ntoskrnl.exe "Changed"

  • Thread starter Thread starter Kate
  • Start date Start date
K

Kate

Firstly, apologies for the multiple posting, but I wasn`t sure which
would be the most relevant group to use.

I have IE6 with Outlook Express, a USB ADSL router (using PPPoA) and
am having on-going trouble connecting to newsgroups. Unfortunately,
advice that I have received following earlier posts hasn`t resolved
the problem and my ISP hasn`t been helpful at all. However, a recent
virus scan showed that ntoskrnl.exe had "changed" and I wondered if
that might have something to do with it? As I am not sure exactly
what function this program has, apart from being essential during
boot-up, I thought it might be worth asking...

Thanks
Kate
 
Kate said:
Firstly, apologies for the multiple posting, but I wasn`t sure which
would be the most relevant group to use.

I have IE6 with Outlook Express, a USB ADSL router (using PPPoA) and
am having on-going trouble connecting to newsgroups. Unfortunately,
advice that I have received following earlier posts hasn`t resolved
the problem and my ISP hasn`t been helpful at all. However, a recent
virus scan showed that ntoskrnl.exe had "changed" and I wondered if
that might have something to do with it? As I am not sure exactly
what function this program has, apart from being essential during
boot-up, I thought it might be worth asking...
Click to expand...

You're apt to get most of the advice over again since you started a new
thread.

Help with malware
All MS-MVP Sites.
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/darnit.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

So How Did I Get Infected Anyway?
For quite a few people it's by installing Messenger Plus, whose ads for
malware don't identify the malware as such and try to convince you that you
owe it to the author. See also:
http://www.wilderssecurity.com/showthread.php?t=27971
Don't ever do a "default" install of anything. Always choose Custom and see
what else is being carried along. Don't install any extras you're not sure
of.
 
Kate wrote on Thu, 30 Nov 2006 13:15:25 -0000:
Firstly, apologies for the multiple posting, but I wasn`t sure which
would be the most relevant group to use.

I have IE6 with Outlook Express, a USB ADSL router (using PPPoA) and
am having on-going trouble connecting to newsgroups. Unfortunately,
advice that I have received following earlier posts hasn`t resolved
the problem and my ISP hasn`t been helpful at all. However, a recent
virus scan showed that ntoskrnl.exe had "changed" and I wondered if
that might have something to do with it? As I am not sure exactly
what function this program has, apart from being essential during
boot-up, I thought it might be worth asking...

Thanks
Kate
Click to expand...

Are you using AVG by any chance? And have you installed any MS patches
recently?

ntoskrnl.exe is the kernel image for Windows. It's a core part of the
operating system, not just a boot process. If it goes missing or gets
damaged Windows won't even run.

While it's possible that something may be attempting to infect it, it's
unlikely. It can be updated by MS patches, although the current version on
my XP Pro SP2 machine is dated 2nd March 2005, have you recently installed
Service Pack 2? Or at least since the last time you ran a virus scan?

Dan
 
Daniel Crichton said:
Kate wrote on Thu, 30 Nov 2006 13:15:25 -0000:


Are you using AVG by any chance? And have you installed any MS patches
recently?

ntoskrnl.exe is the kernel image for Windows. It's a core part of the
operating system, not just a boot process. If it goes missing or gets
damaged Windows won't even run.

While it's possible that something may be attempting to infect it, it's
unlikely. It can be updated by MS patches, although the current version on
my XP Pro SP2 machine is dated 2nd March 2005, have you recently installed
Service Pack 2? Or at least since the last time you ran a virus scan?

Dan
Click to expand...

Kate's trouble is OE stating that no connection to the internet exists when
opening a newsgroup, when a connection does exist. I have this trouble,
thought I'd fixed it, told her what I did, but it didn't work for either of us.

