, not able to kill the processes since 'ntos.exe' was always in use). The problem is that the application adds a key in the registry to launch 'ntos.exe' at login. The only way i know to bypass this is to not boot in windows at all. Maybe there are more elegant methods, but this one is safe and guaranteed to work (even good for other trojans/malware known to use this method of autolaunching). The trick is to use Win XP repair console that can be accessed from win xp setup disk. You need: a) access to your PC bios settings (not necessary if your pc is already set to boot from a CD) - if you do not know what is BIOS, ask a PC-skilled person to assist you for this! :angry: win XP setup cd c) to know your PC administrator password 1: be sure your pc can be booted from a CD. How? easy: put your win xp setup cd into your cd drive and restart your pc. If it boots from the cd a blue screen with the text line 'Windows XP Setup' (or similar) will appear. If it does, go to step 3 2: if you can't boot from a cd, restart your PC and as soon as it does, press the key to enter BIOS configuration (usually DEL - see the text line on your screen). Change the BIOS settings to boot from CD first, then save the settings and restart. 3: let the setup procedure load all the drivers and things it needs. Do NOT say you want to use the automated system recovery. After a short time (1-3 mins depending on your system) you will be asked if you want to setup winxp, repair the system using windows repair console or exit. Type R (choosing the repair console option). You will enter a black screen (like old dos text) and will be asked which windows (os) version you want to repair (in case more than one is found on your system) and then to enter the administrator password. After that you will have full access to your system from the console. 4: you will probably be in C:\windows - (or in the root directory of your win xp installation). Type: cd system32 <ENTER> to change to system32 folder. You can verify you are in the right place by typing: dir nto* <ENTER> to see a list of files which name starts with 'nto' If there is a 'ntos.exe' file, you are almost done! Type: ren ntos.exe ntos.aaa <ENTER> thus rendering the file unable to self launch. 5: remove your cd from the driver and type exit <ENTER> to reboot. You should now have rebooted normally into windows. you can now launch again your antispyware/antivirus whatever that will now be able to clean all the mess (spybot S&D with the latest updates does it). PS if you have a bootable diskette or cd that grants you access to your HD files and win root directory, you can use that instead of the xp repair console as well. The main thing is to rename or delete the ntos.exe file in windows/system32 folder.