[filename.info logo]
[cn ntoskrnl.exe][de ntoskrnl.exe][es ntoskrnl.exe][fr ntoskrnl.exe][gb ntoskrnl.exe][it ntoskrnl.exe][jp ntoskrnl.exe][kr ntoskrnl.exe][nl ntoskrnl.exe][pt ntoskrnl.exe][ru ntoskrnl.exe][us ntoskrnl.exe]
 

ntoskrnl.exe (5.1.2600.1151)

Contained in software

Name:Windows XP Home Edition, Deutsch
License:commercial
Information link:http://www.microsoft.com/windowsxp/

File details

Filepath:C:\WINDOWS\system32 \ ntoskrnl.exe
Filedate:2003-04-24 19:15:28
Version:5.1.2600.1151
Filesize:1.894.912 bytes

Checksum and file hashes

CRC32:A3A9A642
MD5:5803 22A6 DA90 A885 EA6A 491A D2A6 0B99
SHA1:C5C2 C854 C059 A2E6 2ADB F339 A741 D0C9 DBDF 7EB6

Version resource information

CompanyName:Microsoft Corporation
FileDescription:NT-Kernel und -System
FileOS:Windows NT, Windows 2000, Windows XP, Windows 2003
FileType:Application
FileVersion:5.1.2600.1151
InternalName:ntkrnlmp.exe
LegalCopyright:© Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename:ntkrnlmp.exe
ProductName:Betriebssystem Microsoft® Windows®
ProductVersion:5.1.2600.1151

ntoskrnl.exe was found in the following malware reports:

W97M.Homer

About W97M.Homer
...It deletes the file C:WinntSystem32Ntoskrnl.exe from Windows NT systems Type: Virus...
Threat assessment
...Deletes files: Ntoskrnl.exe Modifies files:...
Technical details
...The virus deletes the file C:WinntSystem32Ntoskrnl.exe from Windows NT systems. This payload is triggered...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w97m.homer.html

W32.Bolzano

Technical details
...In such a case, W32.Bolzano has the chance to patch ntoskrnl.exe, the Windows NT kernel, located in the WINNTSYSTEM32 directory....
...virus modifies only 2 bytes in a security API called SeAccessCheck that is part of ntoskrnl.exe. This way Bolzano is able to...
...Unfortunately the consistency of ntoskrnl.exe is checked in only one place....
...The loader, ntldr, is supposed to check it when it loads ntoskrnl.exe into physical memory during machine boot-up....
...If the kernel gets corrupted ntldr is supposed to stop loading ntoskrnl.exe and display an error message even before a "blue screen" appears....
Removal instructions
...If the system has been infected, the system files ntoskrnl.exe and ntldr.exe have been patched....
...prolific virus, W32.Funlove.4099, which applies the same patching techniques to ntoskrnl.exe and ntldr.exe. You can find this tool here:...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.bolzano.html

W32.Funlove.4099

Technical details
...the equivalent rights logs on, W32.FunLove.4099 has the opportunity to modify the Ntoskrnl.exe file, the Windows NT kernel located in the WinntSystem32 folder....
...Unfortunately, the consistency of Ntoskrnl.exe is checked only once during the startup process....
...The loader, Ntldr, checks Ntoskrnl.exe when it loads into physical memory during startup....
...If the kernel becomes corrupted, Ntldr is supposed to stop loading Ntoskrnl.exe and display an error message, even before a "blue screen" appears....
...files on those computers. In addition, the Ntoskrnl.exe and Ntldr patch is performed on the network drives....
...components over the network. The Ntoskrnl.exe and Ntldr patches are executed by a routine picked up from the Bolzano virus....
...Developer Network documentation. Can Ntoskrnl.exe be infected across the network, without Flcss.exe actually being copied to the system?...
...As long as the drive is writeable, FunLove will modify Ntoskrnl.exe over the network, even without dropping Flcss.exe onto the system....
...FunLove does not actually infect Ntoskrnl.exe, but it changes the file's security function....
...Once the affected computer is restarted, the modified Ntoskrnl.exe and Ntldr are loaded, and security is compromised....
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.funlove.4099.html

W32.Petch

Technical details
...C:WindowsSystem32Ntkrnlpa.exe C:WindowsSystem32Ntoskrnl.exe C:WindowsSystem32Ntoskrnl.exe...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.petch.html

W32.Gruel@mm

Technical details
...C:WINNTSystem32*.dll C:WINNTSystem32Ntoskrnl.exe C:WINNTSystem32Command.com...
...C:WINNTRegedit.exe C:WindowsSystem32Ntoskrnl.exe C:WindowsSystem32Command.com...
......
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html

Navigation

Browse files

• by name




Valid HTML 4.01!
Copyright © 2004 by Tegtmeier Internet Solutions Colocation: NetGate