If you’re using the Operating System called Windows, chances are that you might have already come across the ntdetec1.exe virus. Or you will, sooner or later.
Its official name is W32.Ceted and it is a worm that copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.
Related files:
\ntdetec1\ntdetec1.exe
\ntdetec1\cmrss.exe
\ntdetec1\run.exe
\ntdetec1\shell32.exe
\ntdetec1\drivelist.txt
\ntdetec1\child\autorun.inf
\ntdetec1\child\ntdetec1.exe
Symptoms:
1. Task Manager closes as soon as it launches.
2. RegEdit may be inaccesible
3. Folder Options may be inaccessible
When I scanned using some anti-virus software, Nod32, Symantec AV Corporate, McAfee and AVG failed to detect the files, even in Safe Mode.
To remove it, run the following commands at the command prompt:
taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe
Now, make sure you are in the root drive of your system. For example, if your Windows in installed in C:, make sure your prompt shows C:\>
Now, run the command..
attrib ntdetec1 -s -h -r /s /d
(s->system,h->hidden,r->read only)
This will make the folder visible in explorer. Now you can Shift+Delete the folder from explorer.
Also, you might need to delete the following registry key (if it is present)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"
Congratulations, this will remove all known traces of the above worm.
And remember, next time you use someone’s PD, before you access it, goto your command prompt and delete the autorun.inf file if any.
Friday, May 16, 2008
Subscribe to:
Post Comments (Atom)
1 comment:
I tried NOD32 and it couldn't delete it. Then I tried deleting .exe file from C: drive. The file got deleted and did not get copied again as it used to happen in my removable drives. The next time, I rebooted my PC, it says "ntdetec1 failed" reboots again, again says "ntdetec1 failed" reboots again and so on. What should I do ??
Post a Comment