Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 56

Thread: Threat named AntivirusXP

  1. #11
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi there

    you dont have to do a re-install.

    Antivirus XP is the same as windows antivirus etc.

    Its a fake anti-spyware program.

    HJT from trend was used to clean this.

    Next time dont give it permission to install.

    Alternatively try and see if there is anything in program files, control panel add/remove and any dodgy services running.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #12
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Cider,

    He has a different problem now.............. he gets a BSOD and Windows won't boot.

    At the very lest he will have to reinstall kernel32.dll to get around that

  3. #13
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Ohh not cool
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #14
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    The recovery disk will wipe out your data and put the system back to factory default....someone that knows what they are doing may be able to repair the OS and the kernel32 file required to boot....or at least be able to pull the data off before reinstalling.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #15
    Senior Member
    Join Date
    Nov 2007
    Location
    Phoenix, Arizona
    Posts
    102
    Frankly I'm a little confused as to why the tech from Microsoft renamed the kernal, to each there own I suppose, as long as Antivirus 2k8 was removed correctly by the tech there should not be any issues, you would be fine to rename it back to its origional glory. As far as another option you have just copy the kernal from another computer (preferably with the same OS) and place it in the correct directory and reboot. You may run into a few things not working.

    I've done this numerous times (One would figure that once would be enough) a while ago when I decided in my infinitely immature younger years to try and edit the kernal.. In case you are wondering this is a bad idea and 100% of the time causes the error you are experiencing.
    LOGIN: yes
    PASSWORD: I dont have one
    "Login Failed"

  6. #16
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    The recovery disk will wipe out your data and put the system back to factory default.
    OK, I haven't worked on an HP laptop with Vista, but I understand that they are like XP and have a hidden recovery partition. They do not ship with a recovery disk, but prompt you to make one (DVD) or several (CD).

    The options, as I recall, are something like:

    1. Start Windows Recovery Console.
    2. Restore software.
    3. Restore hardware.
    4. Restore to factory defaults.

    So you should be able to restore the missing .dll or at least go back to a working restore point prior to the infection.

  7. #17
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    How do you edit the kernal ?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  8. #18
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You don't

    What is Kernel Patching?
    "Kernel patching" or "kernel hooking" is the practice of using unsupported mechanisms to modify or replace kernel code. Patching fundamentally violates the integrity of the Windows kernel and is undocumented, unsupported and has always been discouraged by Microsoft. Kernel patching can result in unpredictable behavior, system instability and performance problems—like the Blue Screen of Death–which can lead to lost user productivity and data. More importantly, kernel patching has increasingly become a mechanism used by malware developers to attack Windows systems.
    Motivations for patching the kernel vary widely. Anti-malware vendors, for example, may intercept system calls to prevent applications they have deemed malicious from creating processes on the system. The goals of these types of software are obviously laudable but these practices also may cause reliability and performance problems. The greatest risk from kernel patching comes from virus and spyware writers that use this technique with malicious intent and to hide their presence.
    Malware authors are motivated to patch the kernel because it is a powerful mechanism for attacking the user's PC and data. Patching can be used to implement rootkits, which also hide the presence of other malware on the system. This form of malware can be extremely potent—for example, allowing the capture of banking passwords and monitoring of all user activities.
    Remember the Microsoft update of last month and the problems with Zone Alarm products?

    Just like moxquito said
    Incidentally,
    Frankly I'm a little confused as to why the tech from Microsoft renamed the kernal
    I Would guess that he thought that it was infected? but I don't think that this was a Microsoft tech. given that MS do not support OEM installations of their software, and this is an HP laptop?

    My gut feel is that he simply left out the step of replacing the renamed version with a new one?

  9. #19
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Haha :P Im gonna give it a go.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  10. #20
    Senior Member
    Join Date
    Nov 2007
    Location
    Phoenix, Arizona
    Posts
    102
    Quote Originally Posted by Cider
    How do you edit the kernal ?
    Actually its quite simple, if you boot to DoS or another OS that prevents Windows from loading just edit the Kernel in any text editing program you get a bunch of HEX and ASCII characters, what I was doing was more or less just deleting and or replacing random characters, in no particular order. However this was back when I just got started dealing with computers and had no idea what exactly the Kernal was, I thought it had a cool name and wanted to see if I could make changes too it. I did not put alot of thought into it (obviously), I was young and just wanted to see what would happen.
    Last edited by moxquito; August 4th, 2008 at 11:44 AM.
    LOGIN: yes
    PASSWORD: I dont have one
    "Login Failed"

Similar Threads

  1. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  2. Apache update opens the door to a bigger threat
    By moxnix in forum *nix Security Discussions
    Replies: 2
    Last Post: October 23rd, 2004, 05:28 PM
  3. Heads Up - Cumulative Patch for Microsoft SQL Server (815495)
    By CXGJarrod in forum Microsoft Security Discussions
    Replies: 0
    Last Post: July 23rd, 2003, 10:00 PM
  4. US - Homeland Security Threat Level
    By sirrahj in forum Cosmos
    Replies: 17
    Last Post: February 15th, 2003, 01:42 AM
  5. Cat3 threat upgrade:VBS.VBSWG.AQ
    By zigar in forum AntiVirus Discussions
    Replies: 0
    Last Post: June 6th, 2002, 03:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •