Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is kernels32.exe a valid Windows Component


  • Please log in to reply
5 replies to this topic

#1 wfrazier

wfrazier

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 16 July 2005 - 01:58 PM

Hi, I just recently removed SpySheriff from my machine (thanks to the instructions provided here in a different forum). After removing SpySheriff I am now receiving the following error message on startup.

"Windows cannot find 'C:WindowsSystem32kernels32.exe.' Make sure you typed the name correctly, and then try again. To search for a file click the start button and then click search."

I've heard of kernel32.exe, but not kernels32 (with an s).exe.

This file (kernels32.exe) is referred to in the registry a couple of times.

The first is HKEY_LOCAL-MACHINESoftwareMicrosoftWINDOWSNTCurrentVersionWinLogon

Value Name "Shell", Value Data "Explorer.exe C:WindowsSystem32Kernels32.exe"

The second reference is HKEY_USERSS-1-5-21 (a lot of number string data)SoftwareMicrosoftWindowsShellNoRoamMUICache

Value Name "C:WindowsSystem32kernels.exe" Value Data "kernels32.exe"

Is kernels32.exe a valid Windows component, or can I assume it is part of the bleep that was downloaded to my machine? If it is bleep, should I delete the two items in the registry mentioned above that refer to it?

Along with SpySheriff the site seemed to upload a number of virus, down-loader, and Trojan files. Between Norton AV and EWIDO I think all have been removed. Thank you guys for the post on SpySheriff. Also, it seemed that the EWIDO scan was deeper and more comprehensive than Norton. Wonder if I should switch?

Take care.....WFrazier

BC AdBot (Login to Remove)

 


#2 wfrazier

wfrazier
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 16 July 2005 - 02:02 PM

I should have added, I'm running Windows XP Home Edition, Version 2002, SP2

#3 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 16 July 2005 - 02:37 PM

kernels32.exe is a process associated with the DLOADER-FC Trojan

I suggest removing that subkey from the registry. Since yoour getting an error that it can not be found, i think its already gone. Do you have any other third party spyware apps installed on youir machine?

#4 wfrazier

wfrazier
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 16 July 2005 - 03:12 PM

First off, thanks for the reply and info. Going to regedit after this post to delete the references to kernels32.exe. Yes, the file itself has already been removed. Regarding other SpyWare apps. I have both Ad-aware personal and SpyBot installed.

I've found another thing that appears new to me. A hidden folder called "System Volume Information". Inside the folder are two hidden files, one called "MountPointManagerRemoteDatabase" and the other called "tracking.log".

Any ideas about this one?

#5 wfrazier

wfrazier
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:02:24 AM

Posted 16 July 2005 - 04:47 PM

I'll answer my own question.

"I've found another thing that appears new to me. A hidden folder called "System Volume Information". Inside the folder are two hidden files, one called "MountPointManagerRemoteDatabase" and the other called "tracking.log""

This is apparently not a problem. It's mentioned on a number of WEB sites when performing a Google search.

I have one or two more problems but will start a new post.

Thanks again.....Wfrazier

#6 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 16 July 2005 - 04:57 PM

Yes system volume informatrion are legit, best of luck to ya.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users