Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Win98 SE Startup Error-Kernels32 performed illegal operation

1K views 3 replies 2 participants last post by  Byteman 
#1 ·
Upon Restarting Win98 i get a message that kernels 32 caused an alllegal operaion at some page & upon clicking cancle the system works fine though some programs like maxd1 an rnapp are running in background

Please help


GauravV
 
#2 ·
Hi, Check your spelling> was the error Kernels32\\ OR> was it kernel32, without any "s"?

Please post a Hijackthis log so we can see if anything needs removing...here is what and how:

dvk01 said:
Getting Hijackthis and installing it correctly

go to here and download 'Hijack This!' double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
First open a reply here in your thread to have it ready.
Run Hijackthis.exe, and
Select the "Scan and save a log" button...

When it is done scanning> the Save box will become available, save the log as hijackthis.txt which will open with Notepad. Hit the EDIT> Select All then the EDIT>Copy button at the top of your log, Go back to TSG, and click once in the blank reply space, then go to the top of your browser window and select EDIT>Paste.
Please do NOT use HJT yourself to remove anything, most of what it shows is good and needed by the system.

If things in the HJT log look OK you are welcome to work on the problem here in this forum, but, if we see some bad malware, your thread may be moved to the Security forum so you can get help easier> it's just the way we work together, nothing that you did! :up:

Post the log and anything else you need to ask, right here in this thread as a Reply, and someone will try to help.
 
#3 ·
Hi Techgug,

The error is of kernels32 which is displayed upon startup.In am posting Hijackthis log Below :
----------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:01:30 PM, on 8/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
 
#4 ·
Hi, Yes, it's malware- moving you to the Security forum.

(You didn't say what you have done to find or fix the trojans, so I am assuming you haven't done anything)

While you wait for some help:

Scan online here: http://www.pandasoftware.com/activescan/com/activescan_principal.htm

The Panda scan detects spyware/adware things as well as trojans/viruses...but it does not clean ad/spyware, we can help you with that a bit later.

If this is the first time you have used the Panda online scan you will have to wait while the ActiveX control downloads....then, you will see the area to click on what you want scanned, choose "My Computer"...you can UN-check floppy and CD drives, but make sure you do select Drive C: The scan may take a long time....just be patient.

When it finishes, you will see a button for "View Report", use that, look at the entries, then hit the "Save Report" button>> the file we want to save will be called activescan.txt, please save it to your Desktop...and, include the contents of it in your next reply, along with a new Hijackthis log.


If you cannot stay online long enough, or the scan will not run> here is something you can try:http://www.misec.net/trojanhunter/

Trial version of TrojanHunter, but you have to add the newest detection updates to it manually, there are directions at the bottom of the download page to do it.

http://www.misec.net/trojanhunter/updating/

And, do you have the programs Ad-Aware SE Personal Edition, and also SpyBot Search and Destroy v 1.4?

We will get them later if you do not, or you can find links to them in many of the Security forum and other forum threads here.

This malware can stop things from opening, like the Registry Editor and a few other things....those files can be replaced later on.

This is a bad trojan and a high security risk-- so it says at the Symantec (Norton) antivirus site.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top