[joeyDneedshelp]

okay everytime i do an AVG scan, almost right when the scan begins i get:
kernel32.dll change
user32.dll change
shell32.dll change
ntoskrnl.exe change
hosts change

are these harmful? cause why is AVG pickign this up every scan..please help

[blues_harp28]

Hi unless it says Virus next to them it's normal.
Check.
http://forum.grisoft.cz/freeforum/re...?8,74008,74008

[golferbob]

i run avg and have had no problems. why don't you run a free panda on line scan just to be safe.

http://www.pandasecurity.com/homeuse...ACHEHINT=Guest

[DataBase]

The Kernel32.dll file is a 32-bit dynamic link library file in Windows 95,98,Me. The Kernel32.dll file handles memory management, input/output operations, and interrupts. When you start Windows, Kernel32.dll is loaded into a protected memory space so that other programs do not take over that memory space.

user32.dll is a module that contains Windows API functions related the Windows user interface (Window handling, basic UI functions, and so forth).

ntoskrnl.exe is a critical process in the boot-up cycle of your computer although should never appear in WinTasks whilst under normal circumstances. ntoskrnl.exe should not be disabled, required for essential applications to work properly.

these are NOT hardful files and SHOULD be left alone. seen as they are accessed all the time, the system will detect them as being changed, also i believe that windows update may change them.

[DarqueMist]

kernel32.dll change
user32.dll change
shell32.dll change
ntoskrnl.exe change

are all files that frequently get changed when a windows update is done, all AVG is doing is reporting that they changed. There is a way to clear it but I've forgotten how as I don't bother (they usually reappear after an update anyway)

I suspect its a similar thing with the hosts file being changed, but I don't use one so can't be certain it should be lumped with the others as something you shuld just leave alone

[joeyDneedshelp]

okayyy thanks guys....i will just let them go lol....and btw, im typing this on my ps3 hehe

[Elvandil]

When system files change like that, you should wonder if they have been replaced by viruses or malware. AVG reports the changes because it does not know what the changes mean. If you right-click those files and check the properties and they are Microsoft files, then chances are that they were replaced recently by Windows Update. You only need to worry if they have changed, they aren't Microsoft any more, or you haven't done anything to update them lately.

[forrestgump]

Microsoft's XP Security updates which I applied Jan 8, 2008 appear to have changed based on what my AVG is saying:
kernel32.dll
user32.dll
shell32.dll
ntoskrnl.exe
I'm assuming there is no hidden virus or spyware but I'd like to be certain.
I sent an email to Microsoft to compain about their updating process b/c they don't tell you what's going on during the update nor what will be changed. I searched AVG, McAfee and Norton on this specific issue with zero hits in their databases. I tried calling a Microsoft support number on their website 8667272338 which is BOGUS, to report possible security issues. If you have suggestions, they are welcome.
Finally, found the issue here in techguy.com via google. Good to know I am not alone.
~~ForrestGump "Run Forrest Run" "Run PC Run"

[joeyDneedshelp]

hahaha ur not alone man but good thinking about tellin them...

[reidy100]

May I tag on here pls

AVG Says .. Partition Table (MBR) Change
C:/WINDOWS\system32\shell32.dll Change
C:/WINDOWS\system32\drivers\etc\hosts Change

From what ive read Im worried about the Partition Table change

Any ideas?? And is there any way to tell AVG to ingnore above?? or is that a bad thing to do

This seems to have appeared since my pc crashed in December

[blues_harp28]

Hi check.
http://forum.grisoft.cz/freeforum/re...?4,55031,55643
Scroll down to post 4.

[reidy100]

Thanks Blues_Harp Thats got rid of the last two but continuously finds the first one MBR Partition change still so im still worried bout that one

[blues_harp28]

Hi Quote.
http://forum.grisoft.cz/freeforum/re...?4,55031,55643
Posted by: rdsok - Moderator (IP Logged)
Date: November 24, 2005 07:13AM

"It is normal that AVG shows that files, the MBR or Boot record to have changed. These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive. The only time that you should worry is if they also show as infected. "

[reidy100]

Ta Mate,
So there is no way I can get AVG to ignore that particular partition change like i did with the other two

[blues_harp28]

Quote.
http://forum.grisoft.cz/freeforum/re...?4,55031,55643
"To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to accept the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in C:\ and AVG will rebuild it the next time it is run."

Is that what you used?