vdnt32.sys looks like a trojan
http://www.sophos.com/virusinfo/analyses/trojhaxdooro.html
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.c.html
Installs as a service / filter driver:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdnt32]
Option 1:
---------
Load Recovery Console and disable the driver vdnt32 from loading. Type these commands:
DISABLE vdnt32.sys
EXIT
If you're able to start Windows normally, then follow the Symantec KB article and remove all traces of the virus completely. Run a full system scan.
To learn more about Windows XP Recovery Console, see article Q314058 titled: Description of the Windows XP Recovery Console:
http://support.microsoft.com/?kbid=314058
Option 2:
---------
Slave the drive to another working XP system, then load the registry hive using this method:
http://www.dougknox.com/xp/tips/xp_adv_reg_editing.htm
(In step 4, load the SOFTWARE hive present in the c:\windows\system32\config folder (rather than loading the NTUSER.DAT file)
Remove the malware as adviced in the Symantec article, and then delete the .sys file.
--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org
I keep getting this error message along with the blue screen. It says the
problem is in vdnt32.sys
Can anyone help?
Thanks
