"Inline hook ntoskrnl.exe" - is this a virus?

After an AVG scan this morning, AVG found many instances of this on my computer and said is it “unresolved” and apparently cannot be resolved. I searched online, and some sources say this is a trojan. The AVG forum boards don’t seem to be too excited about it. Their mods seem more concerned with whether or not the person reporting this scanned their computer after an AVG update.

Can someone please let me know if this is a virus, trojan, etc., and, if so, what to do about it? And WTH does “inline hook” mean?

Thank you!

I assume it means that there are hooks into ntsokernel.exe. This means you have a rootkit, which is a particularly nasty type of malware. It may be a virus (self-replicating malware). It probably was a trojan (malware that hides inside or pretends to be legitimate software)

The best way to tackle a root kit is via what is known as an offline virus scan, which scans without loading your operating system. They are often included in something called a rescue disk, which is a special boot disk. It appears that AVG provides one, in the form of a downloadable file.

I would recommend downloading it using a different computer if possible. Get the ISO if you want to make a CD. Get the ZIP file if you’d like to use a USB flash drive (It will need to have at least 350MB of free space). If you get the ISO file, use your CD burner software to burn it. You probably can right click on the ISO file and choose to burn it to a disk. Make sure not to just copy the ISO to the disk.

If you’d rather use a USB drive, this is easier. Simply unzip the zip file, plug in a USB drive, then run the file called setup. Choose the correct drive letter for the USB drive, then click install.

From there, you’ll need to boot the rescue disk. If you used a CD, put the CD in the drive, then reboot your computer. If you used a USB drive, shutdown the computer, then plug in the USB drive, then boot the computer.

When it starts up, there will usually be some screen that tells you to press certain buttons to get certain options. Pick the option “Boot Menu” or “Boot from disk” or similar. Choose either your USB or CD drive. If you don’t have an appropriate option, you might be able to just let the computer boot.

The directions from there should be pretty easy. A video suggests that there will be a license you have to confirm by pressing Enter. And you will be prompted to update AVG. Go ahead and do that.

If you prefer video instructions like those are that video, most of my other instructions can be found in this video, except that the web page part is out of date. Instead, use the link I provided to get the appropriate file.

BigT, thank you. This does not look good at all. Will MalwareBytes resolve it without creating the AVG bootable USB?

After doing several searches, it appears that this MAY – and I stress MAY – be a false positive from AVG. (That is, for modern Windows versions. It was apparently a real threat in XP.) AVG seems to be the only major program that detects it. The overwhelming majority of search results date from XP days.

If you want a second or third opinion, sign up with one of these sites.

If you are feeling paranoid, you can try these instructions. I have no idea what the result will be.

Thanks, Flyer! I’ll check these out!