ndis.exe - bad image

I have a XP Pro laptop (gateway) that works fine on a wired/wireless network.
It gets the following error msg. upon bootup:
ndis.exe -bad image: The application or DLL
C:\doc& sett...\admin..\locals..\temp\*.tmp (4 dif. files referenced) is not
a valid windows image. Please check this against your installation diskette.

"There is no installation diskette and the cd containing OS is not to be
found. I have cleaned these files out, disabled the 1394 network connection
(as per a KB article)but to no avail. the laptop works fine but I'd like to
remove the 4 popup error messages

thanks :-)

Air wrote:



ndis.exe - bad image
From:
Air
Date:
Wednesday December 22 2004 8:25 am
Groups:
microsoft.public.windowsxp.network_web
X-Newsreader:
Microsoft CDO for Windows 2000
no references


This can be symptomatic of infection by the Sdbot worm and have nothing
to do with networking. If you don't have a full-featured antivirus
installed (and you must get one if you don't), then start your cleanup
by scanning in Safe Mode with Sysclean, as follows:

TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.

1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:

http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files

The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.

3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.

Then you should be able to install a full-featured av, update its
definitions, and do another full scan in Safe Mode.

Working on the probability that if you have a virus there is a good
chance you have other non-viral malware too, here are malware removal
steps to take after you know the computer is virus-free (you will have
already done Step 1):

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and about:Buster works well in removing the about:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Runcleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malwa

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract..._download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

Thanks, I'll be seeing this person in a few days and will try this.
I did run SpySweeper but I was waiting for him to update his anti-virus.

A :-)

"Malke" wrote:

Air wrote:



ndis.exe - bad image
From:
Air
Date:
Wednesday December 22 2004 8:25 am
Groups:
microsoft.public.windowsxp.network_web
X-Newsreader:
Microsoft CDO for Windows 2000
no references


This can be symptomatic of infection by the Sdbot worm and have nothing
to do with networking. If you don't have a full-featured antivirus
installed (and you must get one if you don't), then start your cleanup
by scanning in Safe Mode with Sysclean, as follows:

TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.

1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:

http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files

The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.

3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.

Then you should be able to install a full-featured av, update its
definitions, and do another full scan in Safe Mode.

Working on the probability that if you have a virus there is a good
chance you have other non-viral malware too, here are malware removal
steps to take after you know the computer is virus-free (you will have
already done Step 1):

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and about:Buster works well in removing the about:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Runcleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malwa

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract..._download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"