StevenWhiting.com

A place for info I've learnt in IT & stuff. (I get a little kick back from affiliate ads & links, just so you are aware)

Browsing Posts tagged Virus

To help cleaning off NTOS

NTOS.exe stealth’s itself, sysinternals autorun

 http://technet.microsoft.com/en-gb/sysinternals/bb963902

will show an entry in the “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit” section where NTOS.exe is tagged on the end of the usual “C:\WINDOWS\system32\userinit.exe,” but if you set autoruns to remove the entry it will immediately reappear. When you look at the location using windows explorer it will not show the file.

Using killbox

 http://killbox.net/

Run killbox and put in the path to the naughty file – usually “c:\windows\system32\ntos.exe” – then select the replace on reboot radio button and check the ‘use dummy’ box. now click the remove file button (red with white cross). After rebbot you will be able to remove the startup entry and both see and delete the dummy NTOS.exe in %systemroot%\System32\.

http://www.pctools.com/forum/showthread.php?68896-Remove-Windows-Safemode-Malware