When I came in for work today my colleague Anders asked for some assistance. He had sort of issue with his computer at home. Since this wasn’t work I couldn’t help him right away, so we decided to have a look at it during lunch.
During lunch Anders was kind enough to buy me a take-away kebab-roll and we got started by using TeamViewer to connect to his home computer.
I ran a scan for recently modified files and a file called NTRedirect.dll, in the c:\users\Anders\appdata\roaming\babsolution\shared\ directory came up. My first thought was that the file had something to do with the Babylon Toolbar.
We sent NTRedirect.dll to VirusTotal and it was detected as a trojan by both the AhnLab-V3 and TrendMicro-HouseCall scanners.
With these detection result we didn’t need any further research and got straight into deleting the file, and the lunch was over.
NTRedirect.dll removal instructions
The following instructions shows how to remove NTRedirect.dll manually using the built-in Windows tools:
- Reboot your machine.
- While your computer is rebooting, tap F8. The Advanced Boot Options should appear after a while.
- On the Advanced Boot Options screen, use the arrow keys to select safe mode and press ENTER. Your machine should now start in safe mode.
- Start Windows Explorer by pressing the Windows button and E.
- Open up the c:\users\%USERNAME%\appdata\local\softwareupdater\ folder.
- Delete NTRedirect.dll.
We didn’t find out how the NTRedirect.dll file found its way into Anders machine, but he was glad we managed to delete it.
Do you know how NTRedirect.dll was installed on your computer? Please share by posting a comment.