krnl32loader.ex

  • Thread starter Thread starter John
  • Start date Start date
J

John

Hi, This is running as a process in Windows 2002 Server
(and yes, the suffix is .ex, not .exe.) I can't find it
in the registry however, the unusual suffix worries me.
Anyone have any idea where it comes from / what to do
about it? Thanks John
 
What is Windows 2002 server? Is this a process running in Task Manager? This
doesn't sound normal. I would do a complete system scan. If you don't have
AV go to www.antivirus.com and do their free PC scan.....
 
I would suggest downloading Process Explorer and TCPView from SysInternals which
will help identify the process by giving more information and mapping it to the
application/folder. If you right click the process in those programs, it will
give you more details. Of course running a virus scan is always recommended when
something suspicious shows up. --- Steve

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
 
Hello All,

Can you stop the process without an error or complication?

Shane Brasher
MCSE (2003,2000,NT),MCSA, A+
Microsoft Platforms Support
Windows NT/2000 Networking
 
Hi Scott / Steven

Whoops - can't type. S/b Windows 2000 Server and yes, the
process is running in the Task Manager. Complete av scan
done - daily . . .

The possibly related issues is that I have encountered an
unauthorized HTA script running - which I appear to have
temporarily stopped with some freeware - HTAStop.exe (it
prevents HTA scripts from running by changing the
association to Notepad.) If you have any idea how to kill
this (mshta.exe running as a process), I'd be grateful.

I realize I am bad - I don't have a firewall due to a need
for many forms of access (PCAnywhere, NetMeeting,
Skype,MSN Messenger, IP telephony, etc.) for testing of
various products. Locking down the machine with a
firewall introduces too many variables.

In any event, naturally! :-( , I cannot recreate the
krnl32loader.ex issue today . . . I will watch to see if
it reappears and revert.

Thanks Steven for the Sysinternals leads. I've used them
before but hadn't thought to try them in this case!

J
 
Back
Top