Ntoskrnl - advice please

[Adam]

I keep on getting the following message from my firewall on a near daily
basis.

"Ntoskrnl.exe" has changed since the last time you opened it. This could be
because you have updated it recently. Do you want to allow it access to the
network?

What is Ntoskrnl.exe and is it safe to allow it access.

Thank you
Adam

 

[Andrew Lomakin [MCP - WinXP]]

ntoskrnl.exe is a system file
it could have changed due to installation of some service pack, but i
suggest you searching hard drive for this file - this could be a virus
masking under a sysfile name. if you find it anywhere, except for
c:\windows\system32 you should delete it.
The system file resides in c:\windows\system32 - it should be kept
other files (if found) should be deleted..
actually it's rather strange ntoskrnl is trying to access network...why
should it

 

[Parish]

ntoskrnl.exe is a system file

Describing it as *a* system file is a bit of an understatement. As the
kernel it could be described as the operating system ;-) It'll be bad
news if it gets screwed.

Regards,

Parish

P.S. I read that the US Army are changing from Windows to Linux because
it allows them to customize their Colonels

 

[Adam]

I searched for ntoskrnl on my pc and found that I had one in my
windows\system32 folder and one in I386\driver.cab folder. I deleted the
latter one.

Today I got the same message ""Ntoskrnl.exe" has changed since the last time
you opened it. This could be because you have updated it recently. Do you
want to allow it access to the network?

I did another search for ntoskrnl and now I have a number ofntoskrnls on my
pc in the following folders:

Recycle bin
C:\I386
C:\I386\driver.cab
C:\I386\SP1.cab
C:\WINDOWS\system32
C:\WINDOWS\drivercache\I386\driver.cab
C:\WINDOWS\drivercache\I386\sp1.cab

I am up to date on virus definitions and I have done a virus check.

I have added some MS critical updates etc and I have been trying out
different browsers

Any idea what is going on?

 

[Parish]

I searched for ntoskrnl on my pc and found that I had one in my
windows\system32 folder and one in I386\driver.cab folder. I deleted the
latter one.

You shouldn't really have done that; driver.cab is one of the setup files.

Today I got the same message ""Ntoskrnl.exe" has changed since the last time
you opened it. This could be because you have updated it recently. Do you
want to allow it access to the network?

I did another search for ntoskrnl and now I have a number ofntoskrnls on my
pc in the following folders:

Recycle bin
C:\I386
C:\I386\driver.cab

Seems like you didn't delete it then. I guess that you've copied the
contents of the CD to your disk then, since you have C:\i386?

C:\I386\SP1.cab
C:\WINDOWS\system32
C:\WINDOWS\drivercache\I386\driver.cab
C:\WINDOWS\drivercache\I386\sp1.cab

I am up to date on virus definitions and I have done a virus check.

I have added some MS critical updates etc and I have been trying out
different browsers

Any idea what is going on?

Try running SFC /SCANNOW from Start->Run. That *should* sort out all
your system files.

Regards,

Parish

 

[Adam]

Hi Parish

1) While running SFC /SCANNOW I get a message saying

"Files that are required for windows to run properly must be copied to the
dll cache. Insert your Win XP Home edition cd rom."

I only have a recovery disk and when I insert it I am told that this is the
wrong disk. How do I get round this.

2) Just done another search and somewhere along the way I must have screwed
up because the only ntoskrnl.exe I have is in the system32 folder. All the
rrest are gone.

Any ideas?

Thanks

Adam

I searched for ntoskrnl on my pc and found that I had one in my
windows\system32 folder and one in I386\driver.cab folder. I deleted the
latter one.

You shouldn't really have done that; driver.cab is one of the setup files.

Today I got the same message ""Ntoskrnl.exe" has changed since the last time
you opened it. This could be because you have updated it recently. Do you
want to allow it access to the network?

I did another search for ntoskrnl and now I have a number ofntoskrnls on my
pc in the following folders:

Recycle bin
C:\I386
C:\I386\driver.cab

Seems like you didn't delete it then. I guess that you've copied the
contents of the CD to your disk then, since you have C:\i386?

