Computer Hope
Software => Computer viruses and spyware => Topic started by: Marlene2 on June 22, 2005, 09:24:04 AM
-
Hey Everyone,
I ran a routine avg virus scan this a.m.....no virus found! :)
When I looked at the test results, the last five items listed were as follows:
C:WINDOWS/SYSTEM32/kernel32.dll
C:WINDOWS/SYSTEM32/wsock32.dll
C:WINDOWS/SYSTEM32/user32.dll
C:WINDOWS/SYSTEM32/shell32.dll
C:WINDOWS/SYSTEM32/ntoskrnl.exe
At the top of the page under "results" all the way down has "ok" listed, but when it got to these last five items, instead of "ok" it says "change" and then under "status" for these last five items it says "changed".
Is this something to be alarmed about? I did recently remove the 40gb hdd and replaced it with a new 80gb, and then reloaded os xp-sp2. I was wondering if this may be the cause of the "changed" status.?
Any feed back would be greatly appreciated!
Thanks
-
run a spysweeper......program like adaware/spysweeper etc......these references seem to point to ie.??.... or .some program maybe trying to alter your registry.......
-
Here are descriptions of those processes... Also, YOU DO HAVE A VIRUS!!!
ntoskrnl.exe --- http://www.processlibrary.com/directory/files/ntoskrnl/index.php
kernel32.dll --- TROJAN! http://www.processlibrary.com/directory/files/kernel32/index.php
wsock32.dll --- http://www.processlibrary.com/directory/files/wsock32/index.php
user32.dll --- http://www.processlibrary.com/directory/files/user32/index.php
shell32.dll --- TROJAN! http://www.processlibrary.com/directory/files/shell32/index.php
Remove the trojans as soon as possible!
[glb]Flame[/glb]
-
http://www.majorgeeks.com/downloads31.html :)
-
Thank-you for your responses....I'm currently have
AVG
Spybot
Ad-Aware SE
CCleaner
CW Shredder
on my pc. I ran AVG----no virus came up
Spybot--also clean
While I was running Ad-Ware, AVG popped up and said it detected a Trojan Horse. I quarantined it and let the scan finish then went into Vault and deleted it. Re-ran everything and all came up clear. Is there a specific file to look for in Registry, H-Keys that would determine if it is actually gone? Seems like thats where I went one other time when I got a virus and deleted the file.
Thanks for your help!
-
your ok.......avg///and the rest have scanned the reg....clean bill of health.....go surfing.......mind the water is hot :)
-
THANK-YOU MERLIN_2!
I feel much better now!
Really appreciate the help!
-
no problem........we aim to please...the family forum of the net.....
-
You should install a firewall as well.
-
When the System Areas Test detects a change, the Accept changes button is made available. Click it if you want the amended object to be incorporated in the System Areas Test database. If you do not accept the changes then AVG Free will alert you the next time you run the System Areas Test again.
Does anyone know where the button is? ???
-
DO NOT REMOVE
kernel32.dll or shell32.dll, they are not trojans but important windows files.
-
(Marlene should know that becuase of the links) ;)
[glb]Flame[/glb]
-
kernel32.dll --- TROJAN!
shell32.dll --- TROJAN!
Reading the links is how I found out, I hope Marlene reads them.
-
That's why I put them there! ;D
[glb]Flame[/glb]
-
But where's the button to accept the changes ???
-
Thanks to everyone for your replys...I do have a firewall installed on the pc...Didn't delete the 2 files (per the links--I did read them) ;). I'm hoping things are ok now. Ran everything again tonight and everything still coming up clean.
-
Yay Marlene! Good to see people actually reading stuff.
-
Common sense has saved you. Good work ;)
[glb]Flame[/glb]
-
THANKS FED AND FLAME for your vote of confidence. Six months ago I wouldn't delete anything from my pc for fear it wouldn't startup again. But now I can actually change a hdd and load op system. Most of what I've learned has come from
forums like this one. I can sit for hours and just read through different post and the solutions. Theres so much to learn. Who knows, maybe I'll get so good some day that I will actually be able to help someone out there instead of getting
help.
:D
Anyway, THANKS AGAIN!
You guys are great!
Marlene
-
win kernel32 is blocked by my firewall.......stopping people accessing my registry.....and dsc....an wmp .....is also blocked.....no affect on internet surfing.......footnote
and thanks for the feedback marlene.......
-
Thanks merlin_2 for the info. Your name is another one I see on here quite often helping people out. Sure wish I had all your knowledge when it comes to computers. Until then, I'll just keep reading. :)
Thanks again!