Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jeez........not Again !


  • Please log in to reply
3 replies to this topic

#1 iysha

iysha

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 10 December 2007 - 02:30 PM

Every 6-12 months I take my laptop pc to my local computor shop and ask them to wipe the hard drive and reinstall windows xp etc etc, I do this to give my pc a spring clean as after this amount of time it will certainly need it so imagine my surprise when running AVG 7.5 free edition a couple of days later I find that I'm infected with a couple of virus's - (what already ??)
When I run AVG, straight away 2 files pop up as follows:-
(file) ntoskrnl.exe - (result/infection) change - (path) c:windows\system32\ntoskrnl.exe
(file) hosts (result/infection) change - (path) c:windows\system32\drivers\etc\hosts
When AVG has run its course I then click on the "virus result" tab and get the same paths as above but with a "result" & "status" section added which for both reads as follows:-
Result - change, status - changed.
Am I to assume that a virus has got into these files and changed them ?? and if so what can I do to remove them ?? - I feel I should apologise in advance for what to some of you will read like pretty dumb questions but this time I thought I might try and sort this out myself (er..........with your help of course - cough) but with little or no knowledge of such matters.....................I'm stuck.
Many thanks in advance to anyone who can help.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,920 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 AM

Posted 10 December 2007 - 02:45 PM

Reported changes in system files such as kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe are normal for AVG.

There are many valid reasons for those files to show changed, a Windows update, file system check that replaced them if corrupted, and others. As long as AVG doesn't say they are infected it is ok. If it continues to show changed, delete the following file(s) in the C:\ directory and AVG will create a new one(s)...AVG7DB_F.DAT, AVG7QT.DAT

kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe have "changed"

It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected.

To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in the %ALLUSERSPROFILE%\Application Data\avg7\ folder and AVG will rebuild it the next time it is run.

The %ALLUSERSPROFILE% is different for each version of Windows. The following are the typical locations for XP and Win9x

XP - C:\Documents and Settings\All Users\Application Data\avg7
Win9x -C:\Windows\All Users\Application Data\avg7

Changed File Alerts

AVG does not change your HOSTS file but it will alert you that the HOSTS file has changed since the last scan. If you did not make any changes, then you need to investigate what the changes are.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 iysha

iysha
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 10 December 2007 - 03:05 PM

Blimey!!.............that was quick and a weight off my mind - I will look into your suggestions and report back as and when..............cheers mate and thank you for your time :thumbsup:

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,920 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 AM

Posted 10 December 2007 - 03:31 PM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users