Guest DLGolfs Posted August 8, 2007 Posted August 8, 2007 Every time I run AVG scan it shows that the kernal32.dll user32.dll and ntosknl.exe files have been changed. I rebooted and looked and all are in the C/win/sys32 tree. Does AVG think that they should be somewhere else? I have the free version and no technical support. I did run a fix that someone suggested but it does not work. THis error is on my XP Pro, home computer and XP Home laptop thanks
Guest GHalleck Posted August 8, 2007 Posted August 8, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntosknl. DLGolfs wrote: > Every time I run AVG scan it shows that the kernal32.dll user32.dll and > ntosknl.exe > files have been changed. I rebooted and looked and all are in the > C/win/sys32 tree. > Does AVG think that they should be somewhere else? > I have the free version and no technical support. > I did run a fix that someone suggested but it does not work. > THis error is on my XP Pro, home computer and XP Home laptop > thanks This is essentially a normal report because Windows XP, in itself, is an operating system and these files are regularly updated with each boot, log on, shutdown, etc. AVG is doing its job of reporting that these files had, indeed, changed.
Guest Elmo Posted August 8, 2007 Posted August 8, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntosknl. DLGolfs wrote: > Every time I run AVG scan it shows that the kernal32.dll kernel32.dll actually. > user32.dll and ntosknl.exe ntoskrnl.exe actually. If the filenames are what you typed, they're probably malware. User32.dll is an actual file used by Windows. > files have been changed. I rebooted and looked and all are in the > C:\Windows\System32 tree. > Does AVG think that they should be somewhere else? > I have the free version and no technical support. > I did run a fix that someone suggested but it does not work. > This error is on my XP Pro, home computer and XP Home laptop > thanks -- Joe =o)
Guest DLGolfs Posted August 8, 2007 Posted August 8, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos Ok, but this did not happen in the past, it just started. Another response to my question says: If the filenames are what you typed, they're probably malware. User32.dll is an actual file used by Windows. What do you think? "GHalleck" wrote: > > DLGolfs wrote: > > > Every time I run AVG scan it shows that the kernal32.dll user32.dll and > > ntosknl.exe > > files have been changed. I rebooted and looked and all are in the > > C/win/sys32 tree. > > Does AVG think that they should be somewhere else? > > I have the free version and no technical support. > > I did run a fix that someone suggested but it does not work. > > THis error is on my XP Pro, home computer and XP Home laptop > > thanks > > This is essentially a normal report because Windows XP, in itself, is > an operating system and these files are regularly updated with each > boot, log on, shutdown, etc. AVG is doing its job of reporting that > these files had, indeed, changed. >
Guest DLGolfs Posted August 8, 2007 Posted August 8, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos Someone answered below: This is essentially a normal report because Windows XP, in itself, is an operating system and these files are regularly updated with each boot, log on, shutdown, etc. AVG is doing its job of reporting that these files had, indeed, changed What do you think? "Elmo" wrote: > DLGolfs wrote: > > Every time I run AVG scan it shows that the kernal32.dll > > kernel32.dll actually. > > > user32.dll and ntosknl.exe > > ntoskrnl.exe actually. If the filenames are what you typed, they're > probably malware. User32.dll is an actual file used by Windows. > > > > files have been changed. I rebooted and looked and all are in the > > C:\Windows\System32 tree. > > Does AVG think that they should be somewhere else? > > I have the free version and no technical support. > > I did run a fix that someone suggested but it does not work. > > This error is on my XP Pro, home computer and XP Home laptop > > thanks > > -- > Joe =o) >
Guest Elmo Posted August 8, 2007 Posted August 8, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos DLGolfs wrote: > Someone answered below: > > This is essentially a normal report because Windows XP, in itself, is > an operating system and these files are regularly updated with each > boot, log on, shutdown, etc. AVG is doing its job of reporting that > these files had, indeed, changed > > What do you think? > > "Elmo" wrote: > >> DLGolfs wrote: >>> Every time I run AVG scan it shows that the kernal32.dll >> kernel32.dll actually. >> >>> user32.dll and ntosknl.exe >> ntoskrnl.exe actually. If the filenames are what you typed, they're >> probably malware. User32.dll is an actual file used by Windows. >> >> >>> files have been changed. I rebooted and looked and all are in the >>> C:\Windows\System32 tree. >>> Does AVG think that they should be somewhere else? >>> I have the free version and no technical support. >>> I did run a fix that someone suggested but it does not work. >>> This error is on my XP Pro, home computer and XP Home laptop >>> thanks I really think you mistyped the file names. Look again, is there an "a" in kernel32.dll? Is there no "r" in ntoskrnl.exe? -- Joe =o)
Guest Ghostrider Posted August 8, 2007 Posted August 8, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos DLGolfs wrote: > Ok, but this did not happen in the past, it just started. > > Another response to my question says: > If the filenames are what you typed, they're > probably malware. User32.dll is an actual file used by Windows. > > > What do you think? > I'd be inclined to accept the report from the Test Results page. Many anti-virus programs are written to look for and report on files that have changed values although not infected by malware.
