I have an ME. My Norton Antivirus has just informed me that kernel32 has been infected with this virus and gave me some options, one of which was quarantine, which I selected. Did I make the right selection? What should I do and can I get rid of it? What does kernel32 do?
The only problem I’ve noted is that I got a kernel32.dll error message twice. The first time I said OK to closing it, and I lost my window. The 2d time nothing adverse happened.
I don’t the answer to most of your questions, but I do know that KERNEL32 is one of the main files of Windows. To be safe, I wouldn’t do too much (like reboot) until someone that knows something replies…good luck…
Here you go. I had the same problem on Tuesday.
Thanks Johny LA. I got the infected email Tuesday, too, but didn’t know that I got the virus until Norton told me today, as I didn’t open any attachments. (There were none.)
Before I follow the procedure noted, I was wondering if I just can’t use System Restore and go back to 11/26?
I reverted to the 10th because the files appeared on the 3rd. Unfortunately, Gateway Go-Back (which is supposed to “go back” to when it was installed) wouldn’t go back to before the 10th. I decided to try it anyway in case I could revert my hard drive farther back from the 10th. No joy. The problem with reverting to an earlier date is that you lose anything on your hard drive (including e-mail) that was put there after the reversion date.
Manually fixing the virus isn’t that hard. Editing the WIN.INI file was a piece of cake. Editing the registry (REGEDIT) was harder because the instructions on the page indicate a text file that needs to be edited, and my computer showed something like Windows Explorer. I right-clicked on the “kernel” file and left-clicked on “modify”. This brought up a window with two boxes. One said (somthing) and the other said “value” I highlighted the value (kern32) and deleted it, hoping I was doing the right thing. Then I clicked on the “start” button and clicked “re-boot in DOS mode”. Once it was booted in DOS, I manually deleted the three files (see the other thread for the locations) and re-booted in Windows. It worked.
Just be careful when you edit the registry because you can mess things up if you delete the wrong thing. I don’t know what; I’m just passing on the warning.
But it worked for me.
Thanks again, Johnny. I tried, before reading your last post, to use ME’s System Restore, but it said it could not delete the virus. It went back to last Friday. However, I also have Symantec’s Norton Antivirus, which has a Go Back. It actually had a later date than System Restore, last Monday. I used it and I think I’m OK now.
System Restore doesn’t delete anything. Go Back does, so I had to go back to NAV and update the virus definitions again. I don’t mind losing all that email (I have auto delete anyway when I exit Outlook)or a few web site favorites I might have added. I feel more comfortable with that than messing around with the register.
Badtrans.b was discovered Nov 24, so you couldn’t have had it before that.
KERNEL32.EXE is the virus. KERNEL32.DLL is an important part of Windows. You can delete KERNEL32.EXE without worrying, but don’t delete KERNEL32.DLL.
Thanks all. I chose the easiest option: Used the Go Back feature on Norton AV. I’m OK now.