Results 1 to 5 of 5
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am helping a friend whose computer was badly infected with trojan horses and viruses. I installed Malwarebytes and got rid of over 300 infections. Then I installed and scanned with AVAST 4.8 - it keeps reporting that C:\WINDOWS\SYSTEM32\KERNEL32.DLL is infected by the malware WIN32:PATCHED-KO [TRJ] and it recommends moving it to the chest. But then it comes up and says it can not move it to the chest because the file is READ ONLY. The only other alternatives are to MOVE/RENAME or DELETE. What should I do?

    Thanks for your help.

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Kernel32.dll is one of the core Windows files, so you cannot just remove it while Windows is running.

    Any chance that you can boot the PC from an external drive, e.g. a bootable CD-ROM?

    Also see How to Remove Trojan.Win32.Patched (but I assume that system restore will not be possible here).

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='HansV' post='784615' date='14-Jul-2009 22:22']Kernel32.dll is one of the core Windows files, so you cannot just remove it while Windows is running.

    Any chance that you can boot the PC from an external drive, e.g. a bootable CD-ROM?

    Also see How to Remove Trojan.Win32.Patched (but I assume that system restore will not be possible here).[/quote]

    I did a boot scan with AVAST and it found the infection but again said it could not move it to the chest or disinfect it. Is there any other antivirus program that could somehow disinfect this trojan?

  4. #4
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    [quote name='trebor' post='784624' date='14-Jul-2009 23:55']I did a boot scan with AVAST and it found the infection but again said it could not move it to the chest or disinfect it. Is there any other antivirus program that could somehow disinfect this trojan?[/quote]
    If you have a bootable Windows installation CD - with exactly the same version of Windows as you have on your PC - then you can use the Windows Recovery Console to replace the file.

    Which version of Windows do you have?

  5. #5
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If Stuart's suggestion won't work AND If you have a KNOWN good copy of Kernel32.dll (either from an installation diosk OR downloaded), you can boot from a KNOPPIX (Knoppix Bootable CD) and copy the file over .

    The trick is to ensure you can get a known good copy of the kernal32.dll AT THE CORRECT Version for the machine.

    I have used this trick several times n the past.
    Scott

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •