Security Software Error Message : kernels32.exe not found on Windows Startup

Hi,

Recently, i noticed a small icon in my system tray which was similar to the error message icon which pops up in the error messages. The red circle with a white x in it. On moving my cursor on it, a tooltip "Your Computer Has Been Infected" appeared.

AVG, Norton, McAfee all failed to detect it as a virus, Adaware, Spybot and Hijack This didnt comeup with anything either.

My Task Manager was also disabled.(Even in the admin accounts)

I found reference to this file in my boot up processes. I removed it from there and deleted the file which was located in my WINNT/system32 folder after checking the creation date on it.

After which i removed all dead links from my registry using Regcleaner.

I re-enabled the Task Manager from the registry after reading about it on the internet.
But, now after each start of my comp, just before the desktop appears an error message containing text that the above file was not found is displayed.
How do i get rid of this message.

I will post a screenshot on the next restart of my comp.
OS: Win 2k

Current Anti-Virus:AVG

Spyware and Adware Removers: ADaware SE, SpyBot Search and Destroy, Hijack This

Account: Admin account on Local Machine.
Any help will be appreciated.

Thanks in Advance.
 
ferrar! said:
Download Msconfig :

http://www.techadvice.cc/files/y44b1/win-xp/msconfig.exe
and check for suspicious entries.
Is there a entry in "%systemroot%\win.ini" similar to :
load=C:\WINDOWS\KERNEL32.EXE
If yes then refer:

http://www.liutilities.com/products/wintaskspro/processlibrary/kernel32/

http://securityresponse.symantec.com/avcenter/venc/data/w32.tendoolf.html
Regards.

Hi Ferrari,

Thanks for the help....but, i checked all the entries...there seems to be nothing of the sort. I checked the removal tips from the above two links too. I guess Regcleaner removed those entries for me. But, what i suspect is that someother file being loaded at startup contains a link to this file. Any idea what it could be?
Screenshot of the error:


Screenshot of Startup Programs:


Screenshot of Win.ini:


Screenshot Of System.ini:

 
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsfot\Window NT\CurrentVersion\Winlogon

In the right pane, delete the value:
"Shell" = "Explorer.exe %System%\kernels32.exe"

I think that should do the trick.

Will report on next logon.
Sorry for the typo.
But, what i dont understand is, despite the claims of Norton, y did it not find the file, neither did AVG nor did Mc Afee.
 
Back
Top