For some reason Sygate keeps popping up telling NTOSKRNL.EXE is trying to gain access to the internet. I have blocked it and still nothing. I have also ran virus scanners thinking maybe it was virus and they do not come back with anything. I turned off some services the other day after a fresh install but I am not sure it stems from that. Anyone know why its trying to call out to the net? It doesnt appear to be causing any system problems but its very annoying.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Why is NTOSKRNL.EXE trying to gain net access?
- Thread starter LiquidX
- Start date
I searched a little on google, and found others asking the question, but with no responses. I can't say anything about the services being disabled, since it doesn't seem related, but that is usually more trouble than it's worth. You mentioned scanning for viruses, but how about spyware?
Steel Chicken
Supreme [H]ardness
- Joined
- Jan 29, 2001
- Messages
- 4,798
I had this happen on a GF's computer, only it was winlogon.exe
it endedup being a trojan.
winlogon is ok to run, but it was trying to access some IP address in China, I DONT THINK SO KEKEKEKE
it endedup being a trojan.
winlogon is ok to run, but it was trying to access some IP address in China, I DONT THINK SO KEKEKEKE
S
SirKenin
Guest
It's a worm actually. The W32.NETSKY.D worm distributed by email. You have to be careful when you say that though, because a lot of people here could potentially become confused. Winlogon.exe is also a legitimate Windows logon process and should not be deleted.Steel Chicken said:
I think in this case it would be wise to make that distinction. You never know.. heh.
S
SirKenin
Guest
It is neither spyware nor a virus. It is part of the NT kernel that is essential to the boot up process and system security. If it corrupts, you're fucked basically. You can find it in C:\Windows\System32. Everybody has it.LiquidX said:
W32.BOLZANO has the ability to modify this file, but older variants could only attack NT kernels, and not Windows 2000 and up. I do not know if there are any recent variants that would be able to attack XP.
The thing is, though, they do not connect with the internet. Bolzano is a security virus, and NTOSKRNL.EXE is part of the security of the kernel. What the Bolzano virus does is modify the kernel so that anyone, regardless of access rights, can access and make modifications to any files on the infected machine. The virus then proliferates itself.
I'm not quite sure what you have going on there, unless something you installed, a legitimate program, is using the kernel in such a manner. Normally NTOSKRNL.EXE won't even show up in the task manager.
I would think back to what you have installed before you noticed this problem. Lots of programs make use of that file. Even screensavers use that file.
I had a customer running Sygate and he was unable to share files on the network. I believe (I might be wrong because this was my first run in with Sygate) I had to let NTOSKERNEL access the local network before file sharing worked. I can't say 100% for sure if that was the process, but I remember at least seeing it on the list. It's a Windows process though so I wouldn't worry about it.