CDROM-Guide forums

Go Back   CDROM-Guide forums > Main Forums > Open to All Computer Related Topics > Computer Networking & Security
FAQ Calendar Mark Forums Read
Open   CSec   Data   DevDrv   CoOp   Audio   CDRW   CDG   VCD   DVD   HD DVD   Mac   VGB   PS2   DC   Xbox  


 
 
Thread Tools Display Modes
  #1  
Old Jul 13, 2002, 07:43 PM
stuisthebestintheworld stuisthebestintheworld is offline
Junior Member
 
Join Date: Aug 2001
Location: glendale, b.c., canada
Posts: 17
Default kernal32.exe help!!

sponsored links

 
i think i got this thing from one of the many warcraft patches ive been trying to get to work in the last couple of days, its called kernal32.exe, it stores itself in c:\windows\system\spfile\, i looked it up and it is used by a trojan program, however it isnt used in the same way, because the rest of the trojan is no where to be found on my comp and kernal32.exe is located in a different directory, now ive tried deleting it from the startup and restarting in ms-dos, and deleting the second one thats in the windows directory, however it still manages to copy itself from somewhere before startup to my startup folder, and to the windows directory folder, ive tried virus scanning with fix-it utlilities, norton wont install for some reason. i went thruogh the registry and deleted everything that had kernal or kernal32 in the name, and ive gone thruogh everything in msconfig for any reference to it but havent found anything, so does anyone have any ideas or fixes to help me out, anyone know a bigger anti-virus board to ask on??
any help is much appreciated.




stu.
  #2  
Old Jul 13, 2002, 09:11 PM
uk_trader uk_trader is offline
Veteran
 
Join Date: Dec 2001
Location: United Kingdom
Posts: 1,103
Default

kernel32.exe you have is a legit file kernel32.exe (windows runs of it) Trojans may rename maliscious files the same name but they will be installed in different directories.

Last edited by uk_trader; Jul 13, 2002 at 09:13 PM.
  #3  
Old Jul 13, 2002, 09:33 PM
stuisthebestintheworld stuisthebestintheworld is offline
Junior Member
 
Join Date: Aug 2001
Location: glendale, b.c., canada
Posts: 17
Default

no man, windows runs kernel.dll, the one i have is kernal.exe, notice the A where the E is supposed to be, and plus if windows did run it and it got moved to a diiferent directory i doubt my comp would even start.



stu.
  #4  
Old Jul 13, 2002, 09:48 PM
uk_trader uk_trader is offline
Veteran
 
Join Date: Dec 2001
Location: United Kingdom
Posts: 1,103
Default

Its ok m8 kernal.exe is a legit file its one of windows core components. If a virus/trojan had overwriten it or replaced it or placed a file of the same name in a different directory you would have detected other files associated with the virus/trojan

Last edited by uk_trader; Jul 13, 2002 at 09:53 PM.
  #5  
Old Jul 13, 2002, 09:55 PM
stuisthebestintheworld stuisthebestintheworld is offline
Junior Member
 
Join Date: Aug 2001
Location: glendale, b.c., canada
Posts: 17
Default

no, its not, look: ***********.greatis.com/regrun3dk.htm#kernal32.exe
its part of doly, a trojan, look in your system folder right now and tell me if theres a folder called spfile with kernal32.exe in it. furthermore there is no such thing as kernel32.exe, if youll look on that list it is listed for remote access, the file your thinking of is kernel32.dll, which is used by windows.



stu.
  #6  
Old Jul 13, 2002, 09:59 PM
uk_trader uk_trader is offline
Veteran
 
Join Date: Dec 2001
Location: United Kingdom
Posts: 1,103
Default

Maybe your right Im a bit Pi$$ed now but the love letter virus used to overite a file on windows called kernal32.exe And the file definitley existed on win 95 dont know what directory though.

Last edited by uk_trader; Jul 13, 2002 at 10:03 PM.
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 02:06 PM.



Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 1996-2009 CDROM-Guide.com. All rights reserved