Computer Newbies forum

General discussion


by tomron / May 16, 2006 11:50 AM PDT

It is listed in system properties>under user profiles.

For some reason,why i don't know it appeared there.


OS 2K pro

Discussion is locked
You are posting a reply to: What is NT AUTHORITY\SYSTEM
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: What is NT AUTHORITY\SYSTEM
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by PKsteven / May 16, 2006 5:12 PM PDT

This is typically a security access settings for shared folders on a network. Usually set up using the Everyone account, if I stated this all correctly. There are many issues though with this so if you are experiencing any strange behavior (with your PC, not you) let me know.

Collapse -
Nothing unusual,with the exception...
by tomron / May 17, 2006 12:36 AM PDT
In reply to: nt

with FF timeing out more then before.

I don't have any shared folders on a network.


Collapse -
It's The 'Local System' Account...
by Grif Thomas Forum moderator / May 17, 2006 1:59 AM PDT

It runs as an administrator type account with high-level rights. Not really designed as a typical "user" account as many of the underlying services such as .NET Framework run in this account..

It's best left alone.

Hope this helps.


Collapse -
by PKsteven / May 17, 2006 3:10 AM PDT

The reasons I stated about unusual behavior is this, Nt Authority has many exploit problems and many people end up with viruses or whatever. How did you notice this folder? Actually let me ask you a simple question, do you have anti-virus? All your updates? Firewall? """I am not saying it's infected,""" but browser time-outs, windows shut downs among other problems can be signs of this being a virus. Not to worry , just making sure and as stated by Grif, simply leave it alone. It won't bother you otherwise.


Collapse -
by tomron / May 17, 2006 3:59 AM PDT
In reply to: Reasons

I have many programs (check my profile) and everything is updated.

I noticed it when i right clicked on my computer>properties>user profile tab.

What i don't understand is it was never there before,why is it there all of o sudden?


Collapse -
Start here
by PKsteven / May 17, 2006 5:50 AM PDT
In reply to: Paul

I can't be absolutely sure why it suddenly appeared there, there could have been a thousand things you may have done or not. I would really like to know if you have anti-virus installed or firewall. If you do, just do a virus scan first. The reason I say this is because this folder has many security issues, fixes, patches , what have you. If it is being attacked, it may have caused the folder to appear there, or not. I would simply like to make sure.

Thanks, Paul

Collapse -
by tomron / May 17, 2006 5:57 AM PDT
In reply to: Start here

I have AV and firewall installed,thats why i said check my profile.The profile tells all the applicable info.

I have no viruses,spyware,and so on


Collapse -
Tom, I Provided Info Earlier
by Grif Thomas Forum moderator / May 17, 2006 6:56 AM PDT
In reply to: Paul

It's best left alone..

The NT Authority/System profile is visible on many Windows 2000 machines. It's not a problem and can normally be ignored. It may have been there and you didn't notice it or it may have appeared after you updated your computer with a .NET Framework program or a service that uses that particular profile.

Hope this helps.


Collapse -
Thanx Grif and Paul
by tomron / May 17, 2006 7:06 AM PDT

I know,I was just responding to paul,mainly regarding his questions about my antivirus programs an such.

thanx people.


Collapse -
(NT) (NT) you are welcome
by PKsteven / May 17, 2006 9:57 AM PDT
In reply to: Thanx Grif and Paul
Collapse -
This end
by PKsteven / May 17, 2006 9:56 AM PDT

I just wanted to explain that I wasn't stepping on your toes here, and completely agree with your info. I did state that I agree with you and it should be left alone.
I simply wanted him to do a virus check because this folder is a prime target many times. With his browser acting up with time outs(which time outs can be caused by a virus) a folder appearing, etc...although if they had the NT Authority shut down constantly, I would have definately suspected the msblast.exe. I just thought a check may be in order for the sake of safety. If no virus found, then no harm done, no folder touched.
Take care, Paul

