No announcement yet.

NDIS Driver ???

  • Filter
  • Time
  • Show
Clear All
new posts

  • NDIS Driver ???

    All of the sudden my complete internet traffic is going via some driver NDIS User Mode I/O (*/System32/ndisuio.sys), making my Firewall pretty much uselles, since anything that tries to connect will succeed through that process. If I ban the process it self, needless to say, nothing can access net. Any suggestions how can I disable this Win. "feature" :)

  • #2
    It is quite possible that you have a larger problem that just having redirected traffic. It is possible that since this is a most recent occurance you might have possibly contracted a virus/ trojan or some freaky stype of spyware.

    I would advise updating virus definitions to the latest version and scanning the system. You might also search for some type of malware by using a 3rd party scanning software. I like Swat! IT.

    That should help to shed somelight onto the problem.

    How is it exactly that you discovered the redirection?
    What firewall are you running?


    • #3
      I know that ndisuio.sys is often used in File and Printer Sharing, as well as Remote desktop. Maybe try going to your command promt and typing:
      net stop ndisuio

      If you have a wireless gatway you cannot do this. I'm not fully certain, but check to see if you have File and Printer sharing enabled. I'm not sure if you're networking any files though.

      If this helps, let me know.
      Last edited by j0ekwon; August 7, 2003, 03:57.


      • #4
        I'm quite sure there is no virus or trojan on system. I'm running NOD32 + Ad aware and Sygate Firewall Pro.
        Firewall recorded traffic, or should I say failed to stop some programs I don't allow inetrnet connection. There is a list of running Applications on firewall so it's easy to see that incoming and outgoing traffic are 0 (zero) for all processes except NDIS.

        However, I find some other scanning tools, and see what will happen.


        • #5
          also here is a screenshot of what it shows after I have disabled ndisuio

          I am using ZoneAlarm and have had no such problems with ndisuio.sys on WinXP
          Attached Files


          • #6

            Computer has direct network connection to Cisco hardware router & Firewall and T4 connection to the Internet. There is no local networking for this computer, and all kind of sharing, remote acces are disabled.


            • #7
              Here is some information that I foud on NDISUIO:

              NDISUIO is a connection-less, NDIS 5.1 compliant protocol driver. It allows user-mode applications to establish and tear-down bindings to network adapters (Ethernet, WLAN etc.) Further, it also supports setting packet filters, sending and receiving data, and handling plug-and-play events. Therefore, as an NDIS_aware component, NDISUIO can directly open an NDIS miniport driver (i.e. network card driver) to send requests, set, and query information. NDISUIO provides an interface between a user-mode application and NDIS using DeviceIoControl (similar to the Unix ioctl).


              • #8
                net stop ndisuio helped, I've restarted the machine and now it works fine. Still I'm confused what started this (useless) service in the first place. This is only machine that has Windows (others are on Linux) and is used only for AV editing, so there is not much harm done anyway.

                Thank you for help.


                • #9
                  No problem, it is definitely useless in most cases.