Guest DLGolfs Posted August 9, 2007 Posted August 9, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos Here they are again kernel32.dll user32.dll ntoskrnl.exe These are spelled correctly, right from AVG scan..... "Elmo" wrote: > DLGolfs wrote: > > Someone answered below: > > > > This is essentially a normal report because Windows XP, in itself, is > > an operating system and these files are regularly updated with each > > boot, log on, shutdown, etc. AVG is doing its job of reporting that > > these files had, indeed, changed > > > > What do you think? > > > > "Elmo" wrote: > > > >> DLGolfs wrote: > >>> Every time I run AVG scan it shows that the kernal32.dll > >> kernel32.dll actually. > >> > >>> user32.dll and ntosknl.exe > >> ntoskrnl.exe actually. If the filenames are what you typed, they're > >> probably malware. User32.dll is an actual file used by Windows. > >> > >> > >>> files have been changed. I rebooted and looked and all are in the > >>> C:\Windows\System32 tree. > >>> Does AVG think that they should be somewhere else? > >>> I have the free version and no technical support. > >>> I did run a fix that someone suggested but it does not work. > >>> This error is on my XP Pro, home computer and XP Home laptop > >>> thanks > > I really think you mistyped the file names. Look again, is there an "a" > in kernel32.dll? Is there no "r" in ntoskrnl.exe? > > -- > Joe =o) >
Guest Elmo Posted August 9, 2007 Posted August 9, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos DLGolfs wrote: > Here they are again > > kernel32.dll > user32.dll > ntoskrnl.exe > > > These are spelled correctly, right from AVG scan..... > > "Elmo" wrote: > >> DLGolfs wrote: >>> Someone answered below: >>> >>> This is essentially a normal report because Windows XP, in itself, is >>> an operating system and these files are regularly updated with each >>> boot, log on, shutdown, etc. AVG is doing its job of reporting that >>> these files had, indeed, changed >>> >>> What do you think? >>> >>> "Elmo" wrote: >>> >>>> DLGolfs wrote: >>>>> Every time I run AVG scan it shows that the kernal32.dll >>>> kernel32.dll actually. >>>> >>>>> user32.dll and ntosknl.exe >>>> ntoskrnl.exe actually. If the filenames are what you typed, they're >>>> probably malware. User32.dll is an actual file used by Windows. >>>> >>>> >>>>> files have been changed. I rebooted and looked and all are in the >>>>> C:\Windows\System32 tree. >>>>> Does AVG think that they should be somewhere else? >>>>> I have the free version and no technical support. >>>>> I did run a fix that someone suggested but it does not work. >>>>> This error is on my XP Pro, home computer and XP Home laptop >>>>> thanks >> I really think you mistyped the file names. Look again, is there an "a" >> in kernel32.dll? Is there no "r" in ntoskrnl.exe? Ghostrider seems to have the answer then. But you might try an AVG or a newsgroup which discusses virus activity to see what they say. A few hits with the following Google Groups search: "I haven't used AVG for a while because I have moved to NOD32 but IIRC if you open the Test Centre Click on Scan selected areas Press the F3 key A scan of the system area will follow AVG will give you a dialogue box where you can confirm that the change to the .dll file was okay. You won't be notified until the file changes again." The complete thread is a good read, and Ghostrider contributed to this too. http://groups.google.com/group/24hoursupport.helpdesk/browse_thread/thread/464ca5f6ebcb76e/f8d99cf33cfae912?lnk=st&q=avg+kernel32.dll+changed&rnum=1#f8d99cf33cfae912 Continue searching here. http://groups.google.com/groups/search?q=avg+kernel32.dll+changed&qt_s=Search+Groups -- Joe =o)
