All,
Do you remember which open handle utility creates the nthandle.sys file? I keep removing the nthandle.sys file, but some process keeps recreating it. I don't recall installing any open handle programs except for oh.exe from the Win 2k resource kit and handlex as well as process explorer from sysinternals. I even used bintext to see if any strings within the file would provide any clues, but this is all I got. !This program cannot be run in DOS mode. Rich-zc .text h.data .reloc |Af9;t<VS WQRQj SVWUj t ;t$$t VC20XC00U RtlFreeAnsiString strncpy RtlUnicodeStringToAnsiString ObQueryNameString MmIsAddressValid ZwClose ZwDuplicateObject ZwOpenProcess KeDetachProcess ObfDereferenceObject ObReferenceObjectByHandle KeAttachProcess PsLookupProcessByProcessId ZwOpenProcessToken IofCompleteRequest IoDeleteDevice RtlInitUnicodeString IoCreateSymbolicLink IoCreateDevice ntoskrnl.exe RtlUnwind 3 30383<3D3H3R3W3 304@4M4 5T5h5}5 666Q6 959S9Z9l9w9 sys\nthandle.dbg 6\free\nthandle.sys \Device\NtHandle \DosDevices\NtHandle I tried looking for nthandle.dbg, but I wasn't able to find it. I even turned on the audit settings for the nthandle.sys file, but nothing turns up in my event log even though this file gets recreated on a random basis. Any advice would be appreciated. Thanks! Get your free encrypted email at https://www.hushmail.com