Collapse -
A little Info about this situation
by starband69 / May 14, 2010 9:16 AM PDT
In reply to: Paul

I have been working with this for 25 days now. This seems to me to be very serious. Not quiet sure exactly how you get this. But from the files i have decrypted so far. Looks like it came from a quiz on face book "IQTest" it installs the Trojan arcbomb.ZIQ on your computer. It also is being spread by way of an email you receive from a friend telling you about a new dangerous virus.
any way i have the whole UN-encrypted script of the virus. it is set to disable your alerter service first. then it creates a new user. then petitions for user priveleges to be granted these authenticated user,.Power user..back-up operator and restricted user. then it creates new work groups then 7 new users like this S-1-5-34-"random big number" it then sets u up as a limited user with read only rights. disables the av engine, disables windows updates and it takes you to a new page stored in the systewm32 files that it created for you that it does updates for itself installed from a nt\authority remote desktop user. it enables the remote registry. and from there it has complete control. Now where the crazy part comes in. It installs a wrapper program that allows it to run multiple OS. I think this is done at 3am by remote desktop. it also installs acronis disk editor hidden and partitions your HD it creates an extended virtual part and installs Windows nt 5.1 server and Linux solaris. it also creates a 7.8 MB partition on your hd B: drive RAM-DISK and stores an encrypted hidden compressed file that has a clone and backup files to fix any problem you may cause. If you use the D.O.D 36 pass wipe it still there. You can watch the logs when you install new OS it puts files in where it needs them. when you start your new install up it will have full control again within 15 minutes. I have found different ways it stores this hidden file 1. it uses Bitlocker 2. it uses the EISA partition. This remote desktop i have traced to Madrid & Bombay and Germany. I can email a copy of the exe. notepad that has the exact setup of this what starts as a virus situation. It erases all tracks of the virus and all the installs so you wont know its there. Look at the Monkey virus & the Terror virus i think this is the same guy. you can scan ans scan but you wont find a virus it has them in encrypted zips. one is called Mirror. it releases it if you find start looking to hard for what is going on. you can use a Linux boot cd and run klamAv it will remove about 90-150 encrypted zips and the arcbomb.zIq...worm.Kido-182...adware.comet...exploit.js-7...Trojan.spy and so on it has all sorts that you download during your so called visit to m updates. the file it has for that is call microsoft updates\Hell in the windows system system32 folder. you can tell if you have it if you explore the c drive and find these new folders called "recycler" system volume that is access denied and look in you user files you have several hidden folder with all sorts of new users. If anybody know how to get ride of this hidden partition please let me know. I have 26 computer waiting to be repaired. each one of the computer owners say they have all sorts of fraud activity on there credit cards for world of war craft and small stuff like that online purchases. email me at for more info

Collapse -
You've Responded To A 4 Year Old Post
by Grif Thomas Forum moderator / May 17, 2010 2:32 AM PDT

The person you've responded to hasn't visited here in quite a long time and I doubt they will respond.... Besides, the issue discussed in this thread was NOT about virus or malware.. It's a common user profile listed on Windows 2000 machines when certain programs are installed. (On the other hand, if there is an error message about "NT AUTHORITY\SYSTEM" popping up frequently, then malware is certainly a good possibility.)

Just a note: It's not wise to place your email address on a public forum as this.. You're just asking for SPAM.

Hope this helps.


