Something weird going on....

Discussion in 'malware problems & news' started by rothen, Jan 12, 2005.

Thread Status:
Not open for further replies.
  1. rothen

    rothen Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    3
    Somehow there is something going on inside my pc :(

    I would really appreciate your help on this....

    I use W2000 with Symantec AV + Sygate Firewall. At start-up Sygate reports "NT Kernel System has changed" with file identifier ntoskrnl.exe. Sygate asks whether that can access the internet and I say no. All seems fine but after five minutes or so IE denies I am connected. Mozilla the same. Outlook still runs as if nothing is the matter. Restart and the same happens again.

    I ran spybot-search and for good measure installed Spyware blaster. No use. I uninstalled about everything not essential. No use. There still is something weird going on...

    Any hint will help.
     
  2. dog

    dog Guest

    Hi rothen, ;)

    Welcome to Wilders' ;)

    ntoskrnl.exe is a critical process in the boot-up cycle of your computer

    Note: ntoskrnl.exe can be altered by the w32.bolzano and variants.

    Info on : w32.bolzano -> http://securityresponse.symantec.com/avcenter/venc/data/w32.bolzano.html

    Norton will detect it ... try running an AV scan in "Safe" mode ... Tap F8 while booting ... Select option 1 "Safe Mode" ... When Norton finds it select "Repair"

    Steve
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Rothen, welcome to Wilders. If what Dog suggested doesn't work, I would suggest following the comprehensive steps found in General Cleaning.

    If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  4. rothen

    rothen Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    3
    The treatment suggested, running Symantec AV in safe mode, worked wonders. I am eternally in debt. :)

    What I do not know is how that little bugger got into my PC. I have a router making me invisible to the world (I hope), I have Sygate, Symantec AV and Spywareblaster running, I do a regular check with Spybot and yet I appear to be as vulnerable as the next guy.

    Make me long for the good old EARN days...

    Keep up the good work, you have been a real help.

    Regards from the Dutch outback.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see Rothen, and thanks for keeping us up-to-date with your progress, You may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    This is what works really well for me, very simple to use and maintain.

    Let us know how you go…

    Cheers :D
     
  6. rothen

    rothen Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    3
    Blackspear,

    That seems a fairly comprehensive list of which I have at least half a dozen running. I will try the rest. Meanwhile Spybot found more W32.Bolzano's (That town has been a difficult place to live even in the best of times). Time to start making a donation to these guys !

    And another little problem I have is that someone out there seems to be sending emails riddled with viruses under my email address (at least that's what I think is going on: unknown postmasters are sending me refusal notifications). :mad:

    This really is a new world for me.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It is there as a guide, my system is set up like a fortress ;) :D


    I would suggest another run through General Cleaning until your system is clean, and if it keeps returning then download and run “Hijack This” found here and post your log at one of the forums found at A-SAP.


    Once your system is clean you can safely ignore these sort of messages, but until then let’s work on confirming your system is actually clean ;) :D

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.