Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > ntoskml

ntoskml

Forum Windows XP : Windows XP General Discussion - ntoskml

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!

Ask the community Add a reply

Bottom Search this thread

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I am running Win xp sp2 with Sygate Firewall.
In the last 24 Hours I have been asked by Sygate Firewall if I want to
accept C:\Windows\systemn32\ntoskml.exe.
I have said no because I think it might be a nasty.
What do you all think.

Add a reply

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

"Dgethin" <david.gethin1@ntlworld.com> wrote in message
news:bJO7e.22508$il.330@newsfe5-win.ntli.net...
>I am running Win xp sp2 with Sygate Firewall.
> In the last 24 Hours I have been asked by Sygate Firewall if I want to
> accept C:\Windows\systemn32\ntoskml.exe.
> I have said no because I think it might be a nasty.
> What do you all think.
>

It is a Virus, tries to look like the system file "ntoskrnl.exe". Notice
they replaced the "rn" with a "m".

--
William

Reply to Anonymous

I seem to be infected with this. I canceled a video download while the "copying folder" window was up (right before the download finalized) and the blue screen of death came up, saying it was saving physical memory or something before it shut the computer down. I use Vista, btw.

When I turned the computer back everything seemed normal, but then I got to a webpage that imitated my Computer Explorer window and brought up two windows, one after another, that said the suspicious warnings, "You're computer is infected, run scans, etc..." Every time I shut down one window, the next would immediately pop up. I tried using task manager, but for some reason, it wouldn't start.

Finally I restarted my computer again. This time I tried to use task manager off the bat, and while the little indicator in the task bar showed task manager, the window itself wouldn't come up. Also, the computer is running extremely slowly now. I got the idea of running Windows Gadgets with the CPU usage meter gadget on, and it shows at or near 100% cpu usage all the time, even when I'm not doing much.

I'm running an AVG full scan now, but it's been going for 22 hours now since the computer's so slow. At some point it found "Trojan horse generic 14.PHX and noted that. Now it's been stuck for hours on end on a file called ntoskml.exe in the system32 folder. It seems to be stuck there, although the scan shows that it's still in progress.

Should I try a system restore, since I do have a backup? The computer's too slow to do much of anything, really. Thanks ahead of time!

Message edited by 4-D on 08-07-2009 at 02:48:04 AM

Reply to 4-D

Try using a different online scanner. You need to identify the trojan/virus, and hopefully eliminate it. Ive searched and found nothing on the 14phx, mcafee, symantec are a few places to start, they offer free scanning and some tools as well

Message quoted 1 times

------------------------------ I went drifting, thru the capitols of tin, where men cant walk and cant freely talk, and sons turn their fathers in
Reply to jaydeejohn

jaydeejohn wrote :

I can't use on online scanner, because the computer is too slow. I can't even open internet explorer. I'm not using an online scanner now, it's AVG free edition

Reply to 4-D

Do you have any other malware protection? What may be slow on avg may be faster, say, on malwarebytes or spybot, which may also detect and rid it

------------------------------ I went drifting, thru the capitols of tin, where men cant walk and cant freely talk, and sons turn their fathers in
Reply to jaydeejohn

Another thing while I was poking around, could be your registry was/is corrupted. If you have a backup, now may be the time

Message quoted 1 times

------------------------------ I went drifting, thru the capitols of tin, where men cant walk and cant freely talk, and sons turn their fathers in
Reply to jaydeejohn

jaydeejohn wrote :

Another thing while I was poking around, could be your registry was/is corrupted. If you have a backup, now may be the time

Yeah, I've tried that. When the computer starts up, it says that the System Restore didn't work because there was a disk failure. I also ran Windows Defender scan and it also got stuck on ntoskrnl (I found out that it just looks like ntoskml, but it really says ntoskrnl). So I it seems that it's unfixable with my computer's security software. Probably have to have a guy look at the computer. Thanks for your assistance

Reply to 4-D

Oh it is the rn? Hmmm

------------------------------ I went drifting, thru the capitols of tin, where men cant walk and cant freely talk, and sons turn their fathers in
Reply to jaydeejohn

Look here, and good look
http://www.computerhope.com/issues/ch000646.htm

------------------------------ I went drifting, thru the capitols of tin, where men cant walk and cant freely talk, and sons turn their fathers in
Reply to jaydeejohn

Ask the community Add a reply

Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > ntoskml

Go to:

Help |
Forum rules

There are 1165 identified and unidentified users. To see the list of identified users, Click here.

Page generated in 0.294 seconds

Focus On

ntoskml

Forum Windows XP : Windows XP General Discussion - ntoskml