Guest DLGolfs Posted August 10, 2007 Posted August 10, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos Did the F3 thing but nothing happened. it scanned the areas but when I pressed F3 nothing happened....what was suppose to happen? All it gave me was the same information as a regular scan... "Elmo" wrote: > DLGolfs wrote: > > Here they are again > > > > kernel32.dll > > user32.dll > > ntoskrnl.exe > > > > > > These are spelled correctly, right from AVG scan..... > > > > "Elmo" wrote: > > > >> DLGolfs wrote: > >>> Someone answered below: > >>> > >>> This is essentially a normal report because Windows XP, in itself, is > >>> an operating system and these files are regularly updated with each > >>> boot, log on, shutdown, etc. AVG is doing its job of reporting that > >>> these files had, indeed, changed > >>> > >>> What do you think? > >>> > >>> "Elmo" wrote: > >>> > >>>> DLGolfs wrote: > >>>>> Every time I run AVG scan it shows that the kernal32.dll > >>>> kernel32.dll actually. > >>>> > >>>>> user32.dll and ntosknl.exe > >>>> ntoskrnl.exe actually. If the filenames are what you typed, they're > >>>> probably malware. User32.dll is an actual file used by Windows. > >>>> > >>>> > >>>>> files have been changed. I rebooted and looked and all are in the > >>>>> C:\Windows\System32 tree. > >>>>> Does AVG think that they should be somewhere else? > >>>>> I have the free version and no technical support. > >>>>> I did run a fix that someone suggested but it does not work. > >>>>> This error is on my XP Pro, home computer and XP Home laptop > >>>>> thanks > >> I really think you mistyped the file names. Look again, is there an "a" > >> in kernel32.dll? Is there no "r" in ntoskrnl.exe? > > Ghostrider seems to have the answer then. But you might try an AVG or a > newsgroup which discusses virus activity to see what they say. > > A few hits with the following Google Groups search: > > "I haven't used AVG for a while because I have moved to NOD32 but IIRC > if you open the Test Centre > Click on Scan selected areas > Press the F3 key > A scan of the system area will follow AVG will give you a dialogue box > where you can confirm that the change to the .dll file was okay. > You won't be notified until the file changes again." > > The complete thread is a good read, and Ghostrider contributed to this too. > http://groups.google.com/group/24hoursupport.helpdesk/browse_thread/thread/464ca5f6ebcb76e/f8d99cf33cfae912?lnk=st&q=avg+kernel32.dll+changed&rnum=1#f8d99cf33cfae912 > > Continue searching here. > http://groups.google.com/groups/search?q=avg+kernel32.dll+changed&qt_s=Search+Groups > > -- > Joe =o) >
Guest Elmo Posted August 10, 2007 Posted August 10, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos DLGolfs wrote: > Did the F3 thing but nothing happened. it scanned the areas but when I > pressed F3 nothing happened....what was suppose to happen? > > All it gave me was the same information as a regular scan... > > "Elmo" wrote: > >> DLGolfs wrote: >>> Here they are again >>> >>> kernel32.dll >>> user32.dll >>> ntoskrnl.exe >>> >>> >>> These are spelled correctly, right from AVG scan..... >>> >>> "Elmo" wrote: >>> >>>> DLGolfs wrote: >>>>> Someone answered below: >>>>> >>>>> This is essentially a normal report because Windows XP, in itself, is >>>>> an operating system and these files are regularly updated with each >>>>> boot, log on, shutdown, etc. AVG is doing its job of reporting that >>>>> these files had, indeed, changed >>>>> >>>>> What do you think? >>>>> >>>>> "Elmo" wrote: >>>>> >>>>>> DLGolfs wrote: >>>>>>> Every time I run AVG scan it shows that the kernal32.dll >>>>>> kernel32.dll actually. >>>>>> >>>>>>> user32.dll and ntosknl.exe >>>>>> ntoskrnl.exe actually. If the filenames are what you typed, they're >>>>>> probably malware. User32.dll is an actual file used by Windows. >>>>>> >>>>>> >>>>>>> files have been changed. I rebooted and looked and all are in the >>>>>>> C:\Windows\System32 tree. >>>>>>> Does AVG think that they should be somewhere else? >>>>>>> I have the free version and no technical support. >>>>>>> I did run a fix that someone suggested but it does not work. >>>>>>> This error is on my XP Pro, home computer and XP Home laptop >>>>>>> thanks >>>> I really think you mistyped the file names. Look again, is there an "a" >>>> in kernel32.dll? Is there no "r" in ntoskrnl.exe? >> Ghostrider seems to have the