Go Back   Tech Support Forum > Security Center > General Computer Security

NT Kernel_System has changed since the last time you used it.

This is a discussion on NT Kernel_System has changed since the last time you used it. within the General Computer Security forums, part of the Tech Support Forum category. I have Symantec AntiVirus corporate edition v11, and the Network Threat Protection has been popping up lately with this message:


Closed Thread
 
Thread Tools Search this Thread
Old 11-06-2008, 08:42 PM   #1
Registered Member
 
Join Date: Feb 2008
Posts: 31
OS: Win 7 Home Premium 64 bit



I have Symantec AntiVirus corporate edition v11, and the Network Threat Protection has been popping up lately with this message:



here is what i copied from the text it shows:

The executable has changed since the last time you used C:\WINDOWS\system32\ntoskrnl.exe
File Version: 5.1.2600.5657
File Description: NT Kernel & System
File Path: C:\WINDOWS\system32\ntoskrnl.exe
Digital Signature:
Process ID: 0x4 (Hexadecimal) 4 (Decimal)

Connection origin: remote initiated
Protocol: UDP
Local Address: 192.168.1.255
Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)
Remote Name:
Remote Address: 192.168.1.104
Remote Port: 137

Ethernet packet details:
Ethernet II (Packet Length: 110)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-13-ce-d6-97-9e
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x30f6 (Correct)
Source: 192.168.1.104
Destination: 192.168.1.255
User Datagram Protocol
Source port: 26118400
Destination port: 35072
Length: 8
Checksum: 0x21bf (Correct)
Data (76 Bytes)

Binary dump of the packet:
0000: FF FF FF FF FF FF 00 13 : CE D6 97 9E 08 00 45 00 | ..............E.
0010: 00 60 BF A4 00 00 80 11 : F6 30 C0 A8 01 68 C0 A8 | .`.......0...h..
0020: 01 FF 00 89 00 89 00 4C : BF 21 81 BD 29 10 00 01 | .......L.!..)...
0030: 00 00 00 00 00 01 20 45 : 4B 45 50 46 44 45 49 46 | ...... EKEPFDEIF
0040: 48 45 49 45 4A 46 45 45 : 46 46 44 45 46 45 4D 45 | HEIEJFEEFFDEFEME
0050: 4D 43 41 43 41 41 41 00 : 00 20 00 01 C0 0C 00 20 | MCACAAA.. .....
0060: 00 01 00 04 93 E0 00 06 : 60 00 C0 A8 01 68 | ........`....h


it asks me if i want to allow it to access the network, and i click No because i have no idea what it is or why it wants to access the network.

it seems like it randomly pops up, or whenever i turn my computer on.

any help as to what this is and how i should go about dealing with it?

thanks everyone.

__________________
josh48315 is offline  
Old 11-11-2008, 02:54 PM   #2
Registered Member
 
Join Date: Feb 2008
Posts: 31
OS: Win 7 Home Premium 64 bit



help! somebody...anybody...please.

__________________
josh48315 is offline  
Old 11-11-2008, 06:24 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,731
OS: XP Win7 Ubuntu 10.10



ntoskrnl.exe is a critical process in the boot-up cycle of the computer, that's why the warning pops up whenever you turn your computer on. The change can be due to a recent update. If you want to put your mind at ease, you can have it scanned here or here.

On top of the page there is a field to add the filepath, copy and paste this filepath:

C:\WINDOWS\system32\ntoskrnl.exe

Then hit Submit
The scan will take a while before the result comes up.
__________________

amateur is offline  
Old 11-12-2008, 11:26 AM   #4
Registered Member
 
Join Date: Feb 2008
Posts: 31
OS: Win 7 Home Premium 64 bit



ok, so i did the scan at both websites, and they both found nothing.
so the next time i get this message popping up, should i click Yes to allow it to access the network?
__________________
josh48315 is offline  
Old 11-12-2008, 03:25 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,731
OS: XP Win7 Ubuntu 10.10



Yes, you can.
__________________

amateur is offline  
Old 11-12-2008, 11:10 PM   #6
Registered Member
 
Join Date: Feb 2008
Posts: 31
OS: Win 7 Home Premium 64 bit



thanks for the help.

__________________
josh48315 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:02 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts