Computer help forum: MALWARE?? XP PROBLEMS!

I typed "C:\WINDOWS\SYSTEM32\AUTOEXEC.NT"into Google and got a number of results.

Try this advice from I am not a geek, and see if it helps.

http://www.iamnotageek.com/a/413-p1.php

You may also want to consider downloading another anti-spyware program like Spywareblaster from;

http://www.javacoolsoftware.com/spywareblaster.html

Spybot recognises that Spywareblaster compliments it for ActiveX control protection.

Also, do an online scan at http://housecall.trendmicro.com , set the scan to fix all problems, and see if it finds anything.

Good luck

Mark

Bob,you wrote: It appears you are still using Internet Explorer and without SP2 it is open to Hijacks, Malware, and outright exploitation of your machine. Even with SP2, there are still unpatched exploits.

If you can't install SP2 and even if you can... Use of Internet Explorer today is just too dangerous.

Select any other non-Microsoft browser and install a Firewall.

As I said in my original post, I check for updates and run Spybot and ad-aware daily. I run a regularly updated zonealarm. I have all windows updates OTHER than SP2, which I avoid due to problems I hear about it's compatibility with other programs. As I already use windows update and a better firewall, why get it?
I also use firefox for browsing sites it works for.

The AUTOEXEC.NT. error is annoying, and when I use msconfig I see nothing that it might be from. The bigger problem by far is how slow this machine has become. With no hardware changes, programs that used to start immidiately now take from 8 to over 20 seconds to respond, even with NO other than background tasks open!

Anyone have any suggestions?

Bob, I don't mean to be rude, but your post makes NO sense! "XP SP2 was getting 1% of the attacks and more.
You've decided to stick with the most insecure of the XP versions"
??? I am NOT, as the article you cite says!

The USA Today article says "By contrast, there were fewer than four attacks per hour against the Windows XP updated with a basic firewall and recent patches (Service Pack 2), the Linspire with basic firewall and the Windows XP with ZoneAlarm firewall.

"The firewalls did their job," says Russell. "If you can't get to them, you can't attack them"..." There were no successful compromises of the Macintosh, the Linspire or the two Windows XPs using firewalls"

So how have I "decided to stick with the most insecure of the XP versions" ???
I have for years run the most up to date Zone Alarm version available. And frankly, I'm trying to get help FIXING a problem, not being told how I'm doing things incorrectly. Even if I Agreed with "You made this choice so it's time to decide when you want to clean it up and move to higher ground." I AM trying to clean it up! And what Higher ground IS there?

I am posting what seems to be a partial solution from Microsoft. I don't know HOW to implement it, and it does NOT say what 16bit program keeps trying to run that triggers it. But when I try to open command.com I get the same error, which according to this shows there is a problem with the NTVDM subsystem. But it goes on to say "and you should check the following items:" but I don't know how to do that either!

http://support.microsoft.com/kb/314106

All tech help gratefully accepted!

Here is the full text of the link:
Troubleshooting MS-DOS-based programs in Windows XP
Article ID : 314106
Last Review : April 29, 2004
Revision : 1.0
This article was previously published under Q314106
For a Microsoft Windows 2000 version of this article, see 165214.

On this Page
SUMMARY
MORE INFORMATION

SUMMARY
This article describes how to troubleshoot MS-DOS-based programs in Windows.
MORE INFORMATION
Test the Ntvdm subsystem
The first thing to test when you are having problems with MS-DOS-based programs is the Windows Virtual DOS Machine (NTVDM) subsystem. You can use the Command.com utility to test whether the NTVDM subsystem is running properly. To start Command.com, follow these steps: 1. Click the Start button, and then click Run.
2. In the Open box, type command.com, and then click OK.
This should start a command prompt window. If this does not work properly, then there is a problem with the NTVDM subsystem, and you should check the following items: Check the Config.nt and Autoexec.nt files in the SystemRoot%\System32 folder for non-standard settings.

Use a REM statement to remark out all entries except the following default entries:
Config.nt
---------
dos=high, umb
device=%SystemRoot%\System32\Himem.sys
files=20

Autoexec.nt
-----------

lh %SystemRoot%\System32\Mscdexnt.exe
lh %SystemRoot%\System32\Redir
lh %SystemRoot%\System32\Dosx
lh %SystemRoot%\System32\Nw16 (only if CSNW is installed)
lh %SystemRoot%\System32\Vwipxspx (only if CSNW is installed)

Another way to accomplish this is to expand Autoexec.nt_ and Config.nt_ from the Windows CD-ROM to the %SystemRoot%\System32 folder.
Press CTRL+SHIFT+ESC to start Task Manager, close all running programs that are running, and make sure that there are no other NTVDM processes running.
Prevent all programs from running at startup. Programs can run from three places at startup: the Startup groups, the Run and RunOnce lines in the registry, and the "run=" and "load=" lines in the Win.ini file. You can check these places as follows:1. The Startup groups are folders on the local hard disk. They are in the following locations: %SystemRoot%\Profiles\user_name\Start menu\Programs
%SystemRoot%\Profiles\Default user\Start menu\Programs

2. The Run and RunOnce lines are in the registry, under the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
3. You can edit the Win.ini file by using Notepad. The Win.ini file is in the %SystemRoot% folder.

