Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kernel123.dll missing


  • Please log in to reply
12 replies to this topic

#1 Ultearr

Ultearr

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 September 2017 - 06:13 AM

My husbands gaming PC recently got a hacker. We tried many antivirus software. Deleting what was found and then rebooting his PC but once we reboot it the viruses were back. The hacker took complete admin ship from him. We also tried getting admin back but it was completely grey out. So when we finally got the antivirus GMER it was in the middle of scanning and the computer crashed. When we turned it back on we were able to log in but after that the screen was black. So we went into command prompt and found out it is missing file "kernel123.dll" we tried "system repair" but it wouldn't let us because we didn't have "access" then we tried "startup repair" and it said it was fixing discs but it only lasted 5min and then black screen again. We are now in command prompt again he is performing a check disc. But is there any other way to fix this? When we went into BIOS his CPU temp was 80 degrees Fahrenheit. We are worried the hacker is still in the computer and that resetting to factory will completely fry the computer. Any suggestions would help. Thank you!

Edited by Al1000, 06 September 2017 - 10:02 AM.
moved from Win 10 Support


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:40 PM

Posted 06 September 2017 - 10:21 AM

I would suggest taking this computer off line until you get this resolved.  I'm going to request that you run  some security scans which you will need to download.  You can use another computer to download the applications and then use a flash drive to  transfer them to the infected computer.
 
You need to run these scans in the order I've posted them.  The first app. is RKill.  This terminates known malware processes so that your normal security software can then run and clean your computer of infections.  You need to have RKill running through all of the scans.  RKill will run until you restart the computer, please don't restart the computer until after the last scan is finished.
 
Please download and run RKill

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill and install it.

When RKill is run it will display a console screen similar to the one below:

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.

While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries.
 
 
Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open, click on Update Now to update to the newest definitions.

3)  Click on Settings, when Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
 
 
Please download Malwarebytes Antirootkit, follow the prompts to install it.

In the introduction page you will be asked to agree on the license agreement, by clicking Next you will be agreeing to the terms of the license.

You will be prompted to update the database, click on Update, then Next.

To start the scan click on Scan.

When the scan has completed it will display either Scan Finished: No malware found, or Malware Found.  Click on Next to continue.  

Be sure that each check box has a check in it, and make sure there is a check mark in the Create Restore point box.  Click on Cleanup.  Please click on Yes to restart the computer.
 
 
Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

Edited by dc3, 06 September 2017 - 10:23 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Ultearr

Ultearr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 September 2017 - 04:21 PM

<p>

I would suggest taking this computer off line until you get this resolved.  I'm going to request that you run  some security scans which you will need to download.  You can use another computer to download the applications and then use a flash drive to  transfer them to the infected computer.
 
You need to run these scans in the order I've posted them.  The first app. is RKill.  This terminates known malware processes so that your normal security software can then run and clean your computer of infections.  You need to have RKill running through all of the scans.  RKill will run until you restart the computer, please don't restart the computer until after the last scan is finished.
 
Please download and run RKill

RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  RKill will not remove any of the processes it stops, you will need to run security scans to remove any malware found.  These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill and install it.

When RKill is run it will display a console screen similar to the one below:

When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.

While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

After the application has run successfully and you have run the requested scans you should reboot the computer to restore the processes and Windows Registry entries.
 
 
Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open, click on Update Now to update to the newest definitions.

3)  Click on Settings, when Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

6)  Please post the Malwarebytes log.

To find the Malwarebytes log do the following.  Copy and paste the log in your topic.

*Open Malwarebytes Anti-Malware.
*Click the Scan Tab at the top.
*Click the View detailed log link on the right.
*Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
*Alternatively, you can click Export and save the log as a .txt file on yout Desktop or another location.
*Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
 
 
Please download Malwarebytes Antirootkit, follow the prompts to install it.

In the introduction page you will be asked to agree on the license agreement, by clicking Next you will be agreeing to the terms of the license.

You will be prompted to update the database, click on Update, then Next.

To start the scan click on Scan.

When the scan has completed it will display either Scan Finished: No malware found, or Malware Found.  Click on Next to continue.  

Be sure that each check box has a check in it, and make sure there is a check mark in the Create Restore point box.  Click on Cleanup.  Please click on Yes to restart the computer.
 
 
Please download AdwCleaner and install it.

When AdwCleaner opens click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive a message informing you of this.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.


