Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reluctant New Member (but U Could Win Me Over)


  • Please log in to reply
9 replies to this topic

#1 SDL

SDL

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 08 September 2007 - 03:22 AM

In attempting to remove the "...kernels64.exe" message Windows throws up, research led to your site: http://www.bleepingcomputer.com/startups/k....exe-13943.html, which suggested that to fix this type of error, a scan and fix by the Registry Booster product would do the trick. Imagine my huge disappointment when, after paying the $32 and rebooting after scan found 300+ errors and fixed them, that the stupid kernels64.exe message still appears when restarting. I feel scammed. I wouldn't have paid that money were a better way of presenting the "fix" displayed. I have complained to Uniblue re: the Registry Booster, but would like some feedback from a knowledgable computer geek. Thank you. :thumbsup:

Edited by KoanYorel, 08 September 2007 - 01:09 PM.
Moved from Intoduction to more appropriate forum


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 08 September 2007 - 11:05 PM

Is Windows telling you the file cannot be found when starting up? If so, the file(s) is probably an orphaned entry related to a program (or malware) that was set to run at startup. Windows is trying to load this file but cannot locate it since the file may have been removed during an anti-virus scan, the uninstall of a program or use of a specialized fix tool. However, an associated registry entry remains and is telling Windows to load the file when you boot up.

When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. If the file was removed but not the registry entry, Windows will display an error message indicating that the file was not found. You need to remove this registry entry so Windows stops searching for the program when it loads. To resolve this download and run Autoruns, search for the related entry and then delete it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 SDL

SDL
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 12 September 2007 - 02:07 AM

Quietman7, thank you, kindly, for the most speedy reply. The message I get is: "Windows cannot find 'C:\Windows\System32\kernels64.exe'. Make sure you typed..." I knew that this was an error message that was connected originally to a trojan it's looking for, from what I'd read online. I had especially wanted bleepingcomputer to know that it was the bleepingcomputer.com site that linked me to the info below, leading me to believe that all would be solved after doing this. When you click on this: http://www.bleepingcomputer.com/startups/k....exe-13943.html - you see:

Name: System
Filename: kernels64.exe
Fix kernels64.exe errors: Try a Registry Scan
Command: C:\Windows\System32\kernels64.exe
Description: Added by the Troj/Vixup-V Trojan.

when you click on the "Try a Registry Scan" it takes you to Uniblue's Registry Booster. The free scan doesn't really do anything. I paid the $32 and Registry Booster found more than 300 problems that it also fixed, but did not find/fix THIS problem, clearly as having been advertised to do so on your site.

So, my issue is, please tell someone at bleepingcomputer that this is a very misleading advertisement for Registry Booster. I have tried calling Registry Booster and they have no live techs to speak to...they tell you to go to their website and communicate any problems. I have done that, and after 3 days have not heard ANYTHING from them.

In order to run the AUTORUNS you mention, I had to purchase WinZip (something I never need--but, oh well, now I've got it) to open/run that program. So I ran Autoruns and it brings everything up (overwhelming)...so I do a File/Search for the word kernels and it highlights something, but I feel real unsure about what to do about it, even after reading the stuff on the Autoruns download page. I tried to paste in here what I see after running Autoruns, but it won't let me. So, to date, I don't know what the mystery file IS looking for kernels64.exe OR its location, or I'd be able to get in there and delete it.

At the risk of sounding like a complete idiot, I am completely lost. Any specific (and I mean specific!) directions would be appreciated. Thank you.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 12 September 2007 - 06:46 AM

Instead of Winzip, you could have used a free third-party utility, like 7zip, ExtractNow or IZArc.

I did some more research on that file and find it is often associated with other malware. Although it has been removed, I'm concerned that you may have other malware files which need to be identified and removed as well as that registry entry. Since you feel lost using Autoruns and really need specific instructions, it may be better for you to do the following:

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:01:42 AM

Posted 12 September 2007 - 11:42 PM

Hi SDL
Welcome to BleepingComputer.

Don't fork out good money for programs until you check out the ones listed and recommended by members here.
http://www.bleepingcomputer.com/forums/topic3616.html

They are all freebies. The fact that you pay for a program does not necessarily mean that it will be better.

Good luck.

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#6 SDL

SDL
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 19 September 2007 - 01:40 AM

I ended up finding the source of the problem and got rid of it. I wrote about my "journey" under a new topic under "hijackthis logs and malware removal" as suggested. Thank you.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 19 September 2007 - 08:10 AM

SDL

You posted here in the HijackThis Logs and Malware Removal Forum but did not follow my instructions. There is no hijackthis log posted for any of the HJT Team members to assist you with. We have removed that topic.

Once again, please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.)

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts.

Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

Edited by quietman7, 19 September 2007 - 01:00 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 19 September 2007 - 01:09 PM

SDL, I reopened this thread. Please read and follow my instructions above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 SDL

SDL
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 19 September 2007 - 02:01 PM

I appreciate your time, but don't understand why you don't speak to what I wrote. I don't feel heard, and at this time will not be doing as you suggest, as I have already found the problem myself after running hijackthis and gotten rid of it. I was only trying to share that info with others, but this forum doesn't seem to be the place, since you have deleted my topic. For the record, in addition to removing the problem already, I have also since that time run Registry Booster (again) and Lavasofts Adware 2007. All known infections are gone. Again, I appreciate your perseverance, but I was really looking to get rid of the kernels64.exe message, and was successful in doing that. Again, many thanks, and I'm sorry you don't see that you have contradictory info on your website here. People are saying that problems can be fixed for free, but then you have a huge ad on this site related to my topic pointing people to scan with Registry Booster. The problem is, I saw the ad BEFORE I saw the extensive, helpful forums. And, when one scans with Registry Booster, they have to pay for the full version to get the problems fixed. So, perhaps you can understand my previous dilemma. Not that any of this will be heard, but I tried. Happy trails ----Sheri

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 AM

Posted 19 September 2007 - 02:28 PM

Sheri I can understand your frustration but you posted for assistance in this forum with regards to the kernels64.exe message and we attempted to help you. That is what the "I Am Infected..." forum is for.

After taking time to research your problem, I determined that the file in question was often associated with other malware. That was enough of a concern for me to ask you to post a hijackthis log so we could investigate what else was lurking on your machine.

You then went to that forum but did not follow the instructions and post a log. Thinking that maybe you did not understand, we removed that thread and again provided instructions so that we could assist you.

I considered cleaning your system of any malware to be a much higher priority than complaints about advertisements on this site. Further just like, many other outlets, BC does not control the ads on this site or what they claim to do. As such we cannot be responsible if they fail to meet the expectations of those who may purchase the product.

If you had a problem with Registry Booster, would it not have been more appropriate to ask the vendor directly about it. They even have a Support Section here which you could have used.

In any event, I'm glad to hear your issue has been resolved and hope you can understand our point of view as I've tried to understand yours.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users