kernel32.dll trying to go online all the time

  canard 23:48 14 Nov 2003
Locked

Any resident gurus know why my kernel32.dll has suddenly started constantly trying to get online?
Win98 SE.

  MichelleC 10:05 15 Nov 2003

Assuming you've done an uptodate av scan (it's best to do an online one at click here , plus Spybot and Adaware, try running system file checker to replace any corrupt files.

  canard 16:55 15 Nov 2003

All these have been done without results. Have recently patched IE6, updated AVG, antispyware apps and fiddled with windows media player. But these don't look likely culprits- mystified.

  canard 23:43 16 Nov 2003

The whatever it is that wants to contact kernel32.dll turns out to be local host 255.255.255.255 so must be a baddie.
SFC says that kernel32.dll has not been modified or corrupted.
Who/what ever is doing this is not just taking a poke at my PC. It must be having a go at others. So has anyone else been annoyed by him/it?

This might mean something to the elect. I just dislike the blackhole bit.
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate:
Updated: 2002-09-12

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned



Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: [email protected]

OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2003-11-15 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

  woodchip 23:59 16 Nov 2003

Run this click here

  canard 00:25 17 Nov 2003

I've done the online trojan scan recommended on this forum and it found zilch. But will have a go at swat it and thankyou woodchip.

  canard 00:34 17 Nov 2003

Swatit found nothing- and got it to scan kernel32.dll individualy- still nowt. It was unbelievably quick. Could I be doing it wrong? Mystified!

  MichelleC 08:09 17 Nov 2003

Another thing to try: type in search dial.exe and see what comes up.

  Â ÑÌÇKÑÂMË 10:44 17 Nov 2003

I think Kernel32.dll,looks for netbios browsing,responces/reguests/and sesions so it may be runnibg as part of you firewall blocking procedure for these netbios ports.Just an idea.
I know mine listens for those things same OS.


Regards.

  canard 19:07 17 Nov 2003

MichelleC thankyou- did dial.exe search result nil.
 ÑÌÇKÑÂMË thankyou too. I'm not well informed enough to know what you mean about kernel32.dll checking netbios ports. I don't really know what these are but when I've checked security it comes up as all stealthed- net bios ports are properly protected. Only thing is why should it suddenly start when it didn't bother before?

  woodchip 19:15 17 Nov 2003

Check that you used Swatit correctly

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

8 brilliant character artists speaking at Pictoplasma 2018

iMac Pro release date, UK price & specs

Football : comment regarder la Ligue 1 en direct ?