General discussion

Locked

infected C:\WINNT\SYSTEM32\KERNEL.EXE

By DANNO ·
mY C:\WINNT\SYSTEM32\KERNEL.EXE FILE ON THE NT 40 SERVER IS INFECTED BY A BACKDOOR TORJAN AND THE NORTON FAILED TO CLEAN IT.mY QUESTION IS
A-HOW DO I CLEAN IT OR REPLACE IT WITHOUT EBDENGARING THE SERVER(sql).

THANKS.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by tjordan4 In reply to infected C:\WINNT\SYSTEM3 ...

try this link it will give you a step by step instructions for removal. hope this helps.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by DANNO In reply to infected C:\WINNT\SYSTEM3 ...

Poster rated this answer

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by GunnerSixz In reply to infected C:\WINNT\SYSTEM3 ...

Try trendmicro's free onlince scanner. It will try to clean it. If that does not work can you replace it from backup? Can you get the system to boot? Just check the date and time of the file and stop all services and restore. You can always replacethat file let me know how it goes

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by DANNO In reply to infected C:\WINNT\SYSTEM3 ...

Poster rated this answer

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by bkinsey In reply to infected C:\WINNT\SYSTEM3 ...

kernel32.exe is just a virus/trojan file, and isn't cleanable. Delete it (or let a cleanup utility do it for you). The kernel32 file that is part of Windows is a .dll, not an .exe

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by DANNO In reply to infected C:\WINNT\SYSTEM3 ...

Poster rated this answer

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by hberkhoff In reply to infected C:\WINNT\SYSTEM3 ...

You cannot delete the file because it is in use, but you can rename it. After renaming re-apply the current servicepack for exchange. the KERNEL.EXE will be replaced by the servicepack.

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by DANNO In reply to infected C:\WINNT\SYSTEM3 ...

Poster rated this answer

Collapse -

infected C:\WINNT\SYSTEM32\KERNEL.EXE

by DANNO In reply to infected C:\WINNT\SYSTEM3 ...

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums