Ntoskrnl

I have the same problem as in this thread. My Sygate Firewall asked about ntoskrnl
I did NOT allow it, but I am confused now as to what else I need to do if anything. I did scan with adaware and spybot and they didn't find it.
I did save the log from Sygate.

Sure hope my uploads worked.
Thanks for any help.
Gal

Well, I don't see any uploads sighs
Hope this makes sense anyways.

 

OK, the uploads should work now, I hope.


Thanks for any and all help
Gal

 

I am running XP home.

I have etrust antivirus
Symantec for Firewall

Gal

Feeling really dumb for not putting this in right away. Been a member here long enough to know by now. And, the edit button just isn't there long enough for someone like me on a slow computer.lol

 

The file ntoskrnl.exe is part of the Microsoft Boot Up Kernel (bootscreen) and is a critical system process, however its possible that it was altered by whats called W32.Bolzano and/or its variants. Lets start with a few virus scans to rule this out, procede with the below:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan
Panda Online Scan

After you complete these scans, attach any logs and let me know if anything was detected/removed and the name of the infection.

 

So far, I have only ran the House Trend online scan. It came back clean.

I am on a slow connection, so takes me quite a while to run. I will run the others when I get home from work.
Gal

 

If your on a slow connection, instead of running all those online scans you can just run the below scan.

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there!

Sysclean Package

Pattern.zip

Once you have these downloaded into the folder you just created, double click the file sysclean.com

When the system cleaner loads, click SCAN to start the scanner. After the scan is complete reboot and let me know how things are running now.

Also, attach the log from the scan along with a current HJT log.

Do you have StyleXP installed?

 

No, I do not have StyleXP downloaded. Don't even know what it is


I have uploaded the sysclean and hijackthis logs.

Thanks for the help and any advice.
Gal

 

Anyone?
Gal

 

Going to ask once more. Can anyone help?

Gal

 

gal1998,

Sorry for the delay been away for a day or so.

Scan with HijackThis and Check the Boxes for the following:

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)'
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner

Now:

Download Windows XP Prefetch Clean And Control 1.2.0

Once download is completed, run the utility and click the button "Clean Prefetch Now".

Your HJT log is fairly clean, about this file requesting access, I would block because there isnt any reason for this file to need internet access. All your scans come up clean so I dont think its malware related. If you would like further anaylsis on this I would post it in the Software Forum. If needed they will send you back to me.

Good Luck!

 

Thanks for the help bj. I really appreciate it.

I did what you requested.
I wasn't really having any trouble, just wasn't sure about the ntoskrnl.
Thanks again.
Gal

 

Your Welcome!

Surf Safely!