Malware or Normal File Change Activity??

  • Thread starter Thread starter Captain Jinks
  • Start date Start date
C

Captain Jinks

AVG has advised me on a couple of occasions that two files have been
CHANGED, though no indication of any sort of infection, nor have any
warnings been given me by Spybot or Spy Sweeper.

The files are USER32.DLL and NTOSKRNL.EXE and they've gotten slightly
bigger each time I've seen the notification.

I was just wondering if this is something that's normal or have I got
something happening here that I need to research a bit more.

Thanks
 
Maybe you installed a HotFix that updated these DLLs ?

Just to check them, please submit both USER32.DLL and NTOSKRNL.EXE to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submissions will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.

--
Dave




| AVG has advised me on a couple of occasions that two files have been
| CHANGED, though no indication of any sort of infection, nor have any
| warnings been given me by Spybot or Spy Sweeper.
|
| The files are USER32.DLL and NTOSKRNL.EXE and they've gotten slightly
| bigger each time I've seen the notification.
|
| I was just wondering if this is something that's normal or have I got
| something happening here that I need to research a bit more.
|
| Thanks
 
from said:
AVG has advised me on a couple of occasions that two files have been
CHANGED, though no indication of any sort of infection, nor have any
warnings been given me by Spybot or Spy Sweeper.

The files are USER32.DLL and NTOSKRNL.EXE and they've gotten slightly
bigger each time I've seen the notification.

I was just wondering if this is something that's normal or have I got
something happening here that I need to research a bit more.
Click to expand...

I don't believe it is normal, no, unless you were applying MS patches at
the time. My versions of those files only change when I apply a genuine
MS windows update - right now (XP-SP2, UK) the OS Kernel is version
5.1.2600.2180, size 2.07 MB (2,180,992 bytes), and the User32.DLL (also
v 5.1.2600.2180) is 563 KB (577,024 bytes) .. I'd be pretty suspicious
if things were getting added in/on to either of those files unless I
knew by whom and why (and even then I'd worry - break NTOSKRNL.exe and
you can forget about booting WinXP). Both files have a last changed
date of 3/Aug/04.
 
AVG has advised me on a couple of occasions that two files have been
CHANGED, though no indication of any sort of infection, nor have any
warnings been given me by Spybot or Spy Sweeper.

The files are USER32.DLL and NTOSKRNL.EXE and they've gotten slightly
bigger each time I've seen the notification.

I was just wondering if this is something that's normal or have I got
something happening here that I need to research a bit more.

Thanks
Click to expand...

Thanks for the responses. Like an idiot, I didn't check to see if the MS
Hotfixes had been responsible for the changes in the sizes of these two
files, but that appears to be the case.

Jinks
 
Back
Top