If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
ndis.exe - bad image
I have a XP Pro laptop (gateway) that works fine on a wired/wireless network.
It gets the following error msg. upon bootup: ndis.exe -bad image: The application or DLL C:\doc& sett...\admin..\locals..\temp\*.tmp (4 dif. files referenced) is not a valid windows image. Please check this against your installation diskette. "There is no installation diskette and the cd containing OS is not to be found. I have cleaned these files out, disabled the 1394 network connection (as per a KB article)but to no avail. the laptop works fine but I'd like to remove the 4 popup error messages thanks :-) |
Ads |
#2
|
|||
|
|||
ndis.exe - bad image
Air wrote:
ndis.exe - bad image From: Air Date: Wednesday December 22 2004 8:25 am Groups: microsoft.public.windowsxp.network_web X-Newsreader: Microsoft CDO for Windows 2000 no references This can be symptomatic of infection by the Sdbot worm and have nothing to do with networking. If you don't have a full-featured antivirus installed (and you must get one if you don't), then start your cleanup by scanning in Safe Mode with Sysclean, as follows: TrendMicro's Sysclean is an extensive antivirus tool which has the advantage of not needing to be installed. It requires two parts - the scanning engine and the virus pattern files. 1. Create a new folder on your Desktop or the C: drive named something useful like "Sysclean". 2. Go here and download the two parts of the program to that folder: http://www.trendmicro.com/download/dcs.asp - Sysclean http://www.trendmicro.com/download/pattern.asp - virus pattern files The pattern files will be zipped - extract them with your unzipper (like WinZip) or if you have XP, you can just open the folder. You need to put the extracted files in the Sysclean folder you made. 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly tapping the F8 key as the computer is starting up to get to the proper menu. 4. Go to the Sysclean folder you made and double-click on sysclean.com. Start the scan. After the scan is finished, look at the log. You may need to make a note of where any viruses were found if they were not able to be removed so you can manually delete them. Then you should be able to install a full-featured av, update its definitions, and do another full scan in Safe Mode. Working on the probability that if you have a virus there is a good chance you have other non-viral malware too, here are malware removal steps to take after you know the computer is virus-free (you will have already done Step 1): 1) Scan in Safe Mode with current version (not earlier than 2003) antivirus using updated definitions. 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These programs are free, so use them both since they complement each other. There is a new version of CWShredder from Intermute. I would not install the other Intermute programs, however. Alternately, there are CoolWebSearch malware removal steps at SilentRunners. Be sure to update these programs before running, and it is a good idea to do virus/spyware scans in Safe Mode. Make sure you are able to see all hidden files and extensions (View tab in Folder Options). HijackThis is an excellent tool to discover and disable hijackers, but it requires expert skill. See below for HijackThis links. A combination of HijackThis and about:Buster works well in removing the about:Blank homepage hijacker. Again, this is an expert tool and novices should get help with it. 3) If you are running Windows ME or XP, you should disable/enable System Restore because malware will be in the Restore Points. With ME, you must disable System Restore completely. With XP, you can delete all but the most recent (presumably clean) System Restore point from the More Options section of Disk Cleanup (Runcleanmgr). 4) Make sure you've visited Windows Update and applied all security patches. Do not install driver updates from Windows Update. 5) Run a firewall. Links to help with malwa Software/Methods: http://www.safer-networking.org - Spybot Search & Destroy http://www.lavasoftusa.com - Ad-aware http://www.majorgeeks.com - good download site http://www.intermute.com/spysubtract..._download.html http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners HijackThis: http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim Eshelman http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis forum http://www.wilderssecurity.com/ http://forums.tomcoyote.org/ http://www.spywareinfo.com/forums/ General: http://forum.aumha.org/ - look under "Security" for various forums http://rgharper.mvps.org/cleanit.htm http://mvps.org/winhelp2002/unwanted.htm http://www.aumha.org/a/parasite.htm - The Parasite Fight http://www.spywarewarrior.com/rogue_anti-spyware.htm Malke -- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!" |
#3
|
|||
|
|||
ndis.exe - bad image
Thanks, I'll be seeing this person in a few days and will try this.
