Question

Locked

ntvdm.exe error

By davidofgold ·
ntvdm.exe keeps displaying an error message saying "C:\Documents and Settings\Adminstrator\O3Z7A5~1.EXE the NTVDM CPU has encountered an illegal instruction.CS:056a IP:010b OP:63 74 65 64 20 Choose 'Close' to terminate the application". when this happens, a file is created in the folders specified above. i keep deleting the ffolder but the message pops up every now and then. Kaspersky antivirus also shows a message saying C:\WINDOWS\EXPLORER.EXE (PID 2960)loading object http://www.sitepalace.com/pregy/Encsp2.jpeg containing malicious URL. access denied. i think a virus must have corrupted explorer.exe but i dont know what to do cos i do not want to format the machine.(its running MS windows xp home edition). some one should please help me out. thanks

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Run a scan.

by seanferd In reply to ntvdm.exe error

First, run a manually initiated scan with Kaspersky.

If that doesn't work, try http://malwarebytes.org . Install and update this, turn off System Restore, reboot into Safe Mode, and run MBAM until you get clean results.

If it isn't the Administrator account which is infected, you likely wouldn't have to wipe everything in the worst case. If it is the Administrator account, stop using the Admin account for normal use, it is very bad practice.

Collapse -

And if the above doesn't work

by OH Smeg In reply to ntvdm.exe error

You can use one of the Rescue Disc's listed here

http://blogs.techrepublic.com.com/security/?p=3803&tag=content;leftCol

However depending on what the infection is you may find that cleaning the system destroys the OS. If that's the case you need to perform a In Place/Upgrade Install of the OS.

While a nuisance it's still easier than a Wipe and Reload, not to mention much faster.

Col

Back to Malware Forum
3 total posts (Page 1 of 1)  

Security Forums