should NTOSKNL.EXE process be requesting internet access?

[Guest]

Hi all,


I have a home network, and one friend uses her notebook up in her room. I
have removed tons of spyware/malware etc off her notebook
(I put her outside my network with a different the router)
Since then(her pc cleanup)
I noticed unusually high packet sending & receiving.(I have XP pro SP2 on 3
PC's) I checked, and found the NTOSKNL.EXE process sending & receiving large
amounts of data through my firewall...I have blocked this until I find out
what is going on.

I thought this was the boot kernel, and didn't need to have other use.

Does this mean my OS's are infected?(It shows in sygate firewall on all 3
pc's)

Why would it not show in a SFC /scannow or
an Anti Virus scan in safe-mode?

do I need to re-install XP fresh on the OS's that are doing this?

or can I extract the NTOSKNL.EXE file from the XP CD?

tia,


Jay

 

[Guest]

is good to run a online scan to make sure or healthy system:

http://www.avast.com/eng/down_cleaner.html

http://www.pandasoftware.com/products/activescan.htm

and read about sygate and the process you mencioned

http://forums.sygate.com/vb/showthread.php?threadid=14870

 

[Guest]

Hi all.


thanks LFR for the quick reply,

that was a serious typo &

should be "ntoskrnl.exe"

Thanks for all assistance in advance

 

[Guest]

glad to help

Hi all.


thanks LFR for the quick reply,

that was a serious typo &

should be "ntoskrnl.exe"

Thanks for all assistance in advance

 

[Guest]

Hi,

I ran all the scans, and came back clean, even in safe-mode for avast's AV
scanner...I think all the packets were caused by 3 other PC's having mapped
dives to a 300GB external HDD.

Theinstall was over a year old so I just used my PQ 2002 Images to set it
back up, how I first had it.(I imaged it after a 10 hour setup, so I'd never
have to do more than stick the 4 dvd's in.


thanks again