Saved Bookmarks
| 1. |
Solve : Windows cannot find NTDETECT.exe? |
|
Answer» I was just requesting an answer to the question.Michael, there is a reason why I told you to rename HiJackThis.exe to something else like HJT2K6.exe for example, some malware will hide from HiJackThis if you don't rename the executable. In addition to that it doesn't look like you deleted the C:\Program Files\CNNIC folder, you need to do so. Also, run another HJT scan (normal mode should be fine as long as system restore is still off) and put a check next to the following and fix it: I was just requesting an answer to the question. So here is it: Quote I did googled for it...but I was googled for the error message and not "ntdetect" only...seems that was why i got nonsense results that day...Quote Michael, there is a reason why I told you to rename HiJackThis.exe to something else like HJT2K6.exe for example, some malware will hide from HiJackThis if you don't rename the executable.I am sorry that I misunderstood that and didn't read carefully.....I mis-read that you said renaming the log file HijackThis.txt to something else (in order to avoid overwriting). Quote In addition to that it doesn't look like you deleted the C:\Program Files\CNNIC folder, you need to do so.The folder does not exist. Quote Anyway, in regards to your original problem...I need you to clarify something. At first you said NTDETECT.exe and now you say NTDETECT.COM so which is it?Yes, initially when I clicked on the drives, a dialogue box will pop up saying that [highlight]NTDETECT.exe[/highlight] cannot be found. Which seems to be a threat. But after I follow what suggested by pcdoc4christ in Quote These might help:, it has became the situation now, where when I click on the drive, [highlight]NTDETECT.com[/highlight] will run in a blank command prompt windows for less than 2 seconds, then nothing happen.Michael, it is possible that the C:\Program Files\CNNIC folder is hidden. If it wasn't still there then the last file I told you to fix with HJT wouldn't exist as it resides in a sub-directory of that folder. Just to be sure boot into safe mode and double-check. Make sure Windows Explorer is set to show hidden files and folders (Tools > Folder Options > View > Hidden files and folders >click Show hidden files and folders and then click Apply then OK) As for the original problem, try this: Download the attached zip file and apply it like you did the one before. Extract the reg file, right-click and choose Merge. After the reg file has been successfully imported reboot (important) and then check if the problem still persists. - JPHI have unhide all hidden and system files, and the CNNIC folder is not found. I've done what you suggest with the Fix.reg, but that doesn't change anything. Please refer the attached latest HJT log file (I renamed the HijackThis.exe to ABC123.exe) Thanks. Michael, I don't see anything malicious in your new HJT logfile. I can't believe I didn't catch this before but... If Autoplay is an option when you right-click the C:\ drive... Go into your C:\ drive with Windows Explorer and see if there is a autorun.inf file there. If so DELETE it. - JPHWhen I right click on C: or D:, the options AVAILABLE in the upper section are: (weird character) AutoPlay Search... Open Explore Scan with AVG Anti-Spyware System Information After I deleted the Autorun.inf in both C:\ and D:\ , things are back to normal with the weird characters gone! So I guess the Autorun.inf was create by the Autodetect.exe virus? What else does the virus do? Thanks.The autorun.inf files and the strange character when right-clicking on the drives was probably a result of the Chinese infection. The "weird character" was probably Chinese letters or a fubar'd displaying of Chinese characters. NTDETECT.EXE was most likely just a trojan downloader, it's job was to install the Chinese malware. Anyway, I'm glad things are back to normal now. Thanks for reporting back. You can turn system restore back on now if you haven't already and create a new restore point. - JPH |
|