Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kernal Veryfier Asking For Access


  • Please log in to reply
5 replies to this topic

#1 jen344

jen344

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 10 July 2010 - 04:40 AM

First of all I use Vista Home Premium on an Acer. I'm not the greatest with computers.
Somehow yesterday, I turned on my computer and my firewall (FortiClient) tells me something similar to "Kernel Veryfier is attempting to access... do you allow this?"
This hasn't happened before so I clicked no. The file wanting access was a tmp file. In Task Manager Process it is still running. I know it's usually bad for a process to be running from the Temp folder, and this was causing my CPU Usage to rise to 100%. I ended the process tree and tried to delete the tmp file: it worked and the CPU usage went down drastically. But as soon as I reboot my computer and log on, Kernel Veryfier is there again, asking my firewall for permission, and it was under a new tmp file. I have no idea how it's creating new tmp files even though I'm not accessing the internet. Furthermore, I cannot delete these tmp files, even using Spybot's File Shredder.

I ran numerous scans and registry ones- FortiClient, AVG, Spyware Doctor, MalwareBytes, etc. Nothing was found.
I even did a system restore - nothing.
Later in the day I found out that it was only affecting my user account, so I created a new account on Vista and everything was running fine. I had even backed up and transferred all my files. Then when I rebooted, Kernal Veryfier striked again.

I spent 9 hours trying to fix this problem. I googled solutions, and there was one person who had the same problem. I followed the advice given, but it was very detailed and it didn't work for the person. They fixed it themselves - unsure of how. :thumbsup: My last resort will probably be resetting my computer.

I desperately need help - I am afraid to enter passwords and other things online because of fear of losing them. If anybody can help me, I appreciate it.

Edit: I forgot to mention, as of yesterday these new Services under Task Manager have appeared (no group). Sorry, I am unable to read the full name and cannot find it
Samss, ProtectedSt..., NetTcpPort..., Netlogon, LiveUpdate..., KeyIso, idsvc, CLTNetCnS...

Most of these are stopped. I googled some and they appear to be safe.

Oh, and the person with the similar problem apparently fixed it after uninstalling Microsoft Framework 1.1 . I did the same and this is still happening.

Edited by hamluis, 10 July 2010 - 06:30 PM.
Merged topics on same issue ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:23 PM

Posted 10 July 2010 - 01:17 PM

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 jen344

jen344
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 10 July 2010 - 06:26 PM

I use Windows Vista Home Premium on an Acer computer. A few days ago I was infected with a virus that asked my firewall for "Kernel Veryfier" to access my computer. It was running through a tmp file and everytime I get rid of it, it'd come back after reboot. I somehow fixed this problem myself today and Kernel Veryfier is no longer asking for permission.
Now that it's fixed, there are still some strange things running under Windows Task Manager > Services. I can't see the full names, but the group they are in are blank, which made me suspicious. Here are their names, some are not full because their name is too long to be read under the window:

Samss, ProtectedSt..., NetTcpPort..., Netlogon, LiveUpdate..., KeyIso, idsvc, CLTNetCnS...

All of these services are stopped except for Samss and KeyIso. I tried to stop the operation but access was denied. My AVG virus scan and other spyware scans showed nothing. Can somebody help clear this up?

Also, an important process called lsass.exe is not in the processes. Is this bad?

Thanks!

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:23 AM

Posted 10 July 2010 - 06:36 PM

Since you did not follow the suggestion to post in one of our malware forums...and it appears that you are probably infected...I am moving this thread to our Am I Infected forum.

From this point on, please follow the suggestions of BC Staff personnel who attempt to assist you in the Am I Infected forum.

Good luck :thumbsup:.

Louis

#5 jen344

jen344
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 10 July 2010 - 08:06 PM

Hi, I ran a Gmer scan and my computer froze twice so I was forced to shut down. The DDS one worked fine, though.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:23 AM

Posted 28 July 2010 - 10:38 PM

Hello,

I'm sorry your latest concern wasn't addressed. Don't worry about the GMER scan. If you still need assistance, please follow the instructions in ==>This Guide<== starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users