NTvdm.exe bogging the computer down at startup

[Guest]

When I boot my computer up, on reaching the desktop screen I get a dos box up
with C:\WINDOWS\system.exe I have found the culprit is ntvdm.exe taking up
to 95% of cpu. Inside the dos box is a line of totally corrupt characters.
If I delete this process, the computer continues to boot normally. Any ideas.
Thanks in advance for suggestions

 

[Thota Umesh]

Ntvdm.exe is a system process.When you start a 16-bit program on a computer
running Windows NT, the Ntvdm.exe and Wowexec.exe processes start. After you
quit the 16-bit program, the Ntvdm.exe and Wowexec.exe processes remain in
memory. This behavior is a design feature of Windows NT. The Ntvdm.exe and
Wowexec.exe processes remain in memory in case you start another 16-bit
program. Leaving the Windows-On-Windows (WOW) environment (which consists of
the Ntvdm.exe and Wowexec.exe processes) in memory improves performance. The
WOW environment is not loaded when you start Windows NT. It is loaded when
you first start a 16-bit program.

Now the odd thing here is there is no system.exe file in windows at all! so
checked up to find it to be a worm (
http://www.sophos.com/virusinfo/analyses/trojtofgerb.html ) use a good av
scanner to remove it. so the worm or someother file might be triggering ur
NTVDM to start else it doesnt start with windows as told bfore. use any of
these top antivirus and antispywares to have ur system scanned to clean off
all infections.

http://safety.live.com (online scanner)
www.windowsonecare.com (ms antivirus)
www.freeav.com (avera antivir) [antivirus]
www.microsoft.com/athome/security/spyware/software/default.mspx (windows
defender) [antispyware]

Hope this helps...,
Umesh Thota
www.windowsworkshop.com

 

[Guest]

Thanks for the response. I did a complete scan of my system, and a couple of
trojans were found, but in my recycler, as my Vet antivirus removed them. I
then did as requested in regedit, but the requested file to remove was not
there.
(Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Online Service= C:\<Windows>\SYSTEM.EXE

and delete it if it exists.)

Problem still exists, not sure where to go from here.

Regards

Peter.

Ntvdm.exe is a system process.When you start a 16-bit program on a computer
running Windows NT, the Ntvdm.exe and Wowexec.exe processes start. After you
quit the 16-bit program, the Ntvdm.exe and Wowexec.exe processes remain in
memory. This behavior is a design feature of Windows NT. The Ntvdm.exe and
Wowexec.exe processes remain in memory in case you start another 16-bit
program. Leaving the Windows-On-Windows (WOW) environment (which consists of
the Ntvdm.exe and Wowexec.exe processes) in memory improves performance. The
WOW environment is not loaded when you start Windows NT. It is loaded when
you first start a 16-bit program.

Now the odd thing here is there is no system.exe file in windows at all! so
checked up to find it to be a worm (
http://www.sophos.com/virusinfo/analyses/trojtofgerb.html ) use a good av
scanner to remove it. so the worm or someother file might be triggering ur
NTVDM to start else it doesnt start with windows as told bfore. use any of
these top antivirus and antispywares to have ur system scanned to clean off
all infections.

http://safety.live.com (online scanner)
www.windowsonecare.com (ms antivirus)
www.freeav.com (avera antivir) [antivirus]
www.microsoft.com/athome/security/spyware/software/default.mspx (windows
defender) [antispyware]

Hope this helps...,
Umesh Thota
www.windowsworkshop.com

When I boot my computer up, on reaching the desktop screen I get a dos box
up
with C:\WINDOWS\system.exe I have found the culprit is ntvdm.exe taking
up
to 95% of cpu. Inside the dos box is a line of totally corrupt
characters.
If I delete this process, the computer continues to boot normally. Any
ideas.
Thanks in advance for suggestions