ROOT\LEGACY_NPF\0000 Virus or Hardware problem?

April 30, 2014 at 23:48:20
Specs: Windows 7
Hi!, I was checking my system using AVG PC TuneUP and I saw an error it says:
Name: NetGroup Packet Filter River
Value: ROOT\LEGACY_NPF\0000
Advanced: Driver is not present, not working properly...

I did some quick research and found out that it's an unwanted application. I checked my "Device Manager" and there was no "Other Devices". I strongly think this is some virus or something.
Plus my desktop keeps shutting down for no reason, all the fans are working. Please help me.

message edited by Michaelensis


See More: ROOT\LEGACY_NPF\0000 Virus or Hardware problem?

Report •

#1
May 1, 2014 at 03:04:16
""NetGroup Packet Filter River""

It's actually NetGroup Packet Filter Driver, not River

It's not shown in Device Manager because it's not a device driver, it's a Microsoft system driver installed with Windows and should be located here: C:\Windows\System32\drivers\npf.sys

If you find it anywhere else it's malware that's deliberately named to look like a genuine file.

message edited by phil22


Report •

#2
May 1, 2014 at 03:22:54
Step 1: Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.

http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...

Report •

#3
May 1, 2014 at 06:16:30
This is the log. Thanks for replying! :D
Is there something wrong?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 9:14:33 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Lim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 235975
Time Elapsed: 10 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

message edited by Michaelensis


Report •

Related Solutions

#4
May 1, 2014 at 06:18:24
Thanks for the reply. Yep that's a typo.

Report •

#5
May 1, 2014 at 06:31:14
"Is there something wrong?"
Not in your MBAM log.

"Microsoft system driver installed with Windows and should be located here: C:\Windows\System32\drivers\npf.sys"
Did you check this from post #1


Report •

#6
May 1, 2014 at 06:42:57
How do I open the npf.sys?

Report •

#7
May 1, 2014 at 06:49:04
"How do I open the npf.sys?
You don't, was it located as per previous detail?

Lets do a double check, googling did get a link to ROOT\LEGACY_NPF\0000 as a virus.
http://www.sophos.com/en-us/threat-...

Download the virus tool & we will know if you have a problem.
Copy & Paste the contents of the log.
http://www.sophos.com/en-us/product...


Report •

#8
May 1, 2014 at 07:05:08
Yes it does contain the "C:\Windows\System32\drivers\npf.sys"

Report •

#9
May 1, 2014 at 07:08:46
I'm going to bed now, shall look at the log tomorrow.
I'm here.
http://www.timeanddate.com/worldclo...

Report •

#10
May 1, 2014 at 07:12:43
Thank you. We have almost the same timezone. I'll also post tomorrow. Thanks again. :D

Report •

#11
May 1, 2014 at 08:21:00
It said that my computer was clean. So is it OK?

message edited by Michaelensis


Report •

#12
May 1, 2014 at 12:29:52
Best not have too much faith in Tune Up programs.

It would be worth checking your temperatures and/or cleaning the following:
Vents, fans, CPU heat sink (without removal).

There are free temperature info programs such as:
http://www.almico.com/speedfan.php

PSU issue is on the list of possibilities - might not be a software issue at all.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#13
May 1, 2014 at 15:24:54
"It said that my computer was clean. So is it OK?"
The scans we have done, appear to eliminate the infection side of things.

Lets see what chkdsk reveals, Copy & Paste the contents of the log in your reply please.

How to Run Disk Check in Vista & Windows 7 (W7)
http://www.winvistaclub.com/f20.html
http://www.sevenforums.com/tutorial...
http://www.howtogeek.com/howto/wind...
Viewing your chkdsk report Windows Vista & Windows 7 (W7)
http://janetalkstech.com/2009/windo...
Viewing the system log for the scan results of Check Disk (Wininit)
http://www.sevenforums.com/tutorial...
Administrative tools - Event viewer - Windows logs - Application - Click on 'source' at the middle top to sort by ascending/ descending order. Locate 'wininit' and click on it to view.


Report •

Ask Question