DOS windows keep popping up

[Guest]

Just yesterday, these two windows popped up called:
- sdk84.exe
- tdltla16.exe

They appear like DOS windows (or command prompt).
sdk84.exe does nothing, except a flashing cursor.
tdltla16.exe has the cursor flashing all around the window

These windows will continue to spawn every 10 minutes or so. I had like 50
of them this morning. Two of them alone take up all of my CPU power. The
process is: ntvdm.exe. They are all in the C:\WINDOWS\ directory. I did some
research and it says:

Description: ntvdm.exe is process that belongs to the Windows 16-bit Virtual
Machine. It provides an environment for a 16-bit process to execute on a
32-bit platform. This program is important for the stable and secure running
of your computer and should not be terminated.

Author: Microsoft Corp.

Part Of: Windows

Please help me stop these windows from popping up!

 

[Guest]

Just yesterday, these two windows popped up called:
- sdk84.exe
- tdltla16.exe

They appear like DOS windows (or command prompt).
sdk84.exe does nothing, except a flashing cursor.
tdltla16.exe has the cursor flashing all around the window

These windows will continue to spawn every 10 minutes or so. I had like 50
of them this morning. Two of them alone take up all of my CPU power. The
process is: ntvdm.exe. They are all in the C:\WINDOWS\ directory. I did some
research and it says:

Description: ntvdm.exe is process that belongs to the Windows 16-bit Virtual
Machine. It provides an environment for a 16-bit process to execute on a
32-bit platform. This program is important for the stable and secure running
of your computer and should not be terminated.

Author: Microsoft Corp.

Part Of: Windows

Please help me stop these windows from popping up!

You looks like having a 16 bit program running in 32 bit environment or your
system is infected with viruses?.
Do you have Norton installed on your machine?.
Troubleshooting NTVDM and WOW Startup Errors
http://support.microsoft.com/kb/q220155/

http://support.microsoft.com/kb/156687

http://support.microsoft.com/kb/245184
More on this here
http://www.microsoft.com/communitie...&pt=&catlist=&dglist=&ptlist=&exp=&sloc=en-us

Your machine may be infested with malware so try to scan for malware and
Viruses:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then OK to close your IE Properties.

2.... And also for malwares from here:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D
Download and install after installing this software and
update then run a scan in both safe mode and normal:
http://free.grisoft.com/doc/5390/lng/us/tpl/v5
Run disk Clean Up and Defrag in safe mode, then Open run command and type in:
sfc /scannow click [OK]
Note the space between sfc_/
HTH.
Let us know.
Regards,
nass

 

[Wesley Vogel]

A Google search for tdltla16.exe and sdk84.exe came up zip, which is a good
indication that both of those are some sort of malware.

UPDATE your antivirus software and run a full system scan.

UPDATE whatever anti-spyware applications that you have and run a full
system scan with each one.

You might want to start in Safe Mode to run your antivirus and anti-spyware
software.

Running a full system antivirus scan or anti-spyware scan in Safe Mode can
be a good idea. Some viruses and other malware like to conceal themselves
in areas Windows protects while using them. Safe mode can prevent those
applications access and therefore unprotect the viruses or other malware
allowing for easier removal.

''In safe mode, you have access to only basic files and drivers
(mouse, monitor, keyboard, mass storage, base video, default system
services), just the minimum device drivers required to start Windows.''

Because of that some malware does not load in Safe Mode and is easier to get
rid of.

How to start Windows in Safe Mode Windows XP
http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Thank you for the reply. I disabled all of the add-ons that were not
verified, I scan my computer for malware daily. I have AVG and Spybot S&D.
History was cleared, and I ran disk clean up in safe mode, but I couldn't run
defrag in safe mode (so I defragged normally). I then opened command and
typed in: sfc /scannow. But I'm having a problem with "sfc", it requires the
"Windows XP Professional CD" (But I'm not using professional, I've got XP
Home.) And I can't find my disc, and I tried my friends XP Professional disc,
but it said I had the wrong disc inserted.

Oh, and if it makes any difference, the windows change executables each day
(At 12:00 they will change, literally.)

