kernels32.exe

Discussion in 'malware problems & news' started by Rosie, Sep 29, 2005.

Thread Status:
Not open for further replies.
  1. Rosie

    Rosie Registered Member

    Joined:
    May 13, 2003
    Posts:
    44
    Location:
    United Kingdom
    Hello,

    Can someone please offer advice.

    My friend has ZoneAlarm free firewall, and recently an application has been trying to access his pc, he has denied access.

    The application is kernels32.exe and the file path is:-
    C:\WINDOWS\System32\kernels32.exe

    I think this may be a trojan.

    Could anyone please advise and if it is a trojan is there any removal advice please

    Thank you

    Rosie
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Hi Rosie,

    Upload the file here to check it out: http://virusscan.jotti.org/ where multiple scanners will weigh in on the issue.

    If trojan found go to one or more sites here for a full system PC scan online:
    * Best Online Scanners (full PC scan online) and removal:
    Housecall: http://housecall.trendmicro.com/
    http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php
    Kaspersky: http://www.kaspersky.com/virusscanner <- [excellent]
    bitdefender: http://www.bitdefender.com/scan/license.php
    Malware: http://virusscan.jotti.org
    F-Secure: http://support.f-secure.com/enu/home/ols.shtml
    Panda: http://www.pandasoftware.com/activescan
    RAV AV: http://www.ravaantivirus.com/scan
    eTrust: http://www3.ca.com/virusinfo/virusscan.aspx
    ewido: http://www.ewido.net/en/onlinescan

    -- Tom
     
  4. Rosie

    Rosie Registered Member

    Joined:
    May 13, 2003
    Posts:
    44
    Location:
    United Kingdom
    Thank you,

    Will try tomorrow.

    Rosie
     
  5. Rosie

    Rosie Registered Member

    Joined:
    May 13, 2003
    Posts:
    44
    Location:
    United Kingdom
    Thanks for the help and advice received.

    All clear now.

    Thanks again

    Rosie
     
  6. kernels32

    kernels32 Guest

    In addition:
    If you removed kernels32.exe manually (with no anivirus involved) you may still keep error message that kernels32.exe cannot be found on every new login to Windows. To rid of that message you need to clean up your Registry
    Goto Start/Run type regedit->Enter
    Here are the Registry keys to be found and deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    Value Name: System
    Value Data: D:\WINNT\system32\kernels32.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Value Name: Shell
    Value Data: Explorer.exe D:\WINNT\system32\kernels32.exe
    (right-click on Value Name->Delete)
     
Loading...
Thread Status:
Not open for further replies.