Ok so i got a virus and it was in the above filename. now norton says delete it and replace with copy of original. Now can i just go copy this off my buddys comp and then throw it on mine. What should i do?? By the way the virus's name is W32.Badtrans.B@mm

Help me out PLEASE!!

You can't delete kernel32.dll

I don't personally know the virus so I'm not going to geuss.

I've had a couple viruses before, and in the end all I did was reformat. I never had anything very important on my hdd though. I didn't try to get rid of it because I was always afraid there might be a trace of it and I didn't like that feeling. Basically what I'm saying is-- format if you don't have anything important. In the end you will have a virus free, clean, comp.

Or you could e-mail norton and ask them what you asked us.:D

Good luck to ya.

P.S. My dad just got a virus and I had to fix that. I was one that attacked word 97 documents and guess what... all he did on his computer was type things. He got a new hard drive and I am stuck trying to figure out how to save his files.

Edit-- check this out:

http://vil.mcafee.com/dispVirus.asp?virus_k=99069&

Hmm yes you can't delete kernel32.exe
I would recommend a format.. :/

I don't think there's much you can do.

Originally posted by youthemandan
Ok so i got a virus and it was in the above filename. now norton says delete it and replace with copy of original. Now can i just go copy this off my buddys comp and then throw it on mine. What should i do?? By the way the virus's name is W32.Badtrans.B@mm

Help me out PLEASE!!

The following site at Symantec might be of some help to you...

http://www.symantec.com/avcenter/venc/data/w32.badtrans.13312@mm.html

Hmm, but it doesn't say anything about the .b version of the virus. Never the less, it's worth a good look.

Yes but i have win98. On all the other the other win98 machines i have seen there has not even been a file name kernel32.exe

Apparently this is how the virus works...Upon infection, the virus creates a file called KERNEL32.EXE, which monitors system activity for an Internet connection. When it detects an Internet connection, it attempts to connect to a Web site hosted by a virus authoring group, and if successful, it downloads additional components of the complete virus to the host PC.

Here is an updated link to the Symantec site which covers this particular virus...

http://www.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html

I would imagine that the steps listed in the above article (in my previous reply) would still apply to this virus ( AFA file and registry cleanup...deleting the infected files and removing the corresponding registry entries).

No need to reformat. Removal is pretty simple.
Removal Instructions Below

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\Kernel32=kernel32.exe

1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
3. Run a full system scan.
4. Delete all files that are detected as W32.Badtrans.B@mm.
5. Remove the registry value listed above.

Originally posted by youthemandan
Ok so i got a virus and it was in the above filename. now norton says delete it and replace with copy of original. Now can i just go copy this off my buddys comp and then throw it on mine. What should i do?? By the way the virus's name is W32.Badtrans.B@mm

Help me out PLEASE!!

DON'T DELETE IT..........................NORTON gives you FALSE ALARM..............don't believe in your antivirus 100%.............they are false alarm.......

you can't delete kernel32.exe ........only in DOS.......when you delete it...................good luck.....................your computer will not run..............

You are deleting Kernel32.exe not Kernel32.dll Your also getting rid of the bogus registry entry.

When executed, this worm copies itself as kernel32.exe in the "\windows\system" directory. It then adds the following registry value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\Kernel32=kernel32.exe

In Windows\System-you have a Kernel32.dll not a Kernel32.exe.
If Kernel32.exe is being pegged in this directory, it should be safe to delete. windows\system NOT windows\system32.

Ok so i went to look in my registry. There nothing int he folder where it should be. I ran a virus scan. I am clean. Hoppefully i truly am

Cool Beans!!!!

Kind of Post Script-If you were to try to find Kernel32.exe, it should come up "file not found", If you try and find Kernel32.dll, it should be in c:\windows\system.
:D

Nice job with the screenshots. I checked my 2k box, and my me box, neither had a kernel32.exe. I'd delete them, and check the registry.

LOL, man I feel sorry for that guy gettin kicked by the horse. :D

lol......stupid virus, norton 2k updated and bam right then i had an email with that virus hehe


heres the link

http://www.sarc.com/avcenter/cgi-bin/virauto.cgi?vid=26784

Originally posted by youthemandan
Ok so i got a virus and it was in the above filename. now norton says delete it and replace with copy of original. Now can i just go copy this off my buddys comp and then throw it on mine. What should i do?? By the way the virus's name is W32.Badtrans.B@mm

Help me out PLEASE!!


oh hell you are screwed me thinks badtrans is a nasty worm! norton should be able to handle it.

also it installs a trojan that records keystrokes so don't do any banking with it. Don't use Outlook that is what causes the worm to get activated you don't even need to open anything it is auto run from outlook.

