NT Kernel_System has changed since the last time you used it.

josh48315 · 11-06-2008, 08:42 PM

I have Symantec AntiVirus corporate edition v11, and the Network Threat Protection has been popping up lately with this message:

here is what i copied from the text it shows:

The executable has changed since the last time you used C:\WINDOWS\system32\ntoskrnl.exe
File Version: 5.1.2600.5657
File Description: NT Kernel & System
File Path: C:\WINDOWS\system32\ntoskrnl.exe
Digital Signature:
Process ID: 0x4 (Hexadecimal) 4 (Decimal)

Connection origin: remote initiated
Protocol: UDP
Local Address: 192.168.1.255
Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)
Remote Name:
Remote Address: 192.168.1.104
Remote Port: 137

Ethernet packet details:
Ethernet II (Packet Length: 110)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-13-ce-d6-97-9e
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0x30f6 (Correct)
Source: 192.168.1.104
Destination: 192.168.1.255
User Datagram Protocol
Source port: 26118400
Destination port: 35072
Length: 8
Checksum: 0x21bf (Correct)
Data (76 Bytes)

Binary dump of the packet:
0000: FF FF FF FF FF FF 00 13 : CE D6 97 9E 08 00 45 00 | ..............E.
0010: 00 60 BF A4 00 00 80 11 : F6 30 C0 A8 01 68 C0 A8 | .`.......0...h..
0020: 01 FF 00 89 00 89 00 4C : BF 21 81 BD 29 10 00 01 | .......L.!..)...
0030: 00 00 00 00 00 01 20 45 : 4B 45 50 46 44 45 49 46 | ...... EKEPFDEIF
0040: 48 45 49 45 4A 46 45 45 : 46 46 44 45 46 45 4D 45 | HEIEJFEEFFDEFEME
0050: 4D 43 41 43 41 41 41 00 : 00 20 00 01 C0 0C 00 20 | MCACAAA.. .....
0060: 00 01 00 04 93 E0 00 06 : 60 00 C0 A8 01 68 | ........`....h

it asks me if i want to allow it to access the network, and i click No because i have no idea what it is or why it wants to access the network.

it seems like it randomly pops up, or whenever i turn my computer on.

any help as to what this is and how i should go about dealing with it?

thanks everyone.

josh48315 · 11-11-2008, 02:54 PM

help! somebody...anybody...please.

**amateur** · 11-11-2008, 06:24 PM

ntoskrnl.exe is a critical process in the boot-up cycle of the computer, that's why the warning pops up whenever you turn your computer on. The change can be due to a recent update. If you want to put your mind at ease, you can have it scanned here or here.

On top of the page there is a field to add the filepath, copy and paste this filepath:

C:\WINDOWS\system32\ntoskrnl.exe

Then hit Submit
The scan will take a while before the result comes up.

josh48315 · 11-12-2008, 11:26 AM

ok, so i did the scan at both websites, and they both found nothing.
so the next time i get this message popping up, should i click Yes to allow it to access the network?

**amateur** · 11-12-2008, 03:25 PM

Yes, you can.

josh48315 · 11-12-2008, 11:10 PM

thanks for the help.

11-06-2008, 08:42 PM	#1 (permalink)
josh48315 Registered User Join Date: Feb 2008 Posts: 17 OS: xp pro	NT Kernel_System has changed since the last time you used it. I have Symantec AntiVirus corporate edition v11, and the Network Threat Protection has been popping up lately with this message: here is what i copied from the text it shows: The executable has changed since the last time you used C:\WINDOWS\system32\ntoskrnl.exe File Version: 5.1.2600.5657 File Description: NT Kernel & System File Path: C:\WINDOWS\system32\ntoskrnl.exe Digital Signature: Process ID: 0x4 (Hexadecimal) 4 (Decimal) Connection origin: remote initiated Protocol: UDP Local Address: 192.168.1.255 Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP) Remote Name: Remote Address: 192.168.1.104 Remote Port: 137 Ethernet packet details: Ethernet II (Packