Should my "ntoskernal" ever change?

Discussion in 'other firewalls' started by Manticmeister, Oct 29, 2004.

Thread Status:
Not open for further replies.
  1. Manticmeister

    Manticmeister Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    18
    Hello all, I don't know if this this the proper place for this question, but my Sygate Pro firewall has reported on several occasions that my "ntoskernal has changed since the last time you used it." I might expect this I guess if I had just visited Windows Update, but it has happened on other occasions also. I am not an advanced enough user to know if this is anything to worry about or not. I once followed some bad tech support advice from a dialup service out in the boondocks and went online with the firewall disabled. Later I thought better of it and re-enabled the firewall, only to receive that message. A traceroute from the firewall also showed that a kernal contact was being attempted remotely from somewhere in Europe. Is there any way for me to know if my kernal has been compromised? Should the kernal ever change under normal circumstances or after a visit to the Windows update site? Should the kernal be blocked from accessing the Internet at any time?
    Thanks a bunch
    Manticmeister
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Do you use ewido?
     
  3. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    it is ntoskernel btw, I googled around for malware named ntoskernal couldn't find one...sorry
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,773
    Location:
    Texas
  5. Manticmeister

    Manticmeister Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    18
    Re: Should my "ntoskernel" ever change?

    Thanks to all for responding! Sorry I forgot to list the security measures I have in place. Yes, Infinity, I am using Ewido, with the memony-resident portion (guard) in place for the moment. Don't know if I'll pay for it when the trial is up though. I've had it in various versions for some time now. I'll be using ProcessGuard 3 as soon as it is released too. I am also running McAfee antivirus, Sygate Pro Firewall, Bazooka, TDS-3, Spybot S&D and Ad-AwareSE. All with definitions up to date. I am running XP pro SP1 with all critical security patches up to date as well. As far as a virus scan, although I may be wrong on this, my understanding is that anything affecting the kernel (such as a rootkit) would not show up on a virus scan anyway. None of these security products indicate that anything is wrong, yet the firewall has reported changes in the kernel at least three times, and as I said, not always after visiting Windows update. Does Ewido mess with the kernel? Should it ever change under normal circumstances? I am about to get a static IP address and don't want to go online with that if there is any compromise. Thanks again everyone!
    Manticmeister
     
Thread Status:
Not open for further replies.