Update on Indt2.sys virus

There is a post back on 2/12/08 regarding a possible virus threat – indt2.sys. This so called virus may come from Digital Picture Frames (DPF). I have a new system that rarely hits the Internet, but it does a lot of testing on DPFs. I got this possible virus on my system and had to find a way of getting ride of it. So this post is a response to this post http://forums.majorgeeks.com/archive/index.php?t-151455.html


Update on this possible virus “Indt2.sys” – the clicking sounds like mouse clicks as it is running an unseen application or website in the background I did not find out exactly what program it was clicking. The sound pops or strange sounds is like the virus is launching an online radio station or something similar. I have herd music to advertisements, so it may be launching an online radio program for just a few short seconds.

I haven’t found any real damage or propagating properties like a normal virus, it is just very annoying, especially when you are listening to music or watching a movie.

If you delete the Indt2.sys application it will just launch itself again. The virus has embedded itself in the Microsoft Prefetch folder which launches every time you start up your system.

Use the following steps to remove this virus.

Run a search for “Indt2.sys” you should have two instances, one in C:\Windows\Prefetch which will have an extension of .pf for the prefetch to find then launch, and the other in C:\Windows\System32 rename both of these to .old.

Next launch from the Run prompt “msconfig” go to the startup tab and you will find some startup items that do not have a name but are just blank, take the check out of them, hit OK, then reboot.

The annoying clicking and radio burst have gone away, now that it has not launched and wont reload itself, use the above steps to delete and remove the program.