New Kern32 mutant?

  • Thread starter Thread starter Andy Eng
  • Start date Start date
A

Andy Eng

Hello All,

Ad-Aware V6.0 reports Kern32.exe but I can't find it or its signature
files it's supposed to be leaving. Norton/Symantec is coming up blank
and they want you to send them a copy. Good grief... :-)

Anyway, according to my XP Processes listing, there are two of these
buggers running at the same time. When you end one, I'm guessing the
other instance senses it's buddy got terminated and proceeds to spawn
another instance before you have time to terminate it. Makes sense?
The names of these processes change each time and cycle through the
following names:

NtuN.exe
SrtM36.exe
IhsS.exe
Mok0juLX.exe
NspV.exe
Kpus5hoY.exe
NtuN.exe => etc...

Any similar experiences, clues or tips?

Thanks,
Andy
 
(e-mail address removed) (Andy Eng) wrote in @posting.google.com:
Hello All,

Ad-Aware V6.0 reports Kern32.exe but I can't find it or its signature
files it's supposed to be leaving. Norton/Symantec is coming up blank
and they want you to send them a copy. Good grief... :-)

Anyway, according to my XP Processes listing, there are two of these
buggers running at the same time. When you end one, I'm guessing the
other instance senses it's buddy got terminated and proceeds to spawn
another instance before you have time to terminate it. Makes sense?
The names of these processes change each time and cycle through the
following names:

NtuN.exe
SrtM36.exe
IhsS.exe
Mok0juLX.exe
NspV.exe
Kpus5hoY.exe
NtuN.exe => etc...

Any similar experiences, clues or tips?

Thanks,
Andy
Click to expand...

You can look into using Process Explorer (free use Google) and use the
Audit Process Tracking Feautres of the XP O/S. Hopefully, the combination
of the two will help you track down the program/process.

Duane :)
 
Duane Arnold said:
(e-mail address removed) (Andy Eng) wrote in @posting.google.com:


You can look into using Process Explorer (free use Google) and use the
Audit Process Tracking Feautres of the XP O/S. Hopefully, the combination
of the two will help you track down the program/process.

Duane :)
Click to expand...

Process Explorer is definitely a nice tool. It makes me feel young
again, wandering around the Matrix... :-P

I was able to suspend both instances of this process and kill it.
Still haven't traced it yet to where it's coming from.

To be continued...

Andy
 
Back
Top