July 21st, 2005, 07:30 PM
hey, i just scanned my computer with nortons free scan online because my subscribtion has expired...take a look at the screenshot. Now i was wondering what this is...NTDETECT, and is it really a trojan =\? cause it said it was created on may...and at that time i had norton and it didnt say anything about it, so im wondering if this is a real threat? or...is norton just making this up trying to get me to buy their product? can anyone help me here and give me advice on what to do?
July 21st, 2005, 07:35 PM
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
July 21st, 2005, 07:42 PM
oh, hmms it didnt attach it, here...
July 21st, 2005, 07:50 PM
http://img150.imageshack.us/img150/9...eenshot8yg.png okay its not attaching so i uploaded it to imageshack, take a look thanks. oh yeah now im scanning it with mcafee...it also says that file is infected
July 21st, 2005, 07:59 PM
It may not have been a known threat to your version of Norton back in May. And since you've let Norton expire, it wouldn't update anymore, I believe.
The online scan, however, is probably using their latest virus signatures. It's certainly a Bad Sign (TM) if 2 reputable AV vendors say it's an infected item.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
July 21st, 2005, 09:07 PM
Do a search in Explorer and find how many ntdetect files you have...............DON'T give the extension, it should be C:\ntdetect.com
July 22nd, 2005, 02:48 AM
haha, seems like my file is infected...mines C:\ntdetect.hta
July 22nd, 2005, 03:05 AM
Yep, if u read look at it in explorer, it says HTML app. You can show the extensions if you want....
that pretty much covers it :-D
July 22nd, 2005, 09:52 AM
Its wierd that its a html document beause my googeling say's that NTDETECT is the program that detects new hardware for NT. Even wierder is that, from the looks of your screenshot your using XP. If i where you i would delete it, and run in safe modand scan again.
July 22nd, 2005, 10:17 AM
Please be careful, ntdetect.com is a valid file that Windows needs.
I would update my AV, reboot into SAFE MODE and run a full AV scan. Let's see if the AV can clean/repair the file.
If it can't you have a variety of choices depending on your Windows version. Go back to a recovery point, run a repair install or extract the required file from your installation CD. In all cases rename the infected file ntdetect.old and reboot, then check to see if ntdetect.hta has reappeared.
When you have a clean copy of ntdetect.com, delete the ntdetect.old file. Boot into safe mode and run your AV scan again. Then create a new recovery point manually and delete all the older ones.
If you have to rename the file and you get an error message on reboot, you should be able to ignore it. If you can't, try it in safe mode, as that should stop Windows trying to check for new hardware..