ntmgmt.exe

Greg

Distinguished
Dec 31, 2007
936
0
18,980
Archived from groups: microsoft.public.win2000.setup_upgrade (More info?)

Shortly after rebooting, my CPU usage shows 100%. Task
manager shows that the offending process is ntmgmt.exe.
Nothing shows up on a Google search of this name. Nothing
shows up in Microsoft tech support.

I can't pinpoint when this started, unfortunately, but it
used to be OK.

Any ideas? What does ntmgmt.exe do?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.setup_upgrade (More info?)

AFAIK it's not an operating system file.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


"Greg" wrote:
| Shortly after rebooting, my CPU usage shows 100%. Task
| manager shows that the offending process is ntmgmt.exe.
| Nothing shows up on a Google search of this name. Nothing
| shows up in Microsoft tech support.
|
| I can't pinpoint when this started, unfortunately, but it
| used to be OK.
|
| Any ideas? What does ntmgmt.exe do?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.setup_upgrade (More info?)

I have the same problem in a sense. I finally found out why. The folder
all the files that were generating my problems was in, only showed up
after I enabled showing all hidden system files. This is one of the
files, which is a registry editor:

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTsys]
"DisplayName"="NT System Information Tracker"
"Description"="Tracks system events such as WinNt logon, network, and
power events. Notifies COM+ Event System subscribers of these events. via
NT"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTsys\Parameters]
"Application"="C:\\WINNT\\system32\\ias\\xdccd\\ntsys.exe
C:\\WINNT\\system32\\ias\\xdccd\\config.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmgmr]
"DisplayName"="System Manager Service"
"Description"="Microsoft WinNt System Management"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmgmr\Parameters]
"Application"="C:\\WINNT\\system32\\ias\\sysMgmr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Run Service"="c:\\winnt\\system32\\ias\\ntmgmt.exe
c:\\winnt\\system32\\ias\\reghost.exe"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000

Needless to say, whoever the hell wrote this program, did a darn good job.
If you want to see the entire folder, let me know. I've WinZipped it.
The doggone thing even contains files that have the most common usernames
and passwords that people use. Looking at it, it looks as though it
starts an mIRC program, runs it in silent mode, and pretty much opens your
computers harddrive to whoever is in the IRC channel it connects to.
 

TRENDING THREADS