1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Strange

Discussion in 'Windows - Virus and spyware problems' started by vwsport80, Mar 17, 2007.

  1. vwsport80

    vwsport80 Regular member

    Joined:
    May 20, 2005
    Messages:
    177
    Likes Received:
    0
    Trophy Points:
    26
    Hey guys and gals,
    My computer has been acting funky the last couple of days. It's been hard getting on the internet. I have avast antivirus and sygate firewall. I've been getting (more than once) this message from sygate. It says that the NT Kernel has changed.

    The executable has changed since the last time you used: C:\WINDOWS\system32\ntoskrnl.exe
    File Version : 5.1.2600.3051
    File Description : NT Kernel & System
    File Path : C:\WINDOWS\system32\ntoskrnl.exe
    Process ID : 0x4 (Heximal) 4 (Decimal)

    Connection origin : local initiated
    Protocol : Raw Ethernet
    Local Address : 0.0.0.0
    Local Port : 0
    Remote Name :
    Remote Address : 0.0.0.0
    Remote Port : 0

    Ethernet packet details:
    Ethernet II (Packet Length: 56)
    Destination: 00-01-5c-22-b1-02
    Source: 00-12-c9-c5-89-91
    Type: ARP (0x0806)
    Address Resolution Protocol (ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: Response
    Sender hardware address: 00-12-c9-c5-89-91
    Sender IP address: 75.71.247.149
    Target hardware address: 00-01-5c-22-b1-02
    Target IP address: 75.71.240.1

    Binary dump of the packet:
    0000: 00 01 5C 22 B1 02 00 12 : C9 C5 89 91 08 06 00 01 | ..\"............
    0010: 08 00 06 04 00 02 00 12 : C9 C5 89 91 4B 47 F7 95 | ............KG..
    0020: 00 01 5C 22 B1 02 4B 47 : F0 01 BD 82 47 52 50 10 | ..\"..KG....GRP.
    0030: 44 70 E6 F2 00 00 01 6C : | Dp.....l

    I did do a Window's update recently, but I've never gotten a kernel message before (at least not when I wasn't expecting it). I ran a boot time scan with avast, scanned with SE Personal and Spybot S&D in safe mode. Found a few things, but as I pulled up firefox, I got the message again. Any thoughts? Thanks in advance.
     
  2. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26
    * Click here to download HijackThis.exe
    * Save HijackThis.exe to your desktop.
    * Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
    * Then rename HijackThis.exe to Scanner.exe
    * Run Scanner.exe
    * Click on the Do a system scan and save a log file -button. It will scan and then ask you to save the log.
    * Click Save to save the log file and then the log will open in notepad.
    * Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    * Come back here to this thread and Paste the log in your next reply.
    * DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     

Share This Page