AVG finds kernel32.dll, "changes" it, but what is it?
*alan*
threats found", it did indicate that it had changed kernel32.dll found in
C:\WINDOWS\system32\kernel32.dll
The info I got from googling kernel32.dll was contradictory and inconclusive
(although I admit I didn't read all the million plus hits), and downright
confusing ---- a few entries mentioned that it was found on Windows 98,
2000, and ME which I found a little odd as I'm using XP Pro (SP2).
If AVG found it appropriate to "change" it, why would it need to "change" it
again?
Another odd thing: Properties shows it was created 12/31/02 5:00:00 am and
modified on 4/16/07 at 8:52:53 am --- when I was at work, and the computer
was off. I've also run the AVG scan a few times since 4/16/07 but today was
the first time AVG brought my attention to it . . . .
Does anyone know what kernel32.dll is doing?
I haven't noticed anything unusual in the way my system is performing, but
should I be concerned?
Thanks for your answers.
--
Alan
P.S. For what it's worth, when I move the cursor over it, the popup info is
as follows:
Description: Windows NT BASE API Client DLL
Company: Microsoft Corporation
File Version: 5.1.2600.3119
Date created: 12/31/2002 5:00 AM
Size: 961 KB
Ghostrider
*alan* wrote:
Kernel32 is a *.dll system file. And it usually updated every time the
computer is turned on. The "kernel" is the core of any operating system,
be it Unix, DOS, Windows, etc. And it changes, depending on the conditions
it needs to function. Hence, when AVG runs, it detects the changes in the
coding of the file as it manages the memory, services, I/O, etc.
*alan*
"Ghostrider" <-0...@fitron.142> wrote in message
news:137otgp...@news.supernews.com...
Thanks for the information. I don't mean to be tiresome, but if it's
usually updated every time the system is turned on, why would Properties
indicate that, having been created in DEC of 02, it wasn't modifed until APR
of 07? And, if it had been modified in APR of 07, why would AVG (which I've
run several times since APR) just be picking up on the change today?
Thanks again for your reply.
--
Alan
Bert Hyman
wrote:
> Kernel32 is a *.dll system file.
Yes
> And it usually updated every time the
> computer is turned on.
Absolutely not.
--
Bert Hyman St. Paul, MN be...@iphouse.com
Bert Hyman
<in_fla...@hotmail.com> wrote:
> Thanks for the information. I don't mean to be tiresome, but if it's
> usually updated every time the system is turned on, why would
> Properties indicate that, having been created in DEC of 02, it wasn't
> modifed until APR of 07? And, if it had been modified in APR of 07,
> why would AVG (which I've run several times since APR) just be picking
> up on the change today?
It's not updated "every time the system is turned on".
It's easy to modify a file without changing the modification date, and
it's easy to change the modification date without actually modifying the
file.
Penn...@derrymaine.gov
> I ran an AVG scan twice today, and although it said that there were "no
>threats found", it did indicate that it had changed kernel32.dll found in
>C:\WINDOWS\system32\kernel32.dll
>
>The info I got from googling kernel32.dll was contradictory and inconclusive
>(although I admit I didn't read all the million plus hits), and downright
>confusing ---- a few entries mentioned that it was found on Windows 98,
>2000, and ME which I found a little odd as I'm using XP Pro (SP2).
>
>If AVG found it appropriate to "change" it, why would it need to "change" it
>again?
>
>Another odd thing: Properties shows it was created 12/31/02 5:00:00 am and
>modified on 4/16/07 at 8:52:53 am --- when I was at work, and the computer
>was off. I've also run the AVG scan a few times since 4/16/07 but today was
>the first time AVG brought my attention to it . . . .
>
>Does anyone know what kernel32.dll is doing?
If the kernal32.dll changed it could be because of installing SP2 or
an update; the only time it might change size or version. it's the
core of your OS.
You might run a scan for a rootkit
http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx
Shorter http://tinyurl.com/y3hgq9
--
What's wrong with this picture?
http://www.20xx20.myby.co.uk/erm.jpg
http://digg.com/offbeat_news/What_s_Wrong_With_This_Picture_14
Bert Hyman
wrote:
>> If AVG found it appropriate to "change" it, why would it need to
>> "change" it again?
I don't know what "AVG" is, but if it's some sort of security program,
it's not changing the file but telling you that the file had been
changed since the last time it looked at it.
Kernel32.dll is a central piece of WinXP and any change to it not made
by a legitimate Microsoft update are potentially dangerous.
>>
>> Another odd thing: Properties shows it was created 12/31/02 5:00:00
>> am and modified on 4/16/07 at 8:52:53 am --- when I was at work, and
>> the computer was off. I've also run the AVG scan a few times since
>> 4/16/07 but today was the first time AVG brought my attention to it .
That's the same date and time (adjusted for time zone) as the version on
my machine, which means it's the date and time it was created
by Microsoft before being installed on your machine by an update.
If "AVG" is correctly noticing that the file has been unexpectedly
changed, I'd suggest you look more deeply into your machine for viruses
or other nasty things.
Fred
"*alan*" <in_fla...@hotmail.com> wrote in message
news:Tj_ei.26728$YL5....@newssvr29.news.prodigy.net...
> I ran an AVG scan twice today, and although it said that there were "no
> threats found", it did indicate that it had changed kernel32.dll found in
> C:\WINDOWS\system32\kernel32.dll
AVG is telling you that the file has changed since AVG was first run, not
that the file is infected or that AVG itself changed the file.
> The info I got from googling kernel32.dll was contradictory and
> inconclusive (although I admit I didn't read all the million plus hits),
> and downright confusing ---- a few entries mentioned that it was found
> on Windows 98, 2000, and ME which I found a little odd as I'm using XP Pro
> (SP2).
>
> If AVG found it appropriate to "change" it, why would it need to "change"
> it again?
>
> Another odd thing: Properties shows it was created 12/31/02 5:00:00 am and
> modified on 4/16/07 at 8:52:53 am --- when I was at work, and the computer
> was off. I've also run the AVG scan a few times since 4/16/07 but today
> was the first time AVG brought my attention to it . . . .
>
> Does anyone know what kernel32.dll is doing?
Microsoft updated the kernel32.dll with it's recently released security
update kb935839.
Info about the security update here.
http://www.microsoft.com/protect/computer/updates/bulletins/200706.mspx
Presumably you applied the update or have automatic updates turned on.
>
> I haven't noticed anything unusual in the way my system is performing, but
> should I be concerned?
No
I haven't used AVG for a while because I have moved to NOD32 but IIRC if you
open the Test Centre
Click on Scan selected areas
Press the F3 key
A scan of the system area will follow
AVG will give you a dialogue box where you can confirm that the change to
the .dll file was okay.
You won't be notified until the file changes again.
*alan*
"Fred" <blu...@gmail.com> wrote in message
news:5e3na0F...@mid.individual.net...
Yes, I just installed the update kb935839 ten days ago ....
>> I haven't noticed anything unusual in the way my system is performing,
>> but
>> should I be concerned?
>
> No
>
> I haven't used AVG for a while because I have moved to NOD32 but IIRC if
> you open the Test Centre
> Click on Scan selected areas
> Press the F3 key
> A scan of the system area will follow
> AVG will give you a dialogue box where you can confirm that the change to
> the .dll file was okay.
> You won't be notified until the file changes again.
You do recall correctly --- I followed your advice, scanned the system area
and AVG said the change was ok.
Thanks for your help, Fred ---- I'm glad to see I was overreacting ;-)
--
Alan