Examine the NTVDM system files in the %SystemRoot%\System32 folder. Check the following files and make sure that they are the correct version by checking the size and date: Ntio.sys
Ntdos.sys
Ntvdm.exe
Ntvdm.dll (Windows NT 3.1 only)
Redir.exe


The registry entries that are associated with the NTVDM subsystem are: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
This key stores the environment variables from the Config.sys and Autoexec.bat files for use in Windows.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ VirtualDeviceDrivers
This key stores the device drivers that are used in an NTVDM session. Windows Setup creates these entries when a device driver is installed.


Check program-specific issues
The following functions do not work in Windows XP: All MS-DOS functions except task-switching API (application programming interface) functions are supported.
Block mode device drivers are not supported. Block devices are not supported, so MS-DOS I/O control (IOCTL) APIs that deal with block devices and SETDPB functions are not supported.
Interrupt 10 function 1A returns 0; all other functions are passed to read-only memory (ROM).
Interrupt 13 calls that deal with prohibited disk access are not supported.
Interrupt 18 (ROM BASIC) generates a message that says that ROM BASIC is not supported.
Interrupt 19 does not restart the computer, but cleanly closes the current virtual DOS machine (VDM).
Interrupt 2F, which deals with the DOSKEY program callouts (AX = 4800), is not supported.
Microsoft CD-ROM Extensions (MSCDEX) functions 2, 3, 4, 5, 8, E, and F are not supported.
The 16-bit Windows subsystem on an x86 computer supports enhanced mode programs; it does not, however, support 16-bit virtual device drivers (VxDs). The subsystem on a non-x86 computer emulates the Intel 40486 instruction set, which lets the computer run Enhanced-mode programs, such as Microsoft Visual Basic, on reduced instruction set computers (RISC).
This means that Windows does not support 16-bit programs that require unrestricted access to hardware. If your program requires this, your program will not work in Windows NT, Windows 2000, or Windows XP.

You should next check to see whether the Autoexec.nt and Config.nt file settings are correct. Always try the default settings that are listed earlier in this article. Some programs require special settings or drivers to run in the Config.sys or Autoexec.bat file. If this is the case, there are two options for initializing these files when you starting your program: Enter these lines in the Config.nt and Autoexec.nt files in the %SystemRoot%\System32 folder.
Create new Config and Autoexec files to be run when starting this program. To do so, follow these steps:1. Create the files and save them with the extension .nt in a folder other than %SystemRoot%\System32 (these files are usually saved in the same folder as the program).
2. Right-click the desktop, point to New, and then click Shortcut.
3. In the Type the location of the item box, type the full path to the file that you want to run, and then click Next.
4. In the Type a name for this shortcut box, type the name for the shortcut, and then click Finish. This creates a new shortcut on the desktop.
5. Right-click the new shortcut, and then click Properties.
6. On the Program tab, click Windows to open a dialog box for the path to the Autoexec and Config files.
7. Type the full path to the files that you created, and then click OK in both dialog boxes.
Clicking this icon runs the Autoexec and Config file specified for the program. These settings are subject to the same restrictions as those listed for MS-DOS-based programs.
There are other settings in a program's properties. If your program is not working properly, check all of the tabs and make sure that the program settings are set to the manufacturer's specification. If the program is still not working, contact the vendor of the program to make sure that the program is supported under Windows.

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
171940 MS-DOS application I/O operations cause floppy drive access
156687 Entries in CONFIG.NT or AUTOEXEC.NT may cause NTVDM errors
102418 NTVDM error: There is no disk in the drive
142026 Err: 'Hidden console of WOW VDM' running 16-bit or DOS app
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

In addition to the good information given previously, try using the HijackThis program and post it as advised in the link below:

How to use HijackThis and where to post the log.

After that, then use the instructions below to fix the "Autoexec.nt" issue. (If this specific fix doesn't work, try other suggestions in the long thread associated with it.) The "Autoexec.nt" issue won't be permanently fixable till you get rid of the other "junk" on the machine:

Re: Blonde, Thanks....It Was Already Posted Earlier..

By the way, I've installed SP2 on ALL of our office computers and all my customer's computer and so far, no problems...The main ingredient is preparation...Clean out the computer of malware, delete all junk files, then run Error Checking/Chkdsk and defrag, then install the Service Pack. Your choice...

Hope this helps.

Grif

Optiumility, your system maybe so infested or comprised, it maybe better to restart from scratch. In other words, reformat and reload XP& SPs. Then add all the updates, spyware pgms. and/or protection schemes to help since you now know what you need for a better defense. Once some malware gets into the system and has its way, and repeated cleaning of yet any other added malware, you should reflect on your web habits or whatever sources you load pgms. from. You can't be too trusting of any so-called adult websites or freebies available as this is a very possible route into your system as you "grant access" and once behind a firewall, do thier damage. Of course doing this route is your choice, but compared to the time&effort in your past posts you maybe getting to this point. sorry...

good luck -----Willy