Collapse -
NT Authority-Hell
by Chambertin1 / January 24, 2011 10:20 PM PST

Hi. I've been dealing with this for years, off and on. Nothing I've done has worked. I'm self taught as far as using a computer. Unfortunately, I'm not a very good teacher. The message from the guy before me cracks me up. Maybe he doesn't see the irony of his post.
NT manges to evade or actually control certain aspects of every anti-virus or malmare program I throw at it. I use Revo as an uninstaller. It's good. Programs that i tought were gone will sometimes show up in Ccleaners uninstall list or Spybots'. IObit 360s' (which first alerted me to the fact that Gateway was preloading trojan downloaders as junkware , tapping my computer through Word) Passive security is constantly being manipulated, dropping certain blocks or whole catagories. Now it's set up to appear that its doing the job it used to do. Spybots installs get quirky, like they're being blocked. Once you get them installed, their block lists are almost reversed, inviting those sites in. Aviras' safeguard against USB auto downloads gets turned off. The same is true as far as Aviras' warning about going on line as an administrater. Windows updates for XP3 are unnecessary for security according to Secunias CSI scan (I think Microsofts' been leaving their back doors open and switching when they see the wrong traffic coming through). Funny that you can download Microsofts' Security program online for free, yet it doesn't come prepacked in the initial system. The list goes on and on with endless permutations depending on what combination of software is involved. Mwanwhile, there's always some kind hearted guru telling the sheep the old "move along, move along. There's nothing to see..." routine.
Anyway, i alraedy had problems with my Chinese frieinds. Were you able to resolve your issues?

Collapse -
NT Autgority
by Chambertin1 / January 24, 2011 10:32 PM PST

i remember that test. Mbe thats' how they target, like the germanz tilting picture frames.

Collapse -
me too!!!!!
by ntauthoritive / February 23, 2011 10:43 PM PST

Iv' been through this same, nightmarish ordeal and am self taught at computer troubleshooting. I think being a natural troubleshooter helped me recognize all the red flags instead of writing off things that looked legit but clearly were not as they seemed. One thing you did not mention, as everything else was right on point, is removing the mb battery as I beleived the kb was compromised and this kept this disease storedhidden in bios. Removing battery and booting into linix or virtual xp off a boot cd and reformatting all drives with secure wipes before ever booting back into windows seemed to do the trick. Key was definately removin battery

Collapse -
Help me someone!!!!!
by Cam_2002 / October 11, 2012 11:17 PM PDT
In reply to: me too!!!!!

I don't know how, maybe malwere bytes, but this got installed. Now, it takes 5 hours to start up my other computer, and if I start it up regularly, It will take me 5 hours, then say NT AUTHORITY\SYSTEM has initiated a shutdown. Then a 1 minute timer starts. Please help me!
I can't do everything I need in Safe Mode With Networking!

Collapse -
by R. Proffitt Forum moderator / October 12, 2012 4:37 AM PDT
In reply to: Help me someone!!!!!

I've seen this old worm come back to folk that reinstall the OS.

Since there are many SOLVED discussions at\SYSTEM+has+initiated+a+shutdown

My question is why didn't you use those or start a new and complete new post with all the details?

Also, I can understand if you never encountered this old worm before but it's still out there.

Collapse -
it's the computer itself
by SuperKael / January 18, 2013 1:04 AM PST

NT AUTHORITY\SYSTEM is the computer itself, and it has 100% access to the computer, even more than an administrator does, and also, i know a hack to become SYSTEM:
1. Start command line
2. Enter: AT (TIME) /INTERACTIVE cmd.exe
Note: Replace (TIME) with the current time plus one minute in format HH:MM
3. Wait one minute
4. If done correctly, a second command line should appear
5. On the second command line, enter:
6. TASKKILL /F /IM Explorer.exe
7. START Explorer.exe
You are now SYSTEM! for proof, click start and look at your user name.
To return to your user, repeat steps 6-7 on the first command line.
If you closed the first command line, you can also switch back by logging off, (not switching user, actually logging off)
then log back into your account.

Collapse -
by SuperKael / January 18, 2013 1:08 AM PST

Oh, and in case you are wondering, i am in the SYSTEM user right now! Mischief

Collapse -
(NT) This old post is now closed..
by R. Proffitt Forum moderator / January 18, 2013 1:10 AM PST
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

Smart Home Help

Light bulbs you shouldn't buy

There are plenty of dimmable LED light bulbs, but make sure you don't buy the ones that flicker when you dial them down.