|Attention Before you read this tutorial, I highly recommend you check out my resources page for access to the tools and services I use to not only maintain my system but also fix all my computer errors, by clicking here!|
Ntvdm.exe is an important component of your Windows Operating System (OS), as its function allows your OS to open 16-bit applications (such as MS DOS) in a 32-bit environment. With that said, this particular file is not unknown to hackers, as it is quite frequently targeted by such people, however, despite that reality, whenever people encounter problems with this specific file, it’s usually due to system issues such as program conflicts, the installation of certain system updates and data corruption. Thus, these are the kinds of things you should be mindful of, when tackling any computer issue related to this particular file.
Symptoms of Ntvdm.exe Errors
As this file is utilised whenever a user attempts to use a 16-bit application, it’s not uncommon for hackers to create viruses that disguise themselves as this particular file.
Typically what these unscrupulous people will do is create a virus, and give it a filename that is very similar to the file they are trying to disguise it as, but the biggest indication that the file is illegitimate is in the location, as it will usually be stored a location other than the official location for this particular file (Ntvdm.exe):
Adding digits at the end of the file name or changing a single letter are the most effective tactics deployed by these people. Through this method they are able to disguise a number of very malicious programs. The most commonly disguised virus types are as follows:
This is your common backdoor Trojan viruses that gets onto your computer and multiplies. This particular virus exploits a number of vulnerabilities in your Operating System, such as network shares, weak passwords and MSSQL servers in order to find its way onto your system.
This is another backdoor Trojan viruses; the primary function of this viruses is to allow hacker to gain access to your computer, remotely.
At any given time, you could have a number of what appears to be Ntvdm.exe files running as process on your computer. The presence of multiple instances of the same file/process is a strong indication of foul play, though it doesn’t necessarily mean you have a virus. However, if you find that you have this process running in the background even when you do not have any 16-bit application like MS DOS running, that’s a strong indication that your computer may be infected with a virus.
Common Ntvdm.exe Related Problems
The Ntvdm.exe uses in excess of 90% of your CPU processing power.
This typically occurs when a user attempts to run certain MS DOS based applications, although there aren’t very many of these applications today. With that said, a DOS emulator is said to be a viable solution for this kind of problem.
The NTVDM CPU has encountered an illegal instruction.
This will occur when a running DOS based application crashes. This may also happen when you attempt to run a 32-bit application through MS DOS.
NTVDM encountered a hard error.
This error occurs when a running 16-bit application attempts to access a long filename; of which it’s not programmed to handle.
Note: Another common cause for Ntvdm.exe related errors is the installation of a specific security update (KB2707511). The uninstallation of this update is usually sufficient in fixing this problem, with that said, the symptoms exhibited, can mirror those described above.
Solutions for Ntvdm.exe Errors
Issues concerning this particular file are numerous, from the failed attempt to run certain 16-bit applications, to viruses disguising themselves as the file itself. Below are a number of solutions that I have found have helped most people rectify this problem. I recommend you try each method in sequential fashion, until you find the method that works for you.
Uninstall Windows Update (KB2707511)
One verifiable way of remedying this problem is to remove a specific Windows Update that is known to cause complications with the Ntvdm.exe file. The fastest method of doing this is to use Windows System Restore, but the suitability of that method is dependent on a number of factors, such as whether you have it properly configured on your system and you’re general understanding of how to use it. Thus, a restoration would only truly be necessary if you’re computer was severally infected with a viruses.
This method is only applicable for Windows XP users, so if you’re on Windows Vista/7, then I suggest you skip this method.
Anyway, to remove this update, please do the following.
1. First, ensure you’ve booted into your computer with administrative rights.
2. Then, click on Start -> Run, type appwiz.cpl and click on OK.
3. This will bring up the Add or Remove Programs applet; from here check the box next to Show Updates, then scroll down to the Windows Update KB2707511, click on it, and then click on Remove.
Note: The security update may also be titled KB2823324, so be sure to check for both KB2823324 and KB2707511 and Remove whichever you find.
Alternatively, if you’re unable to find the update, then I recommend you use the uninstallation tool called Perfect Uninstaller, as it will allow you to uninstall far more drivers, tools and applications on your computer than the conventional built-in uninstaller. Anyway, you can download this tool from here:
Microsoft in the past released a hotfix that is said to be capable of correcting problems with the Ntvdm.exe file. This hotfix should only be applied to systems that are having issues with the Ntvdm.exe file due to data corruption or application conflicts and NOT viruses.
In order for you to apply this update, you will need to be running Windows XP Service Pack 3 (SP3). If you’re on a Windows XP machine, but you don’t have the latest service pack, then you will have to download it first. You can download it from here: http://www.microsoft.com/en-us/download/details.aspx?id=24
This update will not make any changes to your registry once applied, although you will be required to restart your system once the process has completed. Anyway, you can download the hotfix from here: http://support.microsoft.com/kb/2732488
Remove Ntvdm.exe Malware
If the method outlined above didn’t work for you or if you are running a Windows Vista/7 based system, then it’s fair to assume that you may have some kind of virus on your computer. One tell-tell sign that you have a virus on your computer is if the ntvdm.exe process is running when you are not using a 16-bit application such as MS DOS (as previously mentioned).
Another positive indication that your compute may be infected with a virus is if the ntvdm.exe file is using an inordinate amount of CPU power and hard drive space. All of this can be examined using Windows Task Manager, which you can run by first pressing Control + ALT + DELETE [Windows Vista/7: Click on Windows Task Manager Button], then finally click on Processes Tab.
The real Ntvdm.exe file will show up under Processes in all caps with a lower case file extension (NTVDM.exe). However, whenever you receive any system alerts and error messages they will usually spell the process out with all caps, like NTVDM.EXE.
In order for you to effectively remove this ntvdm.exe virus, it’s recommended that you scan your computer using an antimalware tool like SpyHunter. For cleaning and optimisation purposes, I recommend the use of SpeedyPC Pro, but that’s only after you’ve used SpyHunter. Anyway, the instructions are as follows.
1. First, ensure you’ve logged into your computer with the appropriate administrative rights.
2. Then navigate to the following website and download and install SpyHunter:
Note: Once you’ve installed the program, run it, and it should automatically update itself. This is important as it will ensure it has all the appropriate virus definitions to enable it detect any recent viruses that may have gotten onto your system.
3. Once the program is up and running, it should automatically scan your system, but in the event that it does not, simply click on Start New Scan, then un-tick the box next to Quick Scan, then click on Scan Computer Now.
Run System Optimisation Tool
Once you have run and removed any viruses on your computer, its best practice to run some kind of optimisation suite in order to maximise system performance. There are a number of tools available that you can use to do this, but I personally recommend SpeedyPC Pro, and that’s primarily because of its registry scanning capabilities, as it’s likely the viruses would have corrupted, removed or added invalid entries to it. You can pick this tool up here: