what the hell is ntsysmgr.exe
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: what the hell is ntsysmgr.exe

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    6

    what the hell is ntsysmgr.exe

    what is it anyway

  2. #2
    http://www.google.com/search?hl=en&i...=Google+Search

    Removing Autostart Entries from the Registry

    Removing autostart entries from the registry prevents the malware from executing during startup.

    To remove the malware autostart entries:

    1. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
    2. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>Run
    3. In the right panel, locate and delete the entry:
    Microsoft System Checkup = "ntsysmgr.exe"
    4. In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>Software>Microsoft>
    Windows>CurrentVersion>RunServices
    5. In the right panel, locate and delete the entry or entries:
    Microsoft System Checkup = "ntsysmgr.exe"
    6. Close Registry Editor.
    It's WORM_SDBOT.SE

    Removal Instructions: http://uk.trendmicro-europe.com/ente...=WORM_SDBOT.SE
    StreetsCrack.com Join The Best Music Social Network Online. Music downloads, promotions, forums, profile, games etc...

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Evening,

    Sorry to be one of the bearers of bad news, but you most likely got worms

    W32/Sdbot-OC copies itself to the Windows system folder as NTSYSMGR.EXE and as COOL.EXE and creates entries in the registry at the following locations with the value Microsoft System Checkup so as to run itself on system startup:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\

    See:

    http://www.sophos.com/virusinfo/anal...32sdbotoc.html

    The link also lists the cleanup procedures.

    http://www.sophos.com/support/disinfection/worms.html


    W32/Sdbot-OC is a network worm which contains IRC backdoor Trojan functionality, allowing unauthorised remote access to the infected computer.

    Turns off anti-virus applications
    Allows others to access the computer
    Uses its own emailing engine
    Downloads code from the internet
    Records keystrokes
    Aliases
    Worm.Win32.Donk.d
    WORM_SDBOT.SE


    edit: a minute late....lol
    Connection refused, try again later.

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Thanks for ruining my night guys.. now I have to spend it updating the script i posted in the other thread....

    peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Banned
    Join Date
    Jul 2004
    Posts
    297
    A quick google, whatis.com, and search of tech net knowledge base. leads me to one conclusion.
    Since I also use xp. (pro) and the file your asking about does not reside anywhere in my windows folders. Then chances are that google hit it right on the head. There is a good chance that file could be related to some type of mal ware or virus/trojen. Before you jump to any conclusions, update your virus def's, manually if need be, and do a quick scan of your system.
    edit: if you have any problems with getting your virus scanner to work correctly you might have to do an online scan. for this i would recommend http://housecall.trendmicro.com
    There online scanner is free and decent as far as an online scanner goes.
    re edit: darn i type too slow.

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I've now added this to my batch file for killing and removing the guilty files...

    You can grab it @ http://www.antionline.com/showthread...897#post790853

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Junior Member
    Join Date
    Sep 2004
    Posts
    6
    are there patch for this crazy ass worm

  8. #8
    Senior Member
    Join Date
    Feb 2004
    Location
    Near Manchester (England)
    Posts
    145

    Question You're A Tad Vague...

    Originally posted by fiercekid84

    are there patch for this crazy ass worm
    A patch for which software? XP Pro, Your Anti-Virus (we'll need to know what you're using), firewall (again we'll need to know what you're using), monitoring software (yet again, we'll need to know what you're using (do you see a trend here? lol))?

    Please provide more information to help us help you.
    Tomorrow is another day for yesterdays work!

  9. #9
    Junior Member
    Join Date
    Sep 2004
    Posts
    6
    i am using window xp no sp1 or sp2
    gforcemx 440
    512mb ram pc133
    benq 822a dvd rw
    pentium 3 866mhz

  10. #10
    Junior Member
    Join Date
    Sep 2004
    Posts
    6
    oh ya i am not using any anti-virus software or firewall

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •