Results 1 to 11 of 11
  1. #1
    2 Star Lounger
    Join Date
    Apr 2009
    Posts
    173
    Thanks
    7
    Thanked 0 Times in 0 Posts

    ntoshkrnl.exe corrupt

    Hello -

    Scanned PC (XP Pro) with AVG and it found one corrupt rootkit: ntoshkrnl.exe

    I don't know what to do with this information, especially since false reportings are known. Please advise what I do with this info.

    Thank you

  2. #2
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by mipendance View Post
    Hello -

    Scanned PC (XP Pro) with AVG and it found one corrupt rootkit: ntoshkrnl.exe

    I don't know what to do with this information, especially since false reportings are known. Please advise what I do with this info.

    Thank you
    mipendance,
    Hello.... Have a read ntoskrnl .exe Just to be on the "safe side" download and install Malwarebytes Free. If you have to run it from "Safe Mode " ...Post back if your not sure how. Regards Fred
    Last edited by Just Plain Fred; 2012-06-10 at 17:07.
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  3. #3
    2 Star Lounger
    Join Date
    Apr 2009
    Posts
    173
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Thank you, Fred.

    I ran Malware and there were no malicious items found.

    In AVG I choose to have the ntoshkrnl.exe as an Exception....Not knowing what else to do with it. I thought AVG would have an ignore or vault or some such. Perhaps they do and I haven't found it yet.

    Again, my thanks.

    AVG found ntoshkrnl to be corrupt. Any suggestions what to do since it apparently is a vital file? Ta
    Last edited by mipendance; 2012-06-10 at 17:05. Reason: Additional info

  4. #4
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    mipendance,
    Hello... Are you sure about "ntoshkrnl"... and not "ntoskrnl"? found this rootkit ( enter ntoskrnl) Regards Fred
    Last edited by Just Plain Fred; 2012-06-10 at 17:18.
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  5. #5
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,484
    Thanks
    283
    Thanked 572 Times in 476 Posts
    ntoshkrnl is NOT a vital file, ntoskrnl is!

    You really need to go to a specialised antimalware forum to get this sorted out cleanly, a half baked 'fix' could see you unable to boot to Windows. Majorgeeks, TechSupportforum, BleepingComputer, ...
    Last edited by satrow; 2012-06-10 at 20:53. Reason: Tech not Tach :(

  6. #6
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,571
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    NTOSHKRNL.EXE is NOT a valid Windows file. Are you sure it was NTOSHKRNL instead of NTOSKRNL?

    Joe

  7. #7
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Normally, I don't subscribe to sending people who ask for assistance in removing malware to other places. However, assuming for one moment that it is ntoskrnl.exe, I would tend to agree with Satrow in this case.

    Often malware infections can be resolved in this forum, but the kernel is a critical system component, arguably, the system component. One false move and your current installation could become irrevocably damaged. Since we do not know anything else about your system, in this case, I would play safe and seek specialist support.

    With physical hands-on, it becomes somewhat easier, but this one needs care. It could be problematic and even dangerous to attempt a fix from afar.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  8. #8
    2 Star Lounger
    Join Date
    Apr 2009
    Posts
    173
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Fred - that could well be a typo. I tried to find where Exceptions are filed within AVG to check the spelling but, again, couldn't find where to look. Could you direct me to correct tab. My thanks

  9. #9
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    mipeddance,
    Sorry but i have no knowledge of AVG, or how it is set up.. If it were my PC ..First thing i would do...

    1. Make a complete full Image Backup.. using the free program Macrium Reflect Free. Burn the (WAIK...Windows Automated Installation Kit) WinPE recovery disk ( make sure your PC can boot from a CD...BIOS setting) ,and store the Image off the PC, or 2nd internal HD.

    2. Follow the advice of "satrow"#5...my link in #4 is for BleepingComputer

    3. Additional you can download the free offering from Emsisoft Emergency Kit 2.0 Regards Fred
    Last edited by Just Plain Fred; 2012-06-10 at 18:50.
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  10. #10
    2 Star Lounger
    Join Date
    Apr 2009
    Posts
    173
    Thanks
    7
    Thanked 0 Times in 0 Posts
    Thanks, again. Yes, it was a typo. I ran AVG's rootkit and it came up with following: under 'file': unknown. Under Infection:'corrupted section ntoskrnl.exe. Object is hidden.'
    When I click on 'Remove all unhealed,' the next screen says 'object is hidden by a rootkit technique (which is usually a malicious software)Do you really want to remove it?'
    I would think to say Yes. Is that the correct choice? I will keep that screen open until I know what's best to do...

    Sorry to burden you with all my ignorance - I am assuming this language is similar to other antivirus programs, thus, even tho you are not familiar with AVG, the language may be....

    Thank you

  11. #11
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by mipendance View Post
    I would think to say Yes. Is that the correct choice? I will keep that screen open until I know what's best to do...
    mipendance,
    Yes.. i would delete it as well ...However i would first make a "Full Image" of your system useing Macrium Reflect Free .. This way if something goes wrong after deleting ..you can get back to where you were in about 10minutes or so.... Regards Fred

    PS: if then after ...all is well delete the infected Image and "Re-Image" the now "Clean OS"
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •