avg says system file changed!

Associate
Joined
29 Aug 2006
Posts
867
Location
South London
Just did a scan with AVG free edition and it says that user32.dll and ntoskrnl.exe have both been changed. I don't remember doing that so i can only assume it's malware of some sort :( should I be worried? and how do i get them back to normal?

Ta.
 
AWBbox said:
Just did a scan with AVG free edition and it says that user32.dll and ntoskrnl.exe have both been changed. I don't remember doing that so i can only assume it's malware of some sort :( should I be worried? and how do i get them back to normal?

Ta.

when i scanned i have that exe so seems its ok
 
with your windows cd in the drive, goto start, run and type

sfc /scannow

should check the integrity of all system files. be warned though, if you have manually patched files like uxtheme.dll or tcpip.sys they will be restored to default. :)
 
before i try that, I know I messed around with tcpip.sys before but I changed it back using a copy of the original. Is there anything I might have done or that a program might need regarding uxtheme.dll and that deleting it was cause problems?
 
uxtheme.dll is a file people commonly patch themselves to run un-official themes on xp. if you haven't heard of it, forget about it. :)
 
I just tried it and it says 'Files that are required for Windows to run properly must be copied to the DLL cache, insert your Windows XP Professional Service Pack 2 CD now'

but it's already in :( what have i done wrong?
 
have you run any boot screen changers? (thats what ntoskrnl.exe is -as in its the program windows uses for booting, so def don't delete it!)

something like xpize, tango, or the (really crap) vista transformation pack would edit these files

vista tranformation pack actually replaces files instead of patching them, so def don't use it
 
There was something on the AVG site or forum about this saying it is nothing to worry about and not unusual. Have a look around AVG site and you should be able to find the details. I was using AVG until about 1 month ago when I changed to NOD32.
 
Back
Top Bottom