Security Software Error Message : kernels32.exe not found on Windows Startup

[XTerminator]

Hi,

Recently, i noticed a small icon in my system tray which was similar to the error message icon which pops up in the error messages. The red circle with a white x in it. On moving my cursor on it, a tooltip "Your Computer Has Been Infected" appeared.

AVG, Norton, McAfee all failed to detect it as a virus, Adaware, Spybot and Hijack This didnt comeup with anything either.

My Task Manager was also disabled.(Even in the admin accounts)

I found reference to this file in my boot up processes. I removed it from there and deleted the file which was located in my WINNT/system32 folder after checking the creation date on it.

After which i removed all dead links from my registry using Regcleaner.

I re-enabled the Task Manager from the registry after reading about it on the internet.
But, now after each start of my comp, just before the desktop appears an error message containing text that the above file was not found is displayed.
How do i get rid of this message.

I will post a screenshot on the next restart of my comp.
OS: Win 2k

Current Anti-Virus:AVG

Spyware and Adware Removers: ADaware SE, SpyBot Search and Destroy, Hijack This

Account: Admin account on Local Machine.
Any help will be appreciated.

Thanks in Advance.

 

[el33t]

Download Msconfig :
http://www.techadvice.cc/files/y44b1/win-xp/msconfig.exe

and check for suspicious entries.

Is there a entry in "%systemroot%\win.ini" similar to :

load=C:\WINDOWS\KERNEL32.EXE

If yes then refer:
http://www.liutilities.com/products/wintaskspro/processlibrary/kernel32/
http://securityresponse.symantec.com/avcenter/venc/data/w32.tendoolf.html

Regards.

 

[XTerminator]

Download Msconfig :

http://www.techadvice.cc/files/y44b1/win-xp/msconfig.exe
and check for suspicious entries.
Is there a entry in "%systemroot%\win.ini" similar to :
load=C:\WINDOWS\KERNEL32.EXE
If yes then refer:

http://www.liutilities.com/products/wintaskspro/processlibrary/kernel32/

http://securityresponse.symantec.com/avcenter/venc/data/w32.tendoolf.html
Regards.

Hi Ferrari,

Thanks for the help....but, i checked all the entries...there seems to be nothing of the sort. I checked the removal tips from the above two links too. I guess Regcleaner removed those entries for me. But, what i suspect is that someother file being loaded at startup contains a link to this file. Any idea what it could be?
Screenshot of the error:


Screenshot of Startup Programs:


Screenshot of Win.ini:


Screenshot Of System.ini:

 

[bottle]

acually the error points to kernel'S'32.exe

see if this of any help,

http://www.liutilities.com/products/wintaskspro/processlibrary/kernels32/

symantec removal instructions

http://securityresponse.symantec.com/avcenter/venc/data/trojan.vicsfram.html#removalinstructions

 

[KingKrool]

Hmm, can you get filemon to load at startup and figure out what is trying to access the file?
Or does filemon not monitor access to non-existent files?

 

[XTerminator]

acually the error points to kernel'S'32.exe
see if this of any help,
http://www.liutilities.com/products/wintaskspro/processlibrary/kernels32/
symantec removal instructions
http://securityresponse.symantec.com/avcenter/venc/data/trojan.vicsfram.html#removalinstructions

Ok ok...it was a typo.

Sorry about that.

I will check about the above links and let u know.

 

[XTerminator]

Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsfot\Window NT\CurrentVersion\Winlogon

In the right pane, delete the value:
"Shell" = "Explorer.exe %System%\kernels32.exe"

I think that should do the trick.

Will report on next logon.
Sorry for the typo.
But, what i dont understand is, despite the claims of Norton, y did it not find the file, neither did AVG nor did Mc Afee.

 

[XTerminator]

Solved by the Symantec link from Bottle.
*Closing thread*

Contact the section mods/gmods or me to re open this thread if needed.