Originally posted by el



oh hell you are screwed me thinks badtrans is a nasty worm! norton should be able to handle it.

NORTON antivirus SUCK............PERIOD........Y?

the scanning is slowwwwwwwwwwwwwwwwww and the detection is badddddddddddddddddd

my friend calls me yesterday to add a stick of extra SDRAM I had lying around, normal right. When I get to her house with my "Compaq Enhancement Discs", and a stick of memory she says look "what my PC is doing" it had a "explorer" error. No biggie right...WRONG.. I looked @ the "details", and it says "kernal32.DLL"... is this the same bug? I of course know y'all got my back told her, "don't sweat it I can fix it by Monday". I can't get passed the "error", I hit the start button, and it pops up again, I try to right click and it pops up again?

Do I remove this from DOS? If so, how do I do it? I have zero DOS experience so please be gentle. :eh?:

Originally posted by Softwebdev


NORTON antivirus SUCK............PERIOD........Y?

the scanning is slowwwwwwwwwwwwwwwwww and the detection is badddddddddddddddddd

Softwebdev, people have their own tastes they should be able to pick what they like or what they think is good.

Originally posted by Softwebdev


NORTON antivirus SUCK............PERIOD........Y?

the scanning is slowwwwwwwwwwwwwwwwww and the detection is badddddddddddddddddd
Your entitled to your opinion, but I find Norton to be one of the best out here. Out of the 18 to 20 viruses that have tried to infect this machine in the past 2 years, only 1 went undetected, and that was because the definitions were not updated.

Slow? I don't think it's slow. I can check ALL Files on my hard drive in less then 10 minutes.

As for me, I'll stay with Norton. It has saved my butt too many times not to!

Originally posted by Krome
my friend calls me yesterday to add a stick of extra SDRAM I had lying around, normal right. When I get to her house with my "Compaq Enhancement Discs", and a stick of memory she says look "what my PC is doing" it had a "explorer" error. No biggie right...WRONG.. I looked @ the "details", and it says "kernal32.DLL"... is this the same bug? I of course know y'all got my back told her, "don't sweat it I can fix it by Monday". I can't get passed the "error", I hit the start button, and it pops up again, I try to right click and it pops up again?

Do I remove this from DOS? If so, how do I do it? I have zero DOS experience so please be gentle. :eh?:
You have to make a distinction between Kernel32.dll, which is not a virus but a necessary file for the operating system, and Kernel32.exe, which is a virus file and is not part of the OS.

If your getting the .dll errors, I would say something is wrong with the OS.

If your getting .exe errors, you should check the computer for viruses in SAFE MODE with the latest virus defintions installed.
You might also want to review this thread. If you need me to, I can repost the screen shots that I had up for a while.

thanks Bleb, let me post the exact error message...

Originally posted by Blinkie


Softwebdev, people have their own tastes they should be able to pick what they like or what they think is good.

absolutely.........no question..............if you have time, go to this site to see how all ANTIVIRUS softwares FAILS........including norton

www.virusbtn.com

see it for yourself..................

Originally posted by blebs99

Your entitled to your opinion, but I find Norton to be one of the best out here. Out of the 18 to 20 viruses that have tried to infect this machine in the past 2 years, only 1 went undetected, and that was because the definitions were not updated.

Slow? I don't think it's slow. I can check ALL Files on my hard drive in less then 10 minutes.

As for me, I'll stay with Norton. It has saved my butt too many times not to!

absolutely................if you have time, go to this site to see how all ANTIVIRUS softwares FAILS........including norton

www.virusbtn.com

see it for yourself..................

I booted up my friends PC, and the "Explorer kernel32.dll" error is gone? This is scaring me now. Does anyone have a clue on how this just corrected itself? I want to "reformat" the entire HDD just in case, should I? If so how do I do it (my friend lost her "restore" disc)?

Thanks for the info so far. :D

I'm not a Compaq pro, but if she lost the restore disk, don't do anything until you contact Compaq about getting another one.
Unfortunately, you can't do too much without that retore CD.

I really don't think you need to format and start over. Does your friend have any type of virus protection? Can you post the error message that was received or didn't you get to see it?

I don't want to see you go through shear misery if it's not necessary. Oh yeah, what operating system is your friend using. If it's ME, can you use system restore to take it back to when it was working properly?

Blebs, after I got it home, the error was gone? It was a "explorer" error with "kernel32.dll" in the summary. The only thing that I can think of is that I removed the modem B4 I rebooted that's all I did. She has McAfee Virus Scan, and windows 98. I don't want to deliver, and have the same problem come back.:rolleyes:

I can't picture modem causing a kernel32.dll error, but hey, anything is possible. If you've run a full system virus scan, with updated definitions and the thing comes up clean, the other possibility is spyware/adware. Some of those alter and replace files with copies of their own. You may want to give AdAware a shot, to see if anything turns up that may be causing issues.

