Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kernell.32.dll & Shell32.11


  • Please log in to reply
4 replies to this topic

#1 celeen

celeen

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Marlborough NZ
  • Local time:10:28 AM

Posted 06 January 2008 - 02:15 AM

When I did a AVG scan these 2 items turned up.I have done a Spybot and Ad-aware and it shows no problems.My PC is running very slow and sometimes freezes.I am running windows XP SP2, any help would be appreciated.

BC AdBot (Login to Remove)

 


#2 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:09:28 AM

Posted 07 January 2008 - 02:52 AM

Hi Celeen :thumbsup: to BC forums!
Hey someone from NZ! :flowers: You got the blistering heat down in Marlborough?

There are legitimate files named Kernell32.dll and shell32.dll but the ones you have mention are most likely malware. Can AVG remove/quarantine them?

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 07 January 2008 - 02:40 PM

Is AVG saying those files have changed? Reported changes in system files such as kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe are normal for AVG.

There are many valid reasons for those files to show changed, a Windows update, file system check that replaced them if corrupted, and others. As long as AVG doesn't say they are infected it is ok. If it continues to show changed, delete the following file(s) in the C:\ directory and AVG will create a new one(s)...AVG7DB_F.DAT, AVG7QT.DAT

kernel32.dll, wsock32.dll, user32.dll, shell32.dll and ntosknrl.exe have "changed"

It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected.

To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in the %ALLUSERSPROFILE%\Application Data\avg7\ folder and AVG will rebuild it the next time it is run.

The %ALLUSERSPROFILE% is different for each version of Windows. The following are the typical locations for XP and Win9x

XP - C:\Documents and Settings\All Users\Application Data\avg7
Win9x -C:\Windows\All Users\Application Data\avg7

Another method suggested by DEStucki to remove the MBR changed alert if the above method didn't help...
Go to the System Area Test settings
Select the "Remove MBR" button to remove the MBR from the list of items in the System Area test list
Click on OK so that the list has been up dated
Now go back into the System Area Test settings and push the "Default" button to put the MBR back in the list.

Changed File Alerts
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 celeen

celeen
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Marlborough NZ
  • Local time:10:28 AM

Posted 08 January 2008 - 10:02 PM

:thumbsup: Cool,thank you, have done what you suggested and have just done a AVG scan and they are not showing up.Was getting abit worried here as my PC is so slow and thought after doing that scan that it must be loaded with bugs.Thankyou very much for your help. :flowers:

Tomo2
Its far too hot down.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 08 January 2008 - 10:22 PM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users