ntoshkrnl.exe corrupt

**mipendance** · 2012-06-10 13:46

Hello -

Scanned PC (XP Pro) with AVG and it found one corrupt rootkit: ntoshkrnl.exe

I don't know what to do with this information, especially since false reportings are known. Please advise what I do with this info.

Thank you

**Just Plain Fred** · 2012-06-10 15:21

Originally Posted by mipendance

Hello -

Scanned PC (XP Pro) with AVG and it found one corrupt rootkit: ntoshkrnl.exe

I don't know what to do with this information, especially since false reportings are known. Please advise what I do with this info.

Thank you

mipendance,
Hello.... Have a read ntoskrnl .exe Just to be on the "safe side" download and install Malwarebytes Free. If you have to run it from "Safe Mode " ...Post back if your not sure how.

Regards Fred

**mipendance** · 2012-06-10 16:03

Thank you, Fred.

I ran Malware and there were no malicious items found.

In AVG I choose to have the ntoshkrnl.exe as an Exception....Not knowing what else to do with it. I thought AVG would have an ignore or vault or some such. Perhaps they do and I haven't found it yet.

Again, my thanks.

AVG found ntoshkrnl to be corrupt. Any suggestions what to do since it apparently is a vital file? Ta

**Just Plain Fred** · 2012-06-10 16:15

mipendance,
Hello... Are you sure about "ntoshkrnl"... and not "ntoskrnl"? found this rootkit ( enter ntoskrnl) Regards Fred

**satrow** · 2012-06-10 16:17

ntoshkrnl is NOT a vital file, ntoskrnl is!

You really need to go to a specialised antimalware forum to get this sorted out cleanly, a half baked 'fix' could see you unable to boot to Windows. Majorgeeks, TechSupportforum, BleepingComputer, ...

***JoeP517*** · 2012-06-10 16:19

NTOSHKRNL.EXE is NOT a valid Windows file. Are you sure it was NTOSHKRNL instead of NTOSKRNL?

Joe

**Tinto Tech** · 2012-06-10 16:57

Normally, I don't subscribe to sending people who ask for assistance in removing malware to other places. However, assuming for one moment that it is ntoskrnl.exe, I would tend to agree with Satrow in this case.

Often malware infections can be resolved in this forum, but the kernel is a critical system component, arguably, the system component. One false move and your current installation could become irrevocably damaged. Since we do not know anything else about your system, in this case, I would play safe and seek specialist support.

With physical hands-on, it becomes somewhat easier, but this one needs care. It could be problematic and even dangerous to attempt a fix from afar.

**mipendance** · 2012-06-10 17:14

Fred - that could well be a typo. I tried to find where Exceptions are filed within AVG to check the spelling but, again, couldn't find where to look. Could you direct me to correct tab. My thanks

**Just Plain Fred** · 2012-06-10 17:26

mipeddance,
Sorry but i have no knowledge of AVG, or how it is set up.. If it were my PC ..First thing i would do...

1. Make a complete full Image Backup.. using the free program Macrium Reflect Free. Burn the (WAIK...Windows Automated Installation Kit) WinPE recovery disk ( make sure your PC can boot from a CD...BIOS setting) ,and store the Image off the PC, or 2nd internal HD.

2. Follow the advice of "satrow"#5...my link in #4 is for BleepingComputer

3. Additional you can download the free offering from Emsisoft Emergency Kit 2.0 Regards Fred

**mipendance** · 2012-06-10 18:02

Thanks, again. Yes, it was a typo. I ran AVG's rootkit and it came up with following: under 'file': unknown. Under Infection:'corrupted section ntoskrnl.exe. Object is hidden.'
When I click on 'Remove all unhealed,' the next screen says 'object is hidden by a rootkit technique (which is usually a malicious software)Do you really want to remove it?'
I would think to say Yes. Is that the correct choice? I will keep that screen open until I know what's best to do...

Sorry to burden you with all my ignorance - I am assuming this language is similar to other antivirus programs, thus, even tho you are not familiar with AVG, the language may be....

Thank you

**Just Plain Fred** · 2012-06-10 18:07

Originally Posted by mipendance

I would think to say Yes. Is that the correct choice? I will keep that screen open until I know what's best to do...

mipendance,
Yes.. i would delete it as well ...However i would first make a "Full Image" of your system useing Macrium Reflect Free .. This way if something goes wrong after deleting ..you can get back to where you were in about 10minutes or so.... Regards Fred

PS: if then after ...all is well delete the infected Image and "Re-Image" the now "Clean OS"

Thread: ntoshkrnl.exe corrupt

Thread Tools