NPDRIVER.SYS causes intermittent Blue Screen shutdown

Posted on 2006-04-06
Medium Priority
Last Modified: 2008-01-09
Windows XP Pro SP2 fully updated
Norton Internet Security 2006 fully updated

About 1 in every 4-5 times that I boot, immediately after logon, when user software is loading, I get a blue screen that says that my computer has been shut down to prevent etc.... and the listed driver is npdriver.sys.  This is the Norton Protection Center driver.  The Web has several postings about this and other errors associated with NPDRIVER.SYS.  Several postings say that the driver is sometimes infected, especially in /SYSTEM32 locations.  Symantec's Online Chat suggestion is to uninstall and then reinstall Norton Internet Security 2006, because the file may be corrupted.  I can do this, but I'm not certain it would solve the problem.  Plus I've spent a substantial amont of time fixing "corrupted" Symantec files this way.  And I'm not certain that I would not be letting a virus or trojan remain active on my machine.  I've done a NIS full system scan, a Symantec online scan, a Windows Live OneCare scan, a Security Task Manager scan, and a BlackLight beta rootkit scanner.  Nothing turns up.  Just uninstall and reinstall, or is there a better solution?
Question by:TollandRCR
LVL 32

Accepted Solution

r-k earned 500 total points
ID: 16407528
I don't see any harm in an uninstall and then a reinstall. To be sure, you should first do an uninstall, then make sure that the file npdriver.sys has actually been removed from the C: drive, then reinstall.

If this fixes the problem, well and good.

You are correct that Norton will not catch every malware on your system. In addition to what you've already tried, I would suggest that you install Windows Defender from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Also, scan your machine with RootkitRevealer: http://www.sysinternals.com/Utilities/RootkitRevealer.html
and just to be sure, run HiJackThis from: http://www.hijackthis.de/
You can post the log back to that same web site and click "Analyze" at the bottom to get the results analyzed.

Also, from a command prompt, type:

 > netstat -ab

to see what ports are open and by which programs.

If you pass all these tests you can be reasonably sure you don't have malware but post back if anything seems suspicious..

Author Comment

ID: 16444164
My system checked clean after running each of the tools that r-k suggested.  So I uninstalled BOTH Norton Internet Security 2006 and Norton SystemWorks 2006 (having learned in the past that both must usually be reinstalled), ran Symantec's removal tool (to purge the system of anything remaining after a normal uninstall), ran Microsoft's Windows Install Cleanup tool, and reinstalled the software.  No blue screens (yet).  The Chat desk at Symantec was probably right: the NPDRIVER.SYS file had been corrupted but not infected.  This is about the fourth time that a Symantec file has become "corrupted" on this machine, requiring a complete uninstall and reinstall.  If I ever figure out how these files are being corrupted, I'll post a comment.  Any ideas on this would be welcome.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question