I did run SpySweeper but I was waiting for him to update his anti-virus. A :-) "Malke" wrote: Air wrote: ndis.exe - bad image From: Air Date: Wednesday December 22 2004 8:25 am Groups: microsoft.public.windowsxp.network_web X-Newsreader: Microsoft CDO for Windows 2000 no references This can be symptomatic of infection by the Sdbot worm and have nothing to do with networking. If you don't have a full-featured antivirus installed (and you must get one if you don't), then start your cleanup by scanning in Safe Mode with Sysclean, as follows: TrendMicro's Sysclean is an extensive antivirus tool which has the advantage of not needing to be installed. It requires two parts - the scanning engine and the virus pattern files. 1. Create a new folder on your Desktop or the C: drive named something useful like "Sysclean". 2. Go here and download the two parts of the program to that folder: http://www.trendmicro.com/download/dcs.asp - Sysclean http://www.trendmicro.com/download/pattern.asp - virus pattern files The pattern files will be zipped - extract them with your unzipper (like WinZip) or if you have XP, you can just open the folder. You need to put the extracted files in the Sysclean folder you made. 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly tapping the F8 key as the computer is starting up to get to the proper menu. 4. Go to the Sysclean folder you made and double-click on sysclean.com. Start the scan. After the scan is finished, look at the log. You may need to make a note of where any viruses were found if they were not able to be removed so you can manually delete them. Then you should be able to install a full-featured av, update its definitions, and do another full scan in Safe Mode. Working on the probability that if you have a virus there is a good chance you have other non-viral malware too, here are malware removal steps to take after you know the computer is virus-free (you will have already done Step 1): 1) Scan in Safe Mode with current version (not earlier than 2003) antivirus using updated definitions. 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These programs are free, so use them both since they complement each other. There is a new version of CWShredder from Intermute. I would not install the other Intermute programs, however. Alternately, there are CoolWebSearch malware removal steps at SilentRunners. Be sure to update these programs before running, and it is a good idea to do virus/spyware scans in Safe Mode. Make sure you are able to see all hidden files and extensions (View tab in Folder Options). HijackThis is an excellent tool to discover and disable hijackers, but it requires expert skill. See below for HijackThis links. A combination of HijackThis and about:Buster works well in removing the about:Blank homepage hijacker. Again, this is an expert tool and novices should get help with it. 3) If you are running Windows ME or XP, you should disable/enable System Restore because malware will be in the Restore Points. With ME, you must disable System Restore completely. With XP, you can delete all but the most recent (presumably clean) System Restore point from the More Options section of Disk Cleanup (Runcleanmgr). 4) Make sure you've visited Windows Update and applied all security patches. Do not install driver updates from Windows Update. 5) Run a firewall. Links to help with malwa Software/Methods: http://www.safer-networking.org - Spybot Search & Destroy http://www.lavasoftusa.com - Ad-aware http://www.majorgeeks.com - good download site http://www.intermute.com/spysubtract..._download.html http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners HijackThis: http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim Eshelman http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis forum http://www.wilderssecurity.com/ http://forums.tomcoyote.org/ http://www.spywareinfo.com/forums/ General: http://forum.aumha.org/ - look under "Security" for various forums http://rgharper.mvps.org/cleanit.htm http://mvps.org/winhelp2002/unwanted.htm http://www.aumha.org/a/parasite.htm - The Parasite Fight http://www.spywarewarrior.com/rogue_anti-spyware.htm Malke -- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!" |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
TIP: How I make a bootable HDD image copy | WinGuy | Windows XP Help and Support | 12 | December 23rd 04 01:19 AM |
Norton Ghost 9.0 | Jack Gillis | General XP issues or comments | 41 | December 16th 04 01:16 AM |
"NDIS.EXE Bad Image" Error Message | Henry | Performance and Maintainance of XP | 3 | September 17th 04 02:39 PM |
Event ID 11 - please help | Leroy Casterline | Hardware and Windows XP | 7 | August 27th 04 03:02 AM |
pc cloning software | Victor | Windows XP Help and Support | 2 | August 11th 04 02:12 AM |