NTDETECT

Discussion in 'NOD32 version 2 Forum' started by Deja, Aug 13, 2006.

Thread Status:
Not open for further replies.
  1. Deja

    Deja Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    3
    Just became a member (3 years) and really enjoy NOD32.
    Things are set and checked according to Blackspears guide.

    NOD32 picked up a variant of Win32/agent.OH trojan successfully.
    Afterwards however, when I look on my C drive I find a 3kb application (NTDETECT) which was created at exactly the same time as NOD32 picked up the trojan (checked the log).

    Do I need to worry, or is this application safe?

    Deja
     
  2. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Have a look here: http://www.processlibrary.com/directory/files/NTDETECT/

     
  3. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    Perhaps you should submit this to ESET? Or also upload it at VirusTotal and Jotti's online malware scan
     
  4. ASpace

    ASpace Guest

    I also agree , submit it to VirusTotal (but be patient) and then you may post the result here .This way if you use default settings VirusTotal will distribute this sample to all vendors which say no malware

    Also submit it to ESET's labs samples@eset.com

    If this is shown to be malware by many vendors , you can delete it.

    • Update your NOD32
    Open its Control Center -> Update -> Update now , The latest signature is 1.1705

    • Boot in Safe Mode
    Do this by repeatedly typing F8 while Windows is starting before Windows logo appears.
    Then you'll open the Windows Advanced menu where you can choose to boot
    the hard drive in SAFE MODE


    and as show here perform full Scan & Clean with the on-demand scanner

    When you have cleaned , you need to disable System Restore in Windows XP because it is really possible to have restore points infected which you don't need
    Turn System Restore OFF
    >>> Right click on My Computer->Properties->System Restore
    Check Turn off system restore and Click Apply . Then uncheck it and apply to enable it again

    :D
     
  5. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    To be clear, the NT-based versions of Windows (NT, 2000, XP...) all have a C:\NTDETECT.COM file that is used when booting. However, this is usually a read-only hidden system file. Its date will usually be from the time you installed Windows on the computer, or maybe when you installed a new Service Pack on the computer.

    Any other NTDETECT file, such as NTDETECT.EXE, should be regarded with suspicion.
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I should have pointed that out, but since he asked for the .exe version I kept it simple :)
     
Thread Status:
Not open for further replies.