Kernel32.dll

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

nanino

Thread Starter
Joined
Aug 27, 2003
Messages
89
I got Windows98SE and the newly-downloaded Sygate 5.5,which works fine and stealthy according to ShieldsUp,dslBroadband and Sygate own Tests.
Kernel32.dll is the first application to ask permission as soon as i get on line, and it shows in Connection Details in Port 138 (UDP) and 139 (TCP).I have blocked its requests on a day to day basis until now,as i am unsure whether a perennial block could pose problems of sorts.Is there a reason i shouldnt block it altogether?
thanks nanino
 
Joined
Jun 19, 2003
Messages
1,241
Hi nanino,

This sounds like a virus. There are several that masquerade as kernel32.

Either run an uptodate virus scan with your own AV or go here and run the online scan.

Once done could you please download Hijack This! from here. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply.

This will give us a rundown of what’s going on in your PC. One of us here will be glad to analyse it for you. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.

Cheers

Liam
 

nanino

Thread Starter
Joined
Aug 27, 2003
Messages
89
e-liam,thanks,i'll do what you suggested. I am almost sure of being clean,with daily checks of AVG and Trend-Micro AVs,plus AdAware,spyBot ,anti-Trojans etc., also i dont have any symptom,but you can never tell,especially because on Nov.5th i had to repel a dialer-virus attack while surfing on Google and visiting a German tech site!
I wanted to install HijackThis since a long time,but i was wondering (as my windows 98SE is in Italian) if the resulting version of the software would be entirely in english or not,or,if the published log would be entirely comprehensible to the examiner.
nanino
 

nanino

Thread Starter
Joined
Aug 27, 2003
Messages
89
e-liam,although a bit late,here's my HJT log,it is my first time with it but it seems to me i dont have much of relevance in this notebook of mine(i only removed from public sight a few Trusted Zone sites),(i'm a bit perplexed at how come 'safer-networking' is in my TrustedZone,dont remember)please have a look:

Logfile of HijackThis v1.97.7
Scan saved at 18.04.55, on 23/11/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\PROGRAMMI\FILE COMUNI\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DLOADS\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAMMI\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperWorkstation\DkService.exe
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /A "C:\WINDOWS\SYSTEM\E_S8325.TMP"
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O15 - Trusted Zone: *.hotmail.com
O15 - Trusted Zone: *.virgilio.it


O15 - Trusted Zone: *.oddschecker.co.uk
O15 - Trusted Zone: *.livescore.tv


O15 - Trusted Zone: *.forums.techguy.org

O15 - Trusted Zone: *.soho.sygate.com
O15 - Trusted Zone: *.scan.sygate.com
O15 - Trusted Zone: *.simplysup.com
O15 - Trusted Zone: *.lavasoft.de
O15 - Trusted Zone: *.hoverdesk.net
O15 - Trusted Zone: *.grisoft.com
O15 - Trusted Zone: *.housecall.trendmicro.com
O15 - Trusted Zone: *.safer-networking.org
O15 - Trusted Zone: *.aliceadsl.it
O15 - Trusted Zone: *.loginnet.passport.com

O15 - Trusted Zone: *.grc.com
O15 - Trusted Zone: http://www.dslreports.com


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9D7F7865-C035-4177-A322-3A5B12D3A3D2} (Infos Control) - http://www.aliceadsl.it/alice/contents/pcqonline/activex/pcqsys.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.3410648148
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top