Tech Support Forum - View Single Post - The nvctrl.exe monster that won't die

sUBs · 02-22-2006, 06:12 PM

Let's try another tool..

Download and run Blacklight

After you start the program and accept the license, you should see the first step (Figure 1), which lets you scan for hidden items. Note that you must have local administrative privileges to run the program.

Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this

When it finishes, click Next. You may get a screen similar to the picture below.

For hidden entries found, choose for Blacklight to rename these:

C:\WINDOWS\a1cdd0ce23c.exe
C:\WINDOWS\a1cdd0ce23c.ini

The tool will ask if you want to reboot (restart) choose yes.
After you have rebooted post back with a fresh hijackthis log

02-22-2006, 06:12 PM	#15 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,497 OS: N/A	Let's try another tool.. Download and run Blacklight After you start the program and accept the license, you should see the first step (Figure 1), which lets you scan for hidden items. Note that you must have local administrative privileges to run the program. Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you should allow BlackLight to do this When it finishes, click Next. You may get a screen similar to the picture below. For hidden entries found, choose for Blacklight to rename these: C:\WINDOWS\a1cdd0ce23c.exe C:\WINDOWS\a1cdd0ce23c.ini The tool will ask if you want to reboot (restart) choose yes. After you have rebooted post back with a fresh hijackthis log __________________ Question - what have you done for the community today?