C:\I386\SP1.cab
C:\WINDOWS\system32
C:\WINDOWS\drivercache\I386\driver.cab
C:\WINDOWS\drivercache\I386\sp1.cab

I am up to date on virus definitions and I have done a virus check.

I have added some MS critical updates etc and I have been trying out
different browsers

Any idea what is going on?

Try running SFC /SCANNOW from Start->Run. That *should* sort out all
your system files.

Regards,

Parish

Andrew Lomakin [MCP - WinXP] wrote:

ntoskrnl.exe is a system file

Describing it as *a* system file is a bit of an understatement. As the
kernel it could be described as the operating system ;-) It'll be bad
news if it gets screwed.

Regards,

Parish

P.S. I read that the US Army are changing from Windows to Linux because
it allows them to customize their Colonels

it could have changed due to installation of some service pack, but i
suggest you searching hard drive for this file - this could be a virus
masking under a sysfile name. if you find it anywhere, except for
c:\windows\system32 you should delete it.
The system file resides in c:\windows\system32 - it should be kept
other files (if found) should be deleted..
actually it's rather strange ntoskrnl is trying to access network...why
should it

"Adam" <spurs1chelsea6ath*tm*ildotcom> wrote in message
I keep on getting the following message from my firewall on a near daily
basis.

"Ntoskrnl.exe" has changed since the last time you opened it. This could
be
because you have updated it recently. Do you want to allow it access to
the
network?

What is Ntoskrnl.exe and is it safe to allow it access.

Thank you
Adam

 

[Parish]

Hi Parish

1) While running SFC /SCANNOW I get a message saying

"Files that are required for windows to run properly must be copied to the
dll cache. Insert your Win XP Home edition cd rom."

I only have a recovery disk and when I insert it I am told that this is the
wrong disk. How do I get round this.

2) Just done another search and somewhere along the way I must have screwed
up because the only ntoskrnl.exe I have is in the system32 folder. All the
rrest are gone.

Any ideas?

Have you checked the Recycle Bin? The one from
\Windows\system32\dllcache is the one you need. Failing that the only
thing I can suggest is to borrow an XP Home CD.

HTH

Regards,

Parish

Thanks

Adam

I searched for ntoskrnl on my pc and found that I had one in my
windows\system32 folder and one in I386\driver.cab folder. I deleted the
latter one.

You shouldn't really have done that; driver.cab is one of the setup files.

Today I got the same message ""Ntoskrnl.exe" has changed since the last time
you opened it. This could be because you have updated it recently. Do you
want to allow it access to the network?

I did another search for ntoskrnl and now I have a number ofntoskrnls on my
pc in the following folders:

Recycle bin
C:\I386
C:\I386\driver.cab

Seems like you didn't delete it then. I guess that you've copied the
contents of the CD to your disk then, since you have C:\i386?

C:\I386\SP1.cab
C:\WINDOWS\system32
C:\WINDOWS\drivercache\I386\driver.cab
C:\WINDOWS\drivercache\I386\sp1.cab

I am up to date on virus definitions and I have done a virus check.

I have added some MS critical updates etc and I have been trying out
different browsers

Any idea what is going on?

Try running SFC /SCANNOW from Start->Run. That *should* sort out all
your system files.

Regards,

Parish

Andrew Lomakin [MCP - WinXP] wrote:

ntoskrnl.exe is a system file

Describing it as *a* system file is a bit of an understatement. As the
kernel it could be described as the operating system ;-) It'll be bad
news if it gets screwed.

Regards,

Parish

P.S. I read that the US Army are changing from Windows to Linux because
it allows them to customize their Colonels

it could have changed due to installation of some service pack, but i
suggest you searching hard drive for this file - this could be a virus
masking under a sysfile name. if you find it anywhere, except for
c:\windows\system32 you should delete it.
The system file resides in c:\windows\system32 - it should be kept
other files (if found) should be deleted..
actually it's rather strange ntoskrnl is trying to access network...why
should it

"Adam" <spurs1chelsea6ath*tm*ildotcom> wrote in message
I keep on getting the following message from my firewall on a near
daily
basis.

"Ntoskrnl.exe" has changed since the last time you opened it. This
could
be
because you have updated it recently. Do you want to allow it access to
the
network?

What is Ntoskrnl.exe and is it safe to allow it access.

Thank you
Adam