answer then. But you might try an AVG or a >> newsgroup which discusses virus activity to see what they say. >> >> A few hits with the following Google Groups search: >> >> "I haven't used AVG for a while because I have moved to NOD32 but IIRC >> if you open the Test Centre >> Click on Scan selected areas >> Press the F3 key >> A scan of the system area will follow AVG will give you a dialogue box >> where you can confirm that the change to the .dll file was okay. >> You won't be notified until the file changes again." >> >> The complete thread is a good read, and Ghostrider contributed to this too. >> http://groups.google.com/group/24hoursupport.helpdesk/browse_thread/thread/464ca5f6ebcb76e/f8d99cf33cfae912?lnk=st&q=avg+kernel32.dll+changed&rnum=1#f8d99cf33cfae912 >> >> Continue searching here. >> http://groups.google.com/groups/search?q=avg+kernel32.dll+changed&qt_s=Search+Groups Apparently the poster remembered the process wrong.. I don't have AVG so I can't help you with it. -- Joe =o)
Guest DLGolfs Posted August 10, 2007 Posted August 10, 2007 Re: AVG changed/infection location of kernal32.dll user32.dll ntos Re: AVG changed/infection location of kernal32.dll user32.dll ntos Thanks anyway "Elmo" wrote: > DLGolfs wrote: > > Did the F3 thing but nothing happened. it scanned the areas but when I > > pressed F3 nothing happened....what was suppose to happen? > > > > All it gave me was the same information as a regular scan... > > > > "Elmo" wrote: > > > >> DLGolfs wrote: > >>> Here they are again > >>> > >>> kernel32.dll > >>> user32.dll > >>> ntoskrnl.exe > >>> > >>> > >>> These are spelled correctly, right from AVG scan..... > >>> > >>> "Elmo" wrote: > >>> > >>>> DLGolfs wrote: > >>>>> Someone answered below: > >>>>> > >>>>> This is essentially a normal report because Windows XP, in itself, is > >>>>> an operating system and these files are regularly updated with each > >>>>> boot, log on, shutdown, etc. AVG is doing its job of reporting that > >>>>> these files had, indeed, changed > >>>>> > >>>>> What do you think? > >>>>> > >>>>> "Elmo" wrote: > >>>>> > >>>>>> DLGolfs wrote: > >>>>>>> Every time I run AVG scan it shows that the kernal32.dll > >>>>>> kernel32.dll actually. > >>>>>> > >>>>>>> user32.dll and ntosknl.exe > >>>>>> ntoskrnl.exe actually. If the filenames are what you typed, they're > >>>>>> probably malware. User32.dll is an actual file used by Windows. > >>>>>> > >>>>>> > >>>>>>> files have been changed. I rebooted and looked and all are in the > >>>>>>> C:\Windows\System32 tree. > >>>>>>> Does AVG think that they should be somewhere else? > >>>>>>> I have the free version and no technical support. > >>>>>>> I did run a fix that someone suggested but it does not work. > >>>>>>> This error is on my XP Pro, home computer and XP Home laptop > >>>>>>> thanks > >>>> I really think you mistyped the file names. Look again, is there an "a" > >>>> in kernel32.dll? Is there no "r" in ntoskrnl.exe? > >> Ghostrider seems to have the answer then. But you might try an AVG or a > >> newsgroup which discusses virus activity to see what they say. > >> > >> A few hits with the following Google Groups search: > >> > >> "I haven't used AVG for a while because I have moved to NOD32 but IIRC > >> if you open the Test Centre > >> Click on Scan selected areas > >> Press the F3 key > >> A scan of the system area will follow AVG will give you a dialogue box > >> where you can confirm that the change to the .dll file was okay. > >> You won't be notified until the file changes again." > >> > >> The complete thread is a good read, and Ghostrider contributed to this too. > >> http://groups.google.com/group/24hoursupport.helpdesk/browse_thread/thread/464ca5f6ebcb76e/f8d99cf33cfae912?lnk=st&q=avg+kernel32.dll+changed&rnum=1#f8d99cf33cfae912 > >> > >> Continue searching here. > >> http://groups.google.com/groups/search?q=avg+kernel32.dll+changed&qt_s=Search+Groups > > Apparently the poster remembered the process wrong.. I don't have AVG so > I can't help you with it. > > -- > Joe =o) >
Recommended Posts