ntmgmt.exe

  • Thread starter Thread starter Greg
  • Start date Start date
G

Greg

Shortly after rebooting, my CPU usage shows 100%. Task
manager shows that the offending process is ntmgmt.exe.
Nothing shows up on a Google search of this name. Nothing
shows up in Microsoft tech support.

I can't pinpoint when this started, unfortunately, but it
used to be OK.

Any ideas? What does ntmgmt.exe do?
 
AFAIK it's not an operating system file.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


:
| Shortly after rebooting, my CPU usage shows 100%. Task
| manager shows that the offending process is ntmgmt.exe.
| Nothing shows up on a Google search of this name. Nothing
| shows up in Microsoft tech support.
|
| I can't pinpoint when this started, unfortunately, but it
| used to be OK.
|
| Any ideas? What does ntmgmt.exe do?
 
Greg, you might ask the IT dept for your company. It may be a custom application they built for their own purposes. If YOU are apart of the IT team, then I got nothing :)

Make sure you are fully patched and virus def's are current, do a scan, etc. Usual stuff to ensure that it is not a virus.

--

Mr E
--------------------------------------------------------


AFAIK it's not an operating system file.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


:
| Shortly after rebooting, my CPU usage shows 100%. Task
| manager shows that the offending process is ntmgmt.exe.
| Nothing shows up on a Google search of this name. Nothing
| shows up in Microsoft tech support.
|
| I can't pinpoint when this started, unfortunately, but it
| used to be OK.
|
| Any ideas? What does ntmgmt.exe do?
 
I have the same problem in a sense. I finally found out why. The folder
all the files that were generating my problems was in, only showed up
after I enabled showing all hidden system files. This is one of the
files, which is a registry editor:

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTsys]
"DisplayName"="NT System Information Tracker"
"Description"="Tracks system events such as WinNt logon, network, and
power events. Notifies COM+ Event System subscribers of these events. via
NT"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTsys\Parameters]
"Application"="C:\\WINNT\\system32\\ias\\xdccd\\ntsys.exe
C:\\WINNT\\system32\\ias\\xdccd\\config.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmgmr]
"DisplayName"="System Manager Service"
"Description"="Microsoft WinNt System Management"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmgmr\Parameters]
"Application"="C:\\WINNT\\system32\\ias\\sysMgmr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Run Service"="c:\\winnt\\system32\\ias\\ntmgmt.exe
c:\\winnt\\system32\\ias\\reghost.exe"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000

Needless to say, whoever the hell wrote this program, did a darn good job.
If you want to see the entire folder, let me know. I've WinZipped it.
The doggone thing even contains files that have the most common usernames
and passwords that people use. Looking at it, it looks as though it
starts an mIRC program, runs it in silent mode, and pretty much opens your
computers harddrive to whoever is in the IRC channel it connects to.
 
Back
Top