#4 Ultearr

Ultearr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 September 2017 - 04:45 PM

Sorry didn't mean to post that. Before the computer went to black screen we installed Rkill and scanned the computer and it didn't come up with anything. We also scanned the computer several times with malware bytes before it went black screen and it came up with about 23 things we deleted them and rebooted the computer but when it reboot and we scanned again they were all back. We also used malware bytes rootkit tool and that wouldn't even scan because it said we didn't have "access" before the black out. We have not tried ESET. Would rescanning all of those in that order make a difference now or would it not matter because we already scanned it before it went to a black screen?

#5 Ultearr

Ultearr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 September 2017 - 04:50 PM

Now when I launch the computer it goes straight into log on with a black screen and only the mouse cursor shows. We also did a check disc look for bad sectors in command prompt. After the scan it said it replaced and repaired some but then it said error and now we can't access BIOS :(

#6 Ultearr

Ultearr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 September 2017 - 08:46 PM

we were able to go into safety mode and are now backing up our family pictures into an external hard drive. The safety mode is still blacked out but we were able to hit "control alt del" and open task manager to access our pictures. We scanned RKill and it came up with nothing again. In control panel it shows that my husbands account has administrator but he still can't do anything with it. If he opens up "run as administrator" it doesn't pop up saying "are you sure you want this program to make changes to your computer" it just opens the folder or program. We are going to try a complete reset of the computer and reinstall windows 10 via USB. But kind of worried about that. Because I'm not sure if it will make things worse

#7 Ultearr

Ultearr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 06 September 2017 - 08:46 PM

we were able to go into safety mode and are now backing up our family pictures into an external hard drive. The safety mode is still blacked out but we were able to hit "control alt del" and open task manager to access our pictures. We scanned RKill and it came up with nothing again. In control panel it shows that my husbands account has administrator but he still can't do anything with it. If he opens up "run as administrator" it doesn't pop up saying "are you sure you want this program to make changes to your computer" it just opens the folder or program. We are going to try a complete reset of the computer and reinstall windows 10 via USB. But kind of worried about that. Because I'm not sure if it will make things worse

#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:40 PM

Posted 07 September 2017 - 09:11 AM

I would suggest doing a Reset.  This will reinstall the operating system, but it gives you the option to save your private files.  It will uninstall all of the third party programs that where installed.

 

A Windows 10 Reset will reinstall the operating system.  You have the option to keep your personal files or remove them.  Any third party programs that you installed will be uninstalled during this process.
 

1. Press the Windows key windows-key.png  and the I key to open Settings.

When Settings opens select Update & Security

2. Click/tap on Recovery, then Get Started.

3. You will now have the option to Keep my files or Remove everything.  Click/tap on the option you want.

4. You will now receive the message Getting things ready, Windows will list the programs which you will need to reinstall.  You may find it beneficial to copy these programs for a reference later.  When the list of programs is shown click/tap on Next.

5. You will now receive the message Ready to reset this PC, select Reset.

The installation will continue without any need to make any other selections.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 Ultearr

Ultearr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 08 September 2017 - 03:59 AM

Well see we have tried that but for some reason we are completely locked out of the hard drive C: when we tried that it said we didn't have authorization to do so. :/ we think that the hacker got into the hidden administratior rights and is controlling everything from that. Either that or the rootkit has completely locked us out of the C: drive. It won't let us do anything.

#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:40 PM

Posted 08 September 2017 - 10:17 AM

Try running the Reset from Safe Mode.

 

How to start Safe Mode in Windows 10

Press the Windows key windows-key.png  and the R key to open the Run box.

Type msconfig in the Run box and click/tap OK.  This will open System Configuration.

Click/tap on the Boot tab, then click/tap on Safe boot.

Click/tap on Apply, then OK.

Important:  Once you have set the computer to boot into Safe Mode it will continue to do this until you go back to System Configuration,open the Boot tab and remove the check from Safe boot.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 Robear Dyer

Robear Dyer

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 PM

Posted 08 September 2017 - 05:45 PM

FYI @BTH=> OP's original thread in (Microsoft) Answers forum: https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning-windows_10/kernel123dll-missing-d/78ffc099-79d7-41c8-a651-8bd1e2d69f9c


~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Security, Shell/User)
Aumha VSOP, Admin & Moderator

#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,810 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:04:40 PM

Posted 09 September 2017 - 10:04 AM

<poof> ? :scratchhead:


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 Robear Dyer

Robear Dyer

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:40 PM

Posted 09 September 2017 - 11:24 AM

[Ignore that. Long story involving an off-topic, side conversation in the thread - similar to this post.]


~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Security, Shell/User)
Aumha VSOP, Admin & Moderator




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users