Monday, March 17, 2008

When TaskManager refuses to work

Suddenly the Google search page I launched re-opened in another tab. After some time it again opened one more tab. This was never expected. I thought this might be one of the many Firefox extensions I have installed due to my over enthusiasm but it opened one more time. I was annoyed. I closed all the Google search tabs. I opened a fresh Google Search Tab from the Google Toolbar, it opened a tab with Google Home page and again came the next tab with same home page and again and again. What is this... I was too annoyed.

I was so confused who to blame. Is the the Google Toolbar? Is it any one of my many Firefox add-ons? Is it Firefox? This was not happening on any other page but Google Search Page.

I grabbed IRC channel #firefox on and poured all my annoyance on the room. Somebody told me to create a new profile.

firefox.exe -P

Wow I never knew that shortcut to open the profile manager in Firefox. This trick didn't worked at all and then suddenly there was a dialog box in Firefox with text "ntdetect1.exe" with some more words. There were totally new words for me. I got a new word to search but the annoying Google Search page kept playing multiply game with me so much that I shifted to Yahoo Search. Sorry Google! buddy I could not help but to search for the word ntdetect1.exe in Yahoo search. What can I do your page was so screwed up for me.

No good answer on search pages for ntdetect1.exe and they only told me that this is some sort of virus and shall be removed by deleting its directory. But what has happened to my Firefox and the Google Search page?

I un-installed Firefox, re-downloaded version for Windows. I installed it again. I deleted all my add-ons, I tried safe mode but in all the cases the Google Page kept multiplying itself.

Now I got suspicious. Is there really a virus named ntdetect1.exe in my machine. I tried to start the TaskManager but as soon as I started the TaskManager it showed up for a second and vanishes. This happened so many times that I quited opening the TaskManager. I thought some thing may have gone wrong with the memory and I re-booted the machine. This time again the TaskManager did the same thing.. I started and then suddenly in moments time vanished from the screen.

Then came my feed reader GreatNews to rescue me with his tip. The DownloadSquad team just blogged about a cool product ProcX. As ProcX site says, ProcX displays all running processes and modules on your systems. It is a necessity to monitor running processes on your system to determine if anything malicious may be running. ProcX allows you to perform various functions on these running processes and DLLs. ProcX is especially useful for system administrators who disinfect computers.

I downloaded ProcX hastily and started the program and there stood the ntdetect1.exe executable running in my memory. It must have some control over the TaskManager and may be doing some trick to close it as soon as it opens. I terminated the ntdetect1.exe process. I also got the real path of this executable through ProcX and I deleted its directory also. Then I opened command prompt and started regedit to delete the Run key this program might have set in the system startup and yes it was there, for me to delete.

At last my machine is now ntdetect1.exe free. My Firefox is opening Google Search page only when asked and only once per request. It has stopped multiplying and annoying me. My all the old good add-ons are again back in my Firefox. Situation is under control now.

Thanks to all my friends who rescued me from this annoyance. Thanks to the friend at IRC #firefox, thanks to DownloadSquad, thanks to ProcX, and thanks to you all who read till here about my journey for saving my browser from the dirty hands of ntdetect1.exe virus.

with regards
Tushar Joshi, Nagpur

No comments:

Post a Comment

Thanks for visiting the blog and reading my blog post. Please post your opinion / suggestion for me here.