Need help with ntoskrnl.exe

Ok for the past few days i have been dealing with on going issues with trojans infecting my system. i have run house call several times and found 4 and have since corected those issues. however today after doing yet another sweep of my computer just to make sure everything was ok I rebooted and when the OS (Windows XP Home Edition) started to my surprise my firewall (Sygate personal firewall) actually picked up and stopped a trojan named ntoskrnl.exe from accessing the web. Since then it has been continuesly trying to access the 1 IP adress ( only twice ) and now tries to access 0.0.0.0 every 2 seconds. I know that ntoskrnl.exe is a system program however i have several of them on my computer and the one i know is supposed to be there has an oddity about it

ntoskrnl.exe C:\I386\DRIVER.CAB 1,936KB
ntoskrnl.exe C:\I386\SP1.CAB 1,936KB
ntoskrnl.exe C:\Windows\System32 0KB
ntoskrnl.exe C:\Windows\I386\DRIVER.CAB 1,936KB
ntoskrnl.exe C:\Windows\I386\SP1.CAB 1,936KB
ntoskrnl.exe C:\Windows\Driver Cache\i386\driver.cab 1,936KB
ntoskrnl.exe C:\Windows\Driver Cache\i386\sp1.cab 1,936KB

as you can see the one that belongs (in the system32 folder) is 0KB
this cant be right and am wondering what i should do about this. I am reluctant to restart my computer for fear that it may exicute on start up this time and render my computer useless, If in fact i even have an infection.
can someone plz help point me in the right direction.
P.S. yet another scan with both Nortan Antivirus and Housecall finds nothing however it didnt detect it before and the only reason i noticed it this time was the firewall caught it.

 

Great thanks alot but i still have one more question
if this is in fact yet another trojan and not just some kinda false alarm then why isnt House call finding it? i forget the actuall name of the infection itself but i do know it is a known trojan and should be in any definition package out there.

 

well I cant thank you enough for this help, Hopefully this will end what has turned into a 2 day nightmare.

 

ok this just really blows my mind now.
I dont have the winxp disk at my disposal at this moment (the disk is in another state right now cause i just moved) so i took a chance and used the one from C:\Windows\Driver Cache\i386\driver.cab

now i have

ntoskrnl.exe C:\I386\DRIVER.CAB 1,936KB
ntoskrnl.exe C:\I386\SP1.CAB 1,995KB
ntoskrnl.exe C:\Windows\System32 1,848KB
ntoskrnl.exe C:\Windows\I386\DRIVER.CAB 1,936KB
ntoskrnl.exe C:\Windows\I386\SP1.CAB 1,995KB
ntoskrnl.exe C:\Windows\Driver Cache\i386\driver.cab 1,936KB
ntoskrnl.exe C:\Windows\Driver Cache\i386\sp1.cab 1,995KB


as you can see above the files in the SP1.cab's have grown and the one i replaced has shrunk. and on a further note my firewall didnt detect anything this time

 

could this be a worm?

 

You could try following the comprehensive steps found here. The steps mentioned use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

Hope this helps...

Let us know how you go.

Cheers

 

You could also add the suspect files to Norton quaratine and submit them for analysis. Let them have a look at the files in the lab.

Cheers

Jlo

 

ok after about 3 or 4 hours of letting Bit defender scan my system i found yet another 9 infected files (why everything else did not find them is beyond me) how ever still no metion obout the ntoskrnl.exe. after scanning and cleaning again i reastarted the comp and check the files again to see if they had change and to my relief (i think) they have not and remain at the same file sizes as mentioned in the second listand still is not trying to access the web (as far as i know). I am going to continue scanning and monitoring the system for the next few days to be safe, I am hopeing that the steps mentioned by Blackspear will not be necisary but will be kept in mind and will be the next step if the problem continues. I did not know that i could submit quarentined files to Norton for analysis, thanks for that info as well. As of right now everything apears to be running properly and the computer is alot faster as well. Once again Thanks everyone, I am in your debt, and if i am still haveing issues in the next few days I will post as much info as i can on it as well as any new info i gather so that anyone else haveing similar problems can get a head start. Thank you, thank you, thank you