In case her situation is different from mine, here is what I've got listed:
ntoskrnl.exe 2,129 KB Application 3/1/2005 6:59 PM
version 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)
 
Daniel Crichton said:
Kate wrote on Thu, 30 Nov 2006 13:15:25 -0000:


Are you using AVG by any chance? And have you installed any MS
patches recently?

ntoskrnl.exe is the kernel image for Windows. It's a core part of
the operating system, not just a boot process. If it goes missing or
gets damaged Windows won't even run.

While it's possible that something may be attempting to infect it,
it's unlikely. It can be updated by MS patches, although the current
version on my XP Pro SP2 machine is dated 2nd March 2005, have you
recently installed Service Pack 2? Or at least since the last time
you ran a virus scan?

Dan
Click to expand...

Yes, I use AVG Free, but without email scanning enabled, as I know it
can create many problems. I have had XP2 installed for ages (not long
after it first became available, I think) and I regularly update. I
last updated on 20 November, when I accepted IE7 (which I subsequently
uninstalled), and the one before that was 16 October. The problem
with connecting to NGs began around 16 November, when I cancelled a
message on a newsserver. My version of ntoskrnl.exe is also 2 March
2005, BTW. It was a long shot that it was the cause of the connection
difficulty, but at least I can probably eliminate it now, as
everything else works fine. However, if I do need to replace it, I
have SP2 on disk.

Many thanks for the reply
Kate
 
Daniel Crichton schrieb am Thu, 30 Nov 2006 16:09:15 -0000:
While it's possible that something may be attempting to infect it, it's
unlikely.
Click to expand...

Well, we don't know what virusscan revealed exactly which change and which
the exact message and path to the file was, so it could just be some
malware coming in disguise. She better asks about this in another
newsgroup talking about malware.

Kai
 
Kai Schaetzl said:
Daniel Crichton schrieb am Thu, 30 Nov 2006 16:09:15 -0000:


Well, we don't know what virusscan revealed exactly which change and
which
the exact message and path to the file was, so it could just be some
malware coming in disguise. She better asks about this in another
newsgroup talking about malware.

Kai
Click to expand...

The result of the scan said only that ntoskrnl.exe had changed, but
not in what way. There was also the same result for kernel32.dll,
user32.dll, and shell32.dll, and the path to all four is
F:\WINDOWS\system32. I have carried out a malware scan with Ad-Aware
with nothing found and also run Hijackthis where the results showed
nothing that I was unable to recognise.

It is perhaps a bit drastic, but would re-installing Outlook Express
and/or IE6 be worth a try, do you think? If so, how would I go about
it, please?

Thanks
Kate
 
Kate schrieb am Thu, 30 Nov 2006 18:38:57 -0000:
It is perhaps a bit drastic, but would re-installing Outlook Express
and/or IE6 be worth a try, do you think?  If so, how would I go about
it, please?
Click to expand...

No, there is nothing wrong it seems, apart from you having problems with
connecting to newsgroups. You should carry this problem to the OE6
newsgroup. They will ask you some diagnostic questions then I guess. You
don't seem to have a problem connecting now.

Kai
 
Kai Schaetzl said:
Kate schrieb am Thu, 30 Nov 2006 18:38:57 -0000:


No, there is nothing wrong it seems, apart from you having problems
with
connecting to newsgroups. You should carry this problem to the OE6
newsgroup. They will ask you some diagnostic questions then I guess.
You
don't seem to have a problem connecting now.

Kai
Click to expand...

Sorry, Kai, but I tried the OE6 NG first and they cannot help any
more. There, I listed all the things I have tried - which are
numerous. Contributors to ms.p.network-web and
internetexplorer.general will also be familiar with my problem, I
fear!

Briefly, I get the message that no connection to the internet is
available, but when I click "Retry", I get connected - hence my
ability to post. It is not a major problem, I know, but inconvenient
and - as Michael Jennings will no doubt agree - most irritating, and
an indication that something is wrong that needs putting right.

Thank you again for responding.
Kate
 
It has not been irritating enough to get me to reinstall OE.

