• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

AVG FREE EDITION - What are these?

mikeywikey

Free PC Help Contributor
Joined
Dec 31, 2007
Messages
106
PC Experience
Some Experience
Operating System
Windows 7- Home Premium
#1
Each morning AVG runs and no sooner it has started I get the following files listed on the Security Status screen:

File Result/Infection Path
kernel32.dll Change C:\WINDOWS\system32\kernel32.dll
user32.dll Change C:\WINDOWS\system32\user32.dll
shell32.dll Change C:\WINDOWS\system32\shell32.dll
ntoskrnl.exe Change C:\WINDOWS\systgem32\ntoskrnl.exe

Is there any need to do anything about this? If so, what please?
Mike
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#2
Hi Mike.

AVG is showing normal changes in Window's files. There is no need to be concerned unless they show as "infected". Although it's annoying that AVG keeps reporting it.

To get AVG to quit showing them as changed, open the AVG Test Center, click the F3 key on your keyboard and tell it to confirm the changes. If it still shows something as changed after this.. delete the file named AVG7QT.DAT in the %ALLUSERSPROFILE%\Application Data\avg7\ folder and AVG will rebuild it the next time it is run.

EDIT: Randy, I just deleted my post that I wrote while you were posting. It said:

Still might be a good idea to post a HijackThis log:

Go to http://www.trendsecure.com/portal/en...kthis/download and download the HijackThis installer. Run the program and choose scan only. Please copy and paste that log back here.
 

RandyL

Administrator
Joined
Jan 22, 2003
Messages
4,878
Location
USA, Nebraska
PC Experience
Very Experienced
#3
Hi mikey;

I have seen that before. I see you are also using AVG. AVG is OK but not completely reliable.

As such your computer could be infected with Malware.

Malware is the term used to describe computer infections such as Adware, Spyware, Viruses, and Trojan Horses.
You will need to run at least two malware scanners as well as an Antivirus scanner that are listed in the following instructions.
Anti-Malware and Anti-Virus scanners perform different tasks.
The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection.
Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 30 and 90 minutes.
The Eset online scan should take between 1 and 3 hours.
In most cases, these scans will suffice to clean and disinfect your computer.

For best results print the following instructions and bookmark this Web page
To keep this guide printer-friendly, use your cursor to highlight the contents below.
From your browser select File - Print and in the printer dialog box under "Print range"
click the Selection choice to print out these instructions for removal of malware.


  • Follow these instructions carefully.
  • Download ATF-Cleaner from Snapfiles.com to remove "junk" files from your computer that may contain malware.
  • You can also download it from Majorgeeks.com
  • When you run ATF-Cleaner, check the items as shown below for Main.
  • For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
  • NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
  • Then click on "Empty Selected".
.

  • Install and run the free version (not the Professional version) of SUPERAntiSpyware from www.superantispyware.com
    • Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
    • You do not have to send them your e-mail address, just click next.
    • You can leave the automated check for updates on.
    • You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
    • DO NOT allow SUPERAntiSpyware to protect your Home Page settings.
    • On the Top Left select the Scan your computer button.
    • Make sure there is a CHECK MARK on all Fixed Drives.
    • Click "Perform a Complete Scan". Click "Next" and reboot the computer when prompted to do so.
  • Disable your internet security by right clicking on its icon (usually located in the system tray next to the time display) and choosing "Exit", "Disable", or "Shut Down".
  • Run an online scan with Eset from http://www.eset.com/onlinescan
  • You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
  • Accept the terms and click "Start".
  • Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
  • Click "Start" to begin the scan.
  • When completed restart your computer
Make sure your internet security is enabled, and then please return to Free PC Help and tell us how the computer seems to be operating.
 

mikeywikey

Free PC Help Contributor
Joined
Dec 31, 2007
Messages
106
PC Experience
Some Experience
Operating System
Windows 7- Home Premium
#4
Thank you for that.
In addition to AVG I use SpySweeper each day, I also have Zone Alarm installed.
I always thought all that would give me good protection!
I thank the day I got rid of Norton!!
Mike
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#5
Well we've got ourselves a slight difference in opinion :)

I would error on the side of caution and run the scans Randy suggested.
 

Bluesplayer.

FPCH Long Term Member
Joined
Jan 10, 2008
Messages
160
Location
London England
Operating System
Windows XP - Professional
#6
Hi also check.
http://forum.grisoft.cz/freeforum/read.php?8,102002,102043

This would also apply to these..unless it says they are infected.

kernel32.dll Change C:\WINDOWS\system32\kernel32.dll
user32.dll Change C:\WINDOWS\system32\user32.dll
shell32.dll Change C:\WINDOWS\system32\shell32.dll
ntoskrnl.exe Change C:\WINDOWS\systgem32\ntoskrnl.exe
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#7
That's all over the net and is how I found it.

AVG would normally show "infected" if it was indeed an infection. So I just Googled one of those lines.

It has to be caused by one specific change, as those bundled few lines are very common.
 

mikeywikey

Free PC Help Contributor
Joined
Dec 31, 2007
Messages
106
PC Experience
Some Experience
Operating System
Windows 7- Home Premium
#8
All done!

I took your point Seth, and have done exactly as Randy suggested. The whole procedure took about 6 hours to complete!! Only time will tell whether the system is operating more efficiently, but even just firing up my computer seemed quicker.
Many thanks for all your help.
 

Seth

FPCH Long Term Member
Joined
Dec 17, 2007
Messages
2,268
Location
Canada
Operating System
Windows Vista - Home Premium
#9
Thanks for the update.

6 hours?

The full SAS scan should have taken between 15 and 45 minutes (with the new Version 4), and MalwareBytes about 10 to 30 minutes. The Eset scan is typically 1 to 2 hours.

Of course these figures are based on an "average" computer.