Thread: Hostile driver

Some driver is continuously trying to access internet and sygate firewall i am using is blocking it. It is in windows folder and is not a windows driver. Please tell me what to do. How to find out which program it represents? Please help me.

The name is NDIS user mode I/O driver

Location : C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Hey it's not spyware.. it's a microsoft file only and many people have problems with it....

Check these linx to find more and to remove it (googled em )..

Big Brother and Ndisuio.sys [Page 1 of 1]

ndisuio.sys Windows process - What is it?

and finally check this too..

http://www.cultkanaal.nl/Tech/google-bart.jpg :lol: :lol: jk :001_tt2:

Important: Some malware camouflage themselves as ndisuio.sys, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the ndisuio.sys process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer's security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.

^ woah din know that...

This particular driver is often apt to "drinking and driving".

Originally Posted by meetdilip

Important: Some malware camouflage themselves as ndisuio.sys, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the ndisuio.sys process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer's security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.

you can figure out if its a malware or a system process , simply by looking at its Destination

Many malware disguise themselves as different process not just this particluar process ......

Originally Posted by meetdilip

Some driver is continuously trying to access internet and sygate firewall i am using is blocking it. It is in windows folder and is not a windows driver. Please tell me what to do. How to find out which program it represents? Please help me.

The name is NDIS user mode I/O driver

Location : C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Just by looking at its location i can tell you that its perfectly safe process
because

1) like all system processes its located in the system32 folder
2) a virus can replicate itself , but it can never replace/delete another file without the user's explicit knowledge .....
3) so as u know from the internet that ndisuio is a system process ( so its should have been present in the system32 folder) and it can never be replaced by a virus u can be sure that its a safe process ....

but if the same exists in some other folder , u can be sure its a virus