Anti-Virus is avast 4.7 Home edition - listed as compatible with Vista and
64-bit PC's.
So far the computer hasn't acted up at all, and I had already deleted the
files through the AV. As for running the sfc utility, I need to log into the
administrator to do it, so that'll take until tomorrow. I'm tending to think
that the files may have been automatically replaced with the correct version
when I ran the AV. Otherwise when I deleted them they would have been gone
permanently or been replaced by infected copies which would show up on the
next scan. Right?
Thanks for the info...I hadn't even thought about backwards compatibility.
"Darrell Gorter[MSFT]" said:
Hello,
The system32 folder contains 64-bit files. This has to remain that way for
backward compatibility problems.
32-bit files are located in the c:\windows\syswow64 folder.
To verify the files you can run
C:\Windows\system32>sfc /verifyfile=c:\windows\system32\kernel32.dll
This is the expected response
Windows Resource Protection did not find any integrity violations.
Now repeat for wsock32.dll
and repeat for the files in the syswow64 folder as well just to be safe.
C:\Windows\system32>sfc /verifyfile=c:\windows\syswow64\kernel32.dll
Thanks,
Darrell Gorter[MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
|>Thread-Topic: kernel32.dll & wsock32.dll
|>thread-index: AcdSzjSpGS9A3ePDQhC80ULfJ1LpBg==
|>X-WBNR-Posting-Host: 76.22.73.219
|>From: =?Utf-8?B?SmVzcGVy?= <Jesper@discussions.microsoft.com>
|>References: <6A22EEF2-4A51-45D3-A388-6078056DE778@microsoft.com>
|>Subject: RE: kernel32.dll & wsock32.dll
|>Date: Sat, 17 Feb 2007 12:00:00 -0800
|>Lines: 29
|>Message-ID: <5AD61E5F-6464-4838-ACDF-042BF10F84D5@microsoft.com>
|>MIME-Version: 1.0
|>Content-Type: text/plain;
|> charset="Utf-8"
|>Content-Transfer-Encoding: 7bit
|>X-Newsreader: Microsoft CDO for Windows 2000
|>Content-Class: urn:content-classes:message
|>Importance: normal
|>Priority: normal
|>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
|>Newsgroups: microsoft.public.windows.vista.security
|>Path: TK2MSFTNGHUB02.phx.gbl
|>Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.vista.security:1859
|>NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
|>X-Tomcat-NG: microsoft.public.windows.vista.security
|>
|>You can't ever be 100% sure, but I am almost sure that's a false positive
|>result. The only thing that makes me unsure is that you are using 64-bit.
I
|>don't have a 64-bit Vista install to compare to at the moment. On a
32-bit
|>system those are system DLLs. Which AV program are you using?
|>
|>You should still have a System32 directory on your 64-bit box. For one
|>thing, the system has a 32-bit sub-system and needs some place to put the
|>files for it. For another, I thought (it's been a while since I tried
64-bit
|>Vista) that there is no System64 directory. It just puts all the 64-bit
stuff
|>into the System32 folder because everything is written to look in that
|>directory already. Again, I need to verify to be sure, but I think that
is
|>correct.
|>
|>BTW, several years ago one of the major AV programs decided that a
critical
|>system component was a virus. It even went ahead and quarantined it, with
the
|>result that the system immediately blue-screened and never rebooted
again.
|>The vendor apologized for the error and rectified the situtation by
|>publishing updated signatures that properly recognized the OS as not
being a
|>virus.
|>
|>"WilliamW" wrote:
|>
|>> My anti-virus detected kernel32.dll and wsock32.dll as viruses. They
are
|>> located in c:\windows\system32. Is it possible they are a virus, they
didn't
|>> delete from the computer even though avast no longer recognizes them as
|>> viruses?
|>>
|>> And why is there a system32 folder on my computer? Doesn't it mean
"system
|>> 32-bit folder"? I'm using a 64-bit so shouldn't I have a system64
folder?
|>