I also could not defragment the entire disc (some files could not be) below
is the report:

Volume (C
Volume size = 233 GB
Cluster size = 4 KB
Used space = 189 GB
Free space = 43.59 GB
Percent free space = 18 %

Volume fragmentation
Total fragmentation = 4 %
File fragmentation = 8 %
Free space fragmentation = 0 %

File fragmentation
Total files = 325,484
Average file size = 724 KB
Total fragmented files = 12
Total excess fragments = 40,930
Average fragments per file = 1.12

Pagefile fragmentation
Pagefile size = 1.50 GB
Total fragments = 1

Folder fragmentation
Total folders = 18,953
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 384 MB
MFT record count = 346,269
Percent MFT in use = 88 %
Total MFT fragments = 5

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
7 2 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP144\A0042956.exe
157 11 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP166\A0051074.exe
172 11 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP168\A0051142.exe
9 177 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP135\A0041708.scs
2,405 177 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP137\A0042804.scs
38,260 3.57 GB \Program Files\World of
Warcraft\Data\common.MPQ

Just yesterday, these two windows popped up called:
- sdk84.exe
- tdltla16.exe

They appear like DOS windows (or command prompt).
sdk84.exe does nothing, except a flashing cursor.
tdltla16.exe has the cursor flashing all around the window

These windows will continue to spawn every 10 minutes or so. I had like 50
of them this morning. Two of them alone take up all of my CPU power. The
process is: ntvdm.exe. They are all in the C:\WINDOWS\ directory. I did some
research and it says:

Description: ntvdm.exe is process that belongs to the Windows 16-bit Virtual
Machine. It provides an environment for a 16-bit process to execute on a
32-bit platform. This program is important for the stable and secure running
of your computer and should not be terminated.

Author: Microsoft Corp.

Part Of: Windows

Please help me stop these windows from popping up!

You looks like having a 16 bit program running in 32 bit environment or your
system is infected with viruses?.
Do you have Norton installed on your machine?.
Troubleshooting NTVDM and WOW Startup Errors
http://support.microsoft.com/kb/q220155/

http://support.microsoft.com/kb/156687

http://support.microsoft.com/kb/245184
More on this here:
http://www.microsoft.com/communitie...&pt=&catlist=&dglist=&ptlist=&exp=&sloc=en-us

Your machine may be infested with malware so try to scan for malware and
Viruses:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then OK to close your IE Properties.

2.... And also for malwares from here:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D
Download and install after installing this software and
update then run a scan in both safe mode and normal:
http://free.grisoft.com/doc/5390/lng/us/tpl/v5
Run disk Clean Up and Defrag in safe mode, then Open run command and type in:
sfc /scannow click [OK]
Note the space between sfc_/
HTH.
Let us know.
Regards,
nass

 

[Guest]

Thank you for the reply. I disabled all of the add-ons that were not
verified, I scan my computer for malware daily. I have AVG and Spybot S&D.
History was cleared, and I ran disk clean up in safe mode, but I couldn't run
defrag in safe mode (so I defragged normally). I then opened command and
typed in: sfc /scannow. But I'm having a problem with "sfc", it requires the
"Windows XP Professional CD" (But I'm not using professional, I've got XP
Home.) And I can't find my disc, and I tried my friends XP Professional disc,
but it said I had the wrong disc inserted.

Oh, and if it makes any difference, the windows change executables each day
(At 12:00 they will change, literally.)

I also could not defragment the entire disc (some files could not be) below
is the report:

Volume (C
Volume size = 233 GB
Cluster size = 4 KB
Used space = 189 GB
Free space = 43.59 GB
Percent free space = 18 %

Volume fragmentation
Total fragmentation = 4 %
File fragmentation = 8 %
Free space fragmentation = 0 %

File fragmentation
Total files = 325,484
Average file size = 724 KB
Total fragmented files = 12
Total excess fragments = 40,930
Average fragments per file = 1.12

Pagefile fragmentation
Pagefile size = 1.50 GB
Total fragments = 1

Folder fragmentation
Total folders = 18,953
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 384 MB
MFT record count = 346,269
Percent MFT in use = 88 %
Total MFT fragments = 5

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
7 2 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP144\A0042956.exe
157 11 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP166\A0051074.exe
172 11 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP168\A0051142.exe
9 177 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP135\A0041708.scs
2,405 177 MB \System Volume
Information\_restore{E6EB5C51-44D8-4FA1-BA63-F67E31E65E11}\RP137\A0042804.scs
38,260 3.57 GB \Program Files\World of
Warcraft\Data\common.MPQ



"nass" wrote:

Yes, because your machine is infected with many flavour of the Trojans, so
please follow the steps at the bottom and send the Hijackthis to a forum of
many on the internet for analysis:
Information\_restore{7ECD265B-9B3B-4CD9-B702-FBBCF820B018}\RP55\A0055431.exe
infected by "Backdoor.Win32.Rbot.a" Virus. < A guess but it doesn't looks
right to me.

Run a scan from here on-line:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/
http://www.sophos.com

2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Please perform one step (1,2) at a time and see if that will help your
issue.
HTH.
nass

 

[Guest]

Thank you for all of your help, I did end up having to send a HJT log for
analysis, and they have come up with a solution.
Again, thanks.

 

[Guest]

Hi Mitchell,
You are welcome and glad to be of help to you, it will be good if you told
us your findings as your input can help other when they read your thread.
Thanks for your feedback.
Good luck.
nass