|
ntoskrnl.exe overzicht
Het dossier ntoskrnl.exe is bevat in de volgende software- Windows XP Home Edition, Deutsch Meer informatie
Versie: 5.1.2600.1151 De datum van het dossier: 2003-04-24 19:15:36 De grootte van het dossier: 1.927.936 bytes De weg van het dossier: C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Toon ntoskrnl.exe details - Windows XP Home Edition, Deutsch Meer informatie
Versie: 5.1.2600.1151 De datum van het dossier: 2003-04-24 19:15:28 De grootte van het dossier: 1.894.912 bytes De weg van het dossier: C:\WINDOWS\system32\ntoskrnl.exe Toon ntoskrnl.exe details - Windows XP Home Edition, Deutsch Meer informatie
Versie: 5.1.2600.1106 De datum van het dossier: 2002-08-29 14:00:00 De grootte van het dossier: 1.893.888 bytes De weg van het dossier: C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Toon ntoskrnl.exe details
ntoskrnl.exe werd gevonden in de volgende rapporten:
|
W97M.Homer |
OngeveerW97M.Homer ...It deletes the file C:WinntSystem32Ntoskrnl.exe from Windows NT systems Type: Virus... De beoordeling van de bedreiging ...Deletes files: Ntoskrnl.exe Modifies files:... Technische details ...The virus deletes the file C:WinntSystem32Ntoskrnl.exe from Windows NT systems. This payload is triggered... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w97m.homer.html |
W32.Bolzano |
Technische details ...In such a case, W32.Bolzano has the chance to patch ntoskrnl.exe, the Windows NT kernel, located in the WINNTSYSTEM32 directory.... ...virus modifies only 2 bytes in a security API called SeAccessCheck that is part of ntoskrnl.exe. This way Bolzano is able to... ...Unfortunately the consistency of ntoskrnl.exe is checked in only one place.... ...The loader, ntldr, is supposed to check it when it loads ntoskrnl.exe into physical memory during machine boot-up.... ...If the kernel gets corrupted ntldr is supposed to stop loading ntoskrnl.exe and display an error message even before a "blue screen" appears.... De instructies van de verwijdering ...If the system has been infected, the system files ntoskrnl.exe and ntldr.exe have been patched.... ...prolific virus, W32.Funlove.4099, which applies the same patching techniques to ntoskrnl.exe and ntldr.exe. You can find this tool here:... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.bolzano.html |
W32.Funlove.4099 |
Technische details ...the equivalent rights logs on, W32.FunLove.4099 has the opportunity to modify the Ntoskrnl.exe file, the Windows NT kernel located in the WinntSystem32 folder.... ...Unfortunately, the consistency of Ntoskrnl.exe is checked only once during the startup process.... ...The loader, Ntldr, checks Ntoskrnl.exe when it loads into physical memory during startup.... ...If the kernel becomes corrupted, Ntldr is supposed to stop loading Ntoskrnl.exe and display an error message, even before a "blue screen" appears.... ...files on those computers. In addition, the Ntoskrnl.exe and Ntldr patch is performed on the network drives.... ...components over the network. The Ntoskrnl.exe and Ntldr patches are executed by a routine picked up from the Bolzano virus.... ...Developer Network documentation. Can Ntoskrnl.exe be infected across the network, without Flcss.exe actually being copied to the system?... ...As long as the drive is writeable, FunLove will modify Ntoskrnl.exe over the network, even without dropping Flcss.exe onto the system.... ...FunLove does not actually infect Ntoskrnl.exe, but it changes the file's security function.... ...Once the affected computer is restarted, the modified Ntoskrnl.exe and Ntldr are loaded, and security is compromised.... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.funlove.4099.html |
W32.Petch |
Technische details ...C:WindowsSystem32Ntkrnlpa.exe C:WindowsSystem32Ntoskrnl.exe C:WindowsSystem32Ntoskrnl.exe... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.petch.html |
W32.Gruel@mm |
Technische details ...C:WINNTSystem32*.dll C:WINNTSystem32Ntoskrnl.exe C:WINNTSystem32Command.com... ...C:WINNTRegedit.exe C:WindowsSystem32Ntoskrnl.exe C:WindowsSystem32Command.com... ...... Bron: http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html |
|
|