Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- From: Ron Aaronson <ronaa@xxxxxxxxxxxxx>
- Date: Tue, 05 Dec 2006 07:51:32 -0500
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:
From: "Ron Aaronson" <ronaa@xxxxxxxxxxxxx>
| I have discovered that I have a 0-length
| \windows\system32\ntoskrnl.dll file. I believe as the result of a
| trojan horse that has been removed. My ntoskrnk.exe file seems to be
| uncorrupted. The system seems to run ok except occasionally I will
| get a system popup complaining that ntoskrnl.dll is not a valid
| Windows image. I reply "ok" to this and the blocked thread seems to
| continue normally. ntoskrnl.dll does not seem to exist on my friend's
| Windows xp system at all, so I am tempted to remove this file
| altogether but am afraid that I will not be able to reboot if I do.
| Does anyoe have any recommendations?
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
I have run various scans and do not believe that may machine is still
infected. I have looked at other Windows XP systems and they do not
seem to have an ntoskrnl.dll file at all. I am thinking that one of
the trojan horse cleanup programs I ran may have truncated this file
to 0 rather than deleting it. So what I would really like to try is
first simply deleting this file. My fear is that if I am wrong about
this file not being required I may not be able ot reboot. I would
like to get confirmation from an expert that this file may be safely
removed. If this file indeed is not a component of Windows XP, I have
no assurance that going through the process you suggest will detect
this file and take action on it (the last scan I ran did not touch
this file). So I am hesitant about running another unknown 3rd-party
product unless I can be sure it addresses this very specific issue.
Is anyone out there able to tell me what ntoskrnl.dll is on a Windows
XP (not Windows 2000) system? Can I safely remove it? Thanks.
.
- Follow-Ups:
- Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- From: Daniel Crichton
- Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- From: Blades
- Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- References:
- 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- From: Ron Aaronson
- Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- From: David H. Lipman
- 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- Prev by Date: Re: help, what happened and how to fix
- Next by Date: Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- Previous by thread: Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- Next by thread: Re: 0-length ntoskrnl.dll (NOT ntoskrnl.exe)
- Index(es):
Relevant Pages
|
