windows_kernel32.exe - Dangerous
%sysdir%\windows_kernel32.exe
Manual removal instructions:
Antivirus Report of %sysdir%\windows_kernel32.exe:
%sysdir%\windows_kernel32.exe
W32.Netsky.AE@mm is a mass-mailing worm.
1. Copies it body to the following files:
%System%\bloodred.exe
%System%\Windows_kernel32.exe
%Windir%\bloodred.zip (A zipped copy of the worm. The file name within is Urgent_Info.pif.)
%System%\base64exe.sys (detected as W32.Netsky.AE@mm!enc)
%System%\base64zip.sys (detected as W32.Netsky.AE@mm!enc)
2. Adds the value:
"Microsoft Kernel"="%System%\Windows_kernel32.exe"
to registry Run key.
3. Infects the HOSTS file.
Blocks access to antiviral sites and to Microsoft update.
4. Sends e-mails.
Removal:
Remove it from startup using RegRun Startup Optimizer.
Restore the HOSTS file using RegRun Anti-Spyware.
Stop the service and set it to disabled state.
Remove files.
| %sysdir%\windows_kernel32.exe | Malware |
| %sysdir%\windows_kernel32.exe | Dangerous |
| %sysdir%\windows_kernel32.exe | High Risk |
1. Copies it body to the following files:
%System%\bloodred.exe
%System%\Windows_kernel32.exe
%Windir%\bloodred.zip (A zipped copy of the worm. The file name within is Urgent_Info.pif.)
%System%\base64exe.sys (detected as W32.Netsky.AE@mm!enc)
%System%\base64zip.sys (detected as W32.Netsky.AE@mm!enc)
2. Adds the value:
"Microsoft Kernel"="%System%\Windows_kernel32.exe"
to registry Run key.
3. Infects the HOSTS file.
Blocks access to antiviral sites and to Microsoft update.
4. Sends e-mails.
Removal:
Remove it from startup using RegRun Startup Optimizer.
Restore the HOSTS file using RegRun Anti-Spyware.
Stop the service and set it to disabled state.
Remove files.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.