How to remove (uninstall) Ndistpr64.sys

In recent week many customers appeal to the tech support forums asking about strange Ndistpr64.sys virus. This virus seems not very dangerous for now, but we suppose that it might have some purposes that are unseen for us. Virus penetrates user’s system with help of bundled installation or e-mail spam and destroys some files (most likely – the drivers). Maybe it’s not the primary goal but on some stage of virus’s work the computer suffers from BSOD and it continues each time when it’s being restarted.

Users begin to complaint because there’s not much you can do if in 20 seconds after the boot of system you see the blue screen. This problem can be simply fixed by entering the Safe mode with networking and following the removal instructions which are given below. Some users replied that they faced difficulties with entering the safe mode, but these difficulties won’t appear if you will follow the instructions.

Step 1. Boot into Safe mode

Safe mode

Start -> Msconfig.exe

Safe mode. Step 1

On the tab Boot select Safe boot

Safe mode. Step 2

Step 2. Check Startup folder

Start -> Msconfig.exe ->Disable unknown programs in the Startup tab


Step 3. Check hosts file

Modify hosts file, that located in C:\Windows\System32\drivers\etc\ .

Hosts file.Step 1

Open the file with Notepad and delete suspicious strings.

Hosts file.Step 2

It has to look like this:

Hosts file.Step 3

Step 4. Scan the system with antiviral scanner


Special Offer

Antivirus scanner

Why we recommend SpyHunter antimalware

Detects most kind of threats: malicious files and even registry keys of malware will be found

Protects your system in the future

24/7 free support team

SpyHunter's scanner is only for malware detection. If program detects infected elements on the computer, you will need to purchase malware removal tool for $39,99 to delete threats. SpyHunter has Free Trial for one remediation and removal, subject to a 48-hour waiting period. Uninstall steps and additional information EULA , Privacy Policy and Threat Assessment Criteria.

bwd  Instructions 1/2  fwd

Step 5. Disable Safe mode

Start -> Msconfig.exe ->Disable Safe boot in the Boot tab

Deactivate Safe mode

How Ndistpr64.sys penetrates the system

Now, when the virus is removed, there’s only left to understand how it got into the system. This might have happened in two basic ways: with help of bundled installation or via e-mail spam. First method is more popular among adware developers, because it is completely legal and is based on user’s inattentiveness. During the installation of a program, in one of the windows there is a dialogue box in which user has to choose between recommended and partial installation. They might be called also full and partial, reliable and for experienced user, etc. Anyway, scammers try to convince the user that the first option is reliable and good and the second is doubtful. Actually, first option means that you will install the needed program and everything else that scammers had placed in the installation bundle. The second option enables you to choose what program to install and what to decline. If user doesn’t notice this window and just press OK – he will install few viruses on his PC without knowing about this.

The second method is more preferred by malware and ransomware developers, and it is one of the most cheap and easy methods of virus spreading. Scammers create few free mailboxes and send thousands of e-mails with attached files. Those users who opened the e-mail and clicked on the file? Get a virus. The messages might be written to hook the especial category of users, or just random “you won the prize” notifications, but the essence is the same: scammers say that user should open an e-mail attachment to receive something.

These two methods are used very frequently, so you should keep them in mind while installing new programs and clearing your mailbox. If you will do this, your PC will be in its best shape for years.



This website uses cookies to improve your experience. If you continue using the site, we will assume that you accept our cookies policy.