Kernelcheck.exe - What is it?

Hello, It's been quite a while since i posted here.

I have searched the forums for this and found a very similar thread that had no answers. I didn't want to bump it.

I don't think i have an issue at the moment, so i haven't posted the HJT log. Kaspersky has told me of a Running Process: C:\kernelcheck.exe

With the following message

Action: Process is trying to register its copy as startup autorun object. This behavior is typical of Trojans.

As i failed to find anything useful in google. I thought it would be best to check first before i do something.

- xyster
P.S: i read the rules, wasn't 100% sure if this is allowed, sorry if its not

 

Hello, ok i have read and done all the readme information.

here are the logs.

 

The MGlogs.zip file.

thanks for your help in advance.

 

Hello,

firstly may i just say, you guys here are amazingly quick... thank you so much for all your help.

Ok, so, i successfully ran HJT and fixed the problem. Then i updated my registry with the information you gave me.

However, when i went to delete the sysfnx.exe from the directory, it was not there.

I figured i should do a quick search for the "sysfnx.exe" with explorer to be safe as a double check. It wasnt located anywhere. I know my explorer clears its temp stuff nightly. It may have gone with that, or,well, thats what i am hoping.

If you need me to clarify, i will

thanks in advance,
- xyster

 

Hello again,

i have done some looking, i now know more about this issue...

I have discovered how i got the first "kernelcheck.exe" problem.

It seemed my USB got infected from another computer with the problem. I got this from "swinburne library computers" (stupid swinburne, stupid friend). My friend also has this problem. It seems to be a real pain in the ***. She didnt know she had it on her laptop. It infects the USB's. The moment i plugged in a usb it infected it. I noticed bcus it was my usb while i was transferring files.

In short; It is a pain. It's painfully contageous. If anyone else is reading this thread, don't stick your usb into your friends computers or you will infect them to if there virus blocker doesnt stop it (like mine spotted it). It will then infect all USB's they plug in and its a long line of pain in removing it.

How I cleaned the USB:
I made sure my firewalls were turned on, i removed the kernelcheck.exe from C:\
I then plugged in the infected USB: I blocked the kernelcheck.exe it tried to do with my Anti-virus
I then ran the following commands to delete autorun.inf and autorun.exe from my USB. (if you do it through explorer they just kept re-appearing).
1. Open Start>>Run and type cmd and press enter. This will open a command prompt window. On this command prompt window type the following steps.

2. type: $: (swap the $ for your USB's drive, eg. J

3. type: attrib -r -h -s autorun.inf (this will make it visible, do the same for the autorun.exe)

4. type del autorun.inf (this deletes , do the same for autorun.exe)

Note: the above commands were an adaption from: http://www.troublefixers.com/not-able-to-open-drives-on-hard-disk-by-double-click/

- xyster
P.S: i dont know if that is relevant for this, but i thought i should tell somoene... bcus when i searched in google for this issue i found pretty much nothing about it.
P.P.S: is this a permanent fix i have done, it doesnt feel so much like it, but im not hugely experienced in this field).

 

I have ran the checks on my USB now, it appears to be clean. Thankyou for your help.

Stupid USB virus. Thankyou so much for all your help hear. It has been so much appreciated.

You guys are absolutely awesome.

- xyster