AdAware is free and if you don't want to remove the findings, just write down what they were and I can see if any of them could cause that problem or better yet, post a copy of the log file.

AdAware 5.62 Free (http://www.lavasoftusa.com/downloads.html)

will do, I was thinking of just putting a copy of windows 2000 pro on it, then the whole kernel thing would be eliminated? I think that's what I read before.

As long as you can get all the hardware drivers from Compaq or their site, that might not be a bad idea. I wish I knew more about Compaq then what I do, but when it comes to restoring or hardware drivers, they pretty much are holding your groin tight.

Scope it out and see what you can find as far as changing the OS. What the heck, can't hurt to ask or read, right? :)

here is the log, it has something about the "kernel32.DLL"... peep it.

Originally posted by Krome
here is the log, it has something about the "kernel32.DLL"... peep it.

Webhancer is your spyware/Adware!

Scanning finished
==================
Suspicious modules found:0
Suspicious keys found :21
Suspicious folders found:2
Suspicious files found:24
==========================
Spyware components ignored:0
Total spyware components found:47


I'm going to go check because I forget exactly, but I think it alters Windows Winsock2 among other things. I'll be back in a short. :)

Thanks, you think if I remove it the problem will go away?

It should. I can't guarantee it, but so far, others have faired well!

The key question is, "What program is the webhancer associated with?" Is Kazaa a program on the computer?
What I'm leading up to is, whatever program put that junk in there, when you take it out, that program will no longer function correctly. You may have to find a spyware free alternative to that particular program. Yes, It DOES alter the Winsock2 and has, in the past, caused no internet connectivity or various problems related to internet connections!

If you use adaware to remove the garbage, be sure to make a back up of everything removed. Ad Aware can be configured to do that for you. Also as you remove it, reboot, and scan again with AdAware to make sure it got everything. If it didn't, keep rebooting and rescanning until nothing is found.

After you've done that, Urizen, the creator of adaware has a winsock fix below. He'd love to hear how it all works out for you and anyone else that runs into Webhancer.

The main thing is to back up the files removed, and remember that whatever this is associated with isn't going to function or not function properly. If you need an alternative to what ever it is, let me know and I'll find something compatible. The Winsock fix is below.

Winsock2 Fix.zip (http://www.lavasoft.de/aaw/binary/whndnfix.zip)

sucks, I only have one monitor so I will post after I try... within 20 minutes I hope...

I just noticed after reading through the log file, that your using an old reference list for scanning. After you've done what you have to do, get the new list and scan again, to see if anything new shows up also.

New List/Auto Update Program (http://www.lavasoftusa.com/ls/refupdate.exe) ;)

I found a site that has great potential! It lists reported crashs and 2 of the programs in your log, webhancer and Savenow.exe are listed as well as various others for kernel32.dll crashing.

Check this out! (http://www.bugtoaster.com/DW15/Reports/AllCrashes.asp?MaxCra****ems=50&ShowApps=TRUE)

I gotta run for tonight, but I'll check back in the morning.

I used ad-buster, and deleted all of the crapola, I just installed Windows 2000 Pro, and re-ran the adbuster; nothing came up. :D I flashed the BIOS, got the latest drivers for the Video, Audio, and Modem...cool right. Nope, the modem is fried (I tried it in my system, no good) for some reason...how did that happen? I went to Best Buy and got a "Award Tech" (alegro) PCI modem for $27, which I will get back in a rebate ($25 back) total cost to my friend $2 (taxes on the modem), and $45/Labor (I gotta eat ya know). Had some AOL errors, a re-install fixed it. Did I charge a good amount? Thanks for all the help Blebs, you're a gentleman and a scholar. :burn:

I hoped you would've come back that night that we were working on it. Once I saw AOL in the log, I thought, "errors are going to spring up" since AOL uses there own Sock versions.

Hey your welcome, but I'm no scholar. I had to learn everything the hardway! :D

P.S. Krome, you'd be surprised at how much money you could make fixing spyware problems. I bet the computer owner loads that crap up again and has problems again. You could become rich doing this.

working like a charm, 'cept for the Sound (on-board ESS), I can't seem to find the driver for it. It's playing right now, but @ a very very low volume. The "speaker" icon on the task bar does not appear, and when I try to mess with volume control, I get an error...ESS says that the driver is on all copies of Windows 2000, but it's just not there??? That's the least of my worries, that little thing thinks it has died and gone to Heaven...hehehehe