mikesiegel
asked on
Windows 7 - NTVDM.EXE has stopped working
I have a Windows 7 PC and the last thing i installed is Google Desktop that i downloaded from hippo. How not i keep getting this message that "NTVDM.EXE has stopped working"...why? and how do i get it to stop?
ASKER
I ran a Trend Micro scan and it was clean and i ran an SFC /scannow and it was clean. I have not seen the problem in 24 hours. Does not mean its gone but it might be gone.
ASKER
The error message is back. Any idea on how to get rid of this?
try malwarebytes from http://www.malwarebytes.org
mikesiegel--There are many possible fixes. Here is one
http://en.kioskea.net/forum/affich-262-ntvdm-exe-problems
In what sort of window are you getting the message, especially what is in the Title Bar?
You could also try a System Restore to a date before the problem started.
http://en.kioskea.net/forum/affich-262-ntvdm-exe-problems
In what sort of window are you getting the message, especially what is in the Title Bar?
You could also try a System Restore to a date before the problem started.
I'd suggest downloading the AVG rescue CD or USB image and running that.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. Tried that and nothing detected
ASKER
removed google desktop...now we wait
ASKER
There are many possible fixes. Here is one
http://en.kioskea.net/forum/affich-262-ntvdm-exe-problems - this is not for Win 7 but XP
http://en.kioskea.net/forum/affich-262-ntvdm-exe-problems - this is not for Win 7 but XP
I have seen multiple virus' that can only be fixed by using a linux av boot cd
If no virus detected (before be sure, use 3-4 AV different programs ), check autoexec.nt and config.nt for no standard contents ( located usually under c:\windows\system32 ).
ASKER
I have used 3 different av programs. checked autoexec.nt and config.nt ...nothing in there except usual stuff...i don't think this is a virus issue
ASKER
dont have any idea how to use a "using a linux av boot cd " on a windows machine
Can you post Event details (EventID, detail, screenshot from Event Viewer) related with NTVDM Fault ? It's useful to know 5-10 events recorded before NTVDM one ...
ASKER
which event log do you think would have the events? I cant seem to find any reference to the event
Event Viewer----> Windows Logs -----> System
and any related under
Event Viewer----> Applications and Services Logs -----> Microsoft ---> Windows --->***
and any related under
Event Viewer----> Applications and Services Logs -----> Microsoft ---> Windows --->***
ASKER
event log
Something are trying to run a MS-DOS/Console application ( unknown module ) and are receiving an Access Deny ( error return code 0xc0000005 ). This is due a security limitation and/or Antivirus/System protection policy.
I suggest to boot in safe mode and clean all temporary files ( System %TEMP%, user %TEMP% and or %TMP% and Browser Temp and cache. Restore default settings on Internet Explorer, just to be sure .
Update your system at 7601, while you are still at 7600 version ( base version 16385, eq. no update ).
I suggest to boot in safe mode and clean all temporary files ( System %TEMP%, user %TEMP% and or %TMP% and Browser Temp and cache. Restore default settings on Internet Explorer, just to be sure .
Update your system at 7601, while you are still at 7600 version ( base version 16385, eq. no update ).
Sure, if you know what MS-DOS program are installed, it's another story ...
mikesiegel--As I said earlier, there are many possible fixes
http://www.justanswer.com/computer/4r3d2-ntvdm-exe-stopped-working-when-running-older-dos-ap.html
http://www.sevenforums.com/general-discussion/11598-app-xxxx-stopped-working-event-id-1000-a.html
http://www.exchangedude.net/index.php/2012/06/ntvdm-has-encountered-a-problem-and-needs-to-close/
https://www.google.com/search?q=NTVDM.EXE+has+stopped+working&sourceid=ie7&rls=com.microsoft:en-US:IE-Address&ie=&oe=&rlz=#hl=en&rls=com.microsoft:en-US%3AIE-Address&sclient=psy-ab&q=win+7+NTVDM.EXE+has+stopped+working&oq=win+7+NTVDM.EXE+has+stopped+working&gs_l=serp.12..0i30.31355.32577.0.36512.6.6.0.0.0.0.197.744.1j5.6.0.les%3B..0.0...1c.1.jOMbnBdxh_4&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=5031d7a94860a251&bpcl=37189454&biw=1321&bih=674
http://www.justanswer.com/computer/4r3d2-ntvdm-exe-stopped-working-when-running-older-dos-ap.html
http://www.sevenforums.com/general-discussion/11598-app-xxxx-stopped-working-event-id-1000-a.html
http://www.exchangedude.net/index.php/2012/06/ntvdm-has-encountered-a-problem-and-needs-to-close/
https://www.google.com/search?q=NTVDM.EXE+has+stopped+working&sourceid=ie7&rls=com.microsoft:en-US:IE-Address&ie=&oe=&rlz=#hl=en&rls=com.microsoft:en-US%3AIE-Address&sclient=psy-ab&q=win+7+NTVDM.EXE+has+stopped+working&oq=win+7+NTVDM.EXE+has+stopped+working&gs_l=serp.12..0i30.31355.32577.0.36512.6.6.0.0.0.0.197.744.1j5.6.0.les%3B..0.0...1c.1.jOMbnBdxh_4&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=5031d7a94860a251&bpcl=37189454&biw=1321&bih=674
It's not advisable to disable DEP ( Data Execution Prevention ) system wide just to permit an old MS-DOS application to run. And ... yes, should be DEP that are crash the virtual DOS machine emulation !
In your case, mikesiegel, the executable that are trying to run is viewed as "unknown" by the system, so I'm quite sure that is not legitimate/compatible. For that reason I suggest to clean %TEMP%, etc.
As workaround, use some DOS emulation in virtual machine: a) By using QEMU/VMWare/VirtualBox; b) DOSBox. Just to give it a try ( if you know the software !).
Other cases:
- Old component in drivers ( keylock, serial drivers, etc.)
- Virus part that are trying to do something in DOS mode.
- Bad/Incompatible software component.
BTW, Google Desktop have no DOS component !
In your case, mikesiegel, the executable that are trying to run is viewed as "unknown" by the system, so I'm quite sure that is not legitimate/compatible. For that reason I suggest to clean %TEMP%, etc.
As workaround, use some DOS emulation in virtual machine: a) By using QEMU/VMWare/VirtualBox; b) DOSBox. Just to give it a try ( if you know the software !).
Other cases:
- Old component in drivers ( keylock, serial drivers, etc.)
- Virus part that are trying to do something in DOS mode.
- Bad/Incompatible software component.
BTW, Google Desktop have no DOS component !
I would guess that there is an active rootkit on the computer and whatever the installed Anti Virus is, won't see it because its a rootkit.
My initial suggestion in post 38566063 was to use the AVG rescue CD/USB Image, as this runs "offline" it can detect rootkits that will never be detected by anti virus running in the OS "on top" of the rootkit.
http://www.avg.com/gb-en/avg-rescue-cd
cleaning out /temp etc is a waste of time if you have a rootkit which downloads a payload as it will download it every time you boot...
My initial suggestion in post 38566063 was to use the AVG rescue CD/USB Image, as this runs "offline" it can detect rootkits that will never be detected by anti virus running in the OS "on top" of the rootkit.
http://www.avg.com/gb-en/avg-rescue-cd
cleaning out /temp etc is a waste of time if you have a rootkit which downloads a payload as it will download it every time you boot...
ASKER
uninstalling is the only thing that worked
I suggest you an clean Virus Scan and file integrity scan ( SFC /SCANNOW) . I'm quite sure that your system is not clean !
Good luck !