To reinstall OE, modify the "IsInstalled" value data to zero
and then connect to WU, according to the registry hack at
http://support.microsoft.com/default.aspx?kbid=318378

There are other things the KB says to try first, but that one
interests me, so for that reason and for your sake I'll try it
and see if I'm able to report back to this thread. If there are
any glitches or gotchas I will advise what to watch out for.

Since the absurd notice is occasional, I won't know for
sure when it departs that it won't occur. On the other hand,
if it occurs even once I will know that it is still there.
 
Kate schrieb am Thu, 30 Nov 2006 21:20:19 -0000:
Briefly, I get the message that no connection to the internet is 
available, but when I click "Retry", I get connected - hence my 
ability to post.
Click to expand...

Can you repro this *without* IE being open? e.g. Open IE7, make sure it is
not in "work offline" mode, close it. Don't use it for some hours now. But
use OE during that time. Does it still happen? How often does it happen?
When (which actions) does it happen exactly? I remember you talked about
anti-virus software. Did you already uninstall it?
From your header I see that you are posting directly to msnews. msnews is
slow and not reliable. Does your problem happen only with msnews?

Kai
 
Kai Schaetzl said:
Kate schrieb am Thu, 30 Nov 2006 21:20:19 -0000:


Can you repro this *without* IE being open? e.g. Open IE7, make sure it is
not in "work offline" mode, close it. Don't use it for some hours now. But
use OE during that time. Does it still happen? How often does it happen?
When (which actions) does it happen exactly? I remember you talked about
anti-virus software. Did you already uninstall it?
From your header I see that you are posting directly to msnews. msnews is
slow and not reliable. Does your problem happen only with msnews?
Click to expand...

She has IE6, Kai, as do I. I have only observed the behavior with msnews.
 
Kai Schaetzl said:
Michael Jennings schrieb am Thu, 30 Nov 2006 16:44:29 -0600:


Please don't do this with an installed IE7, uninstall it first!
Click to expand...

They knocked that post off the server, Kai. I feel that I have
been excused from doing the dirty deed to OE6, so I won't.
 
Michael Jennings schrieb am Thu, 30 Nov 2006 18:15:14 -0600:
She has IE6, Kai, as do I. I have only observed the behavior with msnews.
Click to expand...

Then use other newsservers for comparison. I'm not astonished that you get
a connection problem to msnews from time to time. I haven't been using it
for years, it's about ten times slower as the one I use.
There might *still* be a problem on your PC or down the line before the
server, but you cannot use msnews for testing this. It's like testing a
street with bumps for smooth driving.

Kai
 
Kai Schaetzl said:
Kate schrieb am Thu, 30 Nov 2006 21:20:19 -0000:


Can you repro this *without* IE being open? e.g. Open IE7, make sure
it is not in "work offline" mode, close it. Don't use it for some
hours now. But use OE during that time. Does it still happen? How
often does it happen? When (which actions) does it happen exactly? I
remember you talked about anti-virus software. Did you already
uninstall it? From your header I see that you are posting directly
to msnews. msnews is slow and not reliable. Does your problem happen
only with msnews?

Kai
Click to expand...
Kai : I don`t usually have both IE (I use v.6, having taken an instant
dislike to v.7 - too "tricksy" for me) and OE6 open at the same time -
it`s either one or the other. I never get this message in IE, nor
when I click Send/Receive in OE; it only happens when I first click a
newsgroup, not just in msnews but with the two other newsservers I use
as well. If I close OE and then re-open it within about 5 minutes,
everything works fine. If I leave it longer, then up pops the message
again.

I gave a full description of ways I have tried to rectify this in my
post entitled "It may be coincidental, but since uninstalling IE7..."
dated 25 November, posted to ms.p.internetexplorer.general and then
copied to ms.p.windowsxp.network_web. BTW, I used to use my ISP`s
newsserver rather than msnews, until I read that msnews was quicker
and kept messages on the server for longer.

