«
»

What Is “ntdetect.dll” And Where Can I Get It? My System Says It’s Missing.?

I had to run XP Repair and when my PC booted up I got the message that I’m missing the ntdetect.dll file….and now my system is also running like crap. I’m hoping that the missing file is the only reason. Can anybody explain to me in SIMPLETON style English just what this .dll file is and how I can replace/repair it?

Tags: , , , , , ,

This entry was posted on Saturday, January 30th, 2010 at 5:38 am and is filed under dll errors. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “What Is “ntdetect.dll” And Where Can I Get It? My System Says It’s Missing.?”

  1. ReignOfC says:
    January 30, 2010 at 5:38 am

    Dropper/KorGameHack.7680.C is a dropper creating trojan horse that steals the user account information of a specific online game. When the dropper is executed, it creates Ntdetect.dll (49,152 bytes) in the RootDocuments and SettingsUser NameLocal SettingsTemp Folder.which is the trojan stealing the user’s key strokes and sending to a specific email address.
    * Method of Infection
    It can’t self-propagate. It is likely that the system could be infected when a user downloads an executable file from email, messenger, board, and download centers and run the file. Or, it is possible that it is installed by other malicious codes (worms, viruses and trojan horses).
    * Symptoms after Execution
    [Creating Files]
    It creates following file(s) in RootDocuments and SettingsUser NameLocal SettingsTemp
    – Ntdetect.dll (49,152 bytes) – a malicious trojan horse which is detected as Win-Trojan/KorGameHack.49152.B by V3.
    [Adding a Windows Registry Entry]
    It adds the following value on Windows registry to be executed whenever Windows starts.
    HKEY_LOCAL_MACHINE
    SOFTWARE
    Microsoft
    Windows
    CurrentVersion
    Run
    winabc = rundll32.exe Root\docume~1\User Name\locals~1\temp\ntdetect.dll,insta…
    HKEY_USERS
    S-1-5-21-448539723-1606980848-1801674531…
    Software
    Microsoft
    Windows NT
    CurrentVersion
    Windows
    jajakjskdf = Executed Folderwinmsc.exe
    HKEY_USERS
    S-1-5-21-448539723-1606980848-1801674531…
    Software
    Microsoft
    Windows NT
    CurrentVersion
    Windows
    Nishabiyani = Executed Folderwinmsc.exe
    It tries to connect to the following site.http://2**.**6.1*4.1*0
    Note) Addresses have been partially omitted with *s.
    [Hooking Keyboards]
    The dropper injects Ntdetect.dll which it creates, into all running processes. When the user of infected system logs on to a specific online game and type the user id and password, it steals and sends input to a specific email address.
    IN SIMPLE, NTDETECT IS A VIRUS PROGRAM. I SUGGEST YOU RUN A VIRUS SCAN AND AN ANTI-SPYWARE SCAN. GO TO Http://free.grisoft.com/ TO GET FREE ANTI-VIRUS AND ANTI-SPYWARE!!!!
    GOOD LUCK!

  2. guitrpro says:
    January 30, 2010 at 5:38 am

    looks like your registry is garbage, you should save all important data if able to boot to os and reformat from clean, you can try running a registry cleaner and or make a repair of windows yet again but i doubt this will solve problem, it is always recommended to reformat every so often as os registry naturally gets corrupted and bottlenecks system

Leave a Reply