Hello, Can someone please offer advice. My friend has ZoneAlarm free firewall, and recently an application has been trying to access his pc, he has denied access. The application is kernels32.exe and the file path is:- C:\WINDOWS\System32\kernels32.exe I think this may be a trojan. Could anyone please advise and if it is a trojan is there any removal advice please Thank you Rosie
Not looking good according to this, http://www.liutilities.com/products/wintaskspro/processlibrary/kernels32/ U might want to tell your friend to post a HijackThis log over here, http://gladiator-antivirus.com/forum/index.php?showforum=170 then let the experts there give recommendations on any malware found. snowbound
Hi Rosie, Upload the file here to check it out: http://virusscan.jotti.org/ where multiple scanners will weigh in on the issue. If trojan found go to one or more sites here for a full system PC scan online: * Best Online Scanners (full PC scan online) and removal: Housecall: http://housecall.trendmicro.com/ http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php Kaspersky: http://www.kaspersky.com/virusscanner <- [excellent] bitdefender: http://www.bitdefender.com/scan/license.php Malware: http://virusscan.jotti.org F-Secure: http://support.f-secure.com/enu/home/ols.shtml Panda: http://www.pandasoftware.com/activescan RAV AV: http://www.ravaantivirus.com/scan eTrust: http://www3.ca.com/virusinfo/virusscan.aspx ewido: http://www.ewido.net/en/onlinescan -- Tom
In addition: If you removed kernels32.exe manually (with no anivirus involved) you may still keep error message that kernels32.exe cannot be found on every new login to Windows. To rid of that message you need to clean up your Registry Goto Start/Run type regedit->Enter Here are the Registry keys to be found and deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Value Name: System Value Data: D:\WINNT\system32\kernels32.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value Name: Shell Value Data: Explorer.exe D:\WINNT\system32\kernels32.exe (right-click on Value Name->Delete)