I use AVG Free and keep it updated every day since the computer was
new 2 1/2 years ago.

Frank : I just wanted to eliminate ntoskrnl.exe from my enquiries, as
it were, rather than resurrect my previous threads. I am generally
very wary about installing downloaded software, and always save it to
file and get AVG to scan it before installing - although that won`t
prevent malware, I guess. Also, I don`t use Messenger or Windows
Messenger and have no idea what Messenger Plus is!

Michael : I`m not keen on a re-install, either, but as I get the
notice every time I try to get to a newsgroup, rather than
occasionally, I don`t know how long my patience will last. But I`ll
keep my fingers crossed that you can find a resolution. I am not
sufficiently experienced to try anything too ambitious without
step-by-step guidance by someone knowledgeable. Good luck!

Many thanks to all
Kate
 
Kai Schaetzl said:
Michael Jennings schrieb am Thu, 30 Nov 2006 18:15:14 -0600:


Then use other newsservers for comparison. I'm not astonished that you get
a connection problem to msnews from time to time. I haven't been using it
for years, it's about ten times slower as the one I use.
There might *still* be a problem on your PC or down the line before the
server, but you cannot use msnews for testing this. It's like testing a
street with bumps for smooth driving.
Click to expand...

I am content to blame Microsoft's msnews server, and to click "retry," when
the no connection thing happens. That has yet to fail in coughing up the posts.
I'll keep an eye out for the behavior occurring with other news servers.
 
Kate said:
Michael : I`m not keen on a re-install, either, but as I get the
notice every time I try to get to a newsgroup, rather than
occasionally, I don`t know how long my patience will last. But I`ll
keep my fingers crossed that you can find a resolution. I am not
sufficiently experienced to try anything too ambitious without
step-by-step guidance by someone knowledgeable. Good luck!
Click to expand...

Well, the registry hack is for XP sp1, and I found that it didn't work
for XP sp2, for which you are supposed to reinstall service pack 2
in order to reinstall Outlook Express 6, then get the WU updates.
The IE6 setup file did not accept the "IsInstalled" value data zero,
either for OE alone or for both IE and OE. Windows, however,
"saw" the "uninstallations" and offered to remove personal settings
(which I accepted) after each of the two reboots. I am using the
so-called uninstalled OE6 to make this post. Sorry to fade on you,
Kate, but "live with it" beats out reinstalling SP2 for me.
 
Michael Jennings said:
Well, the registry hack is for XP sp1, and I found that it didn't
work
for XP sp2, for which you are supposed to reinstall service pack 2
in order to reinstall Outlook Express 6, then get the WU updates.
The IE6 setup file did not accept the "IsInstalled" value data zero,
either for OE alone or for both IE and OE. Windows, however,
"saw" the "uninstallations" and offered to remove personal settings
(which I accepted) after each of the two reboots. I am using the
so-called uninstalled OE6 to make this post. Sorry to fade on you,
Kate, but "live with it" beats out reinstalling SP2 for me.
Click to expand...

Although I have always had e-mail scanning turned off in AVG Free, on
Thursday night I disabled it in Manage/Services & Applications and,
lo! no more tiresome message re `no connection available`.
Coincidence maybe?

Kate
 
Kate said:
Although I have always had e-mail scanning turned off in AVG Free, on
Thursday night I disabled it in Manage/Services & Applications and,
lo! no more tiresome message re `no connection available`.
Coincidence maybe?

Kate
Click to expand...

That very well could be the answer because with AVG, just unchecking e-mail
scanning is not enough.

Reinstall AVG and choose Custom Mode. Uncheck E-mail Scanning when you see
that option. For some reason, just unchecking it in the security center
causes a conflict with the Windows Security Center.

BTW. Have you upgraded to version 7.5? 7.1 will no longer support updated
for new Trojans. I have 7.5 and cannot see Manage/Services & Applications.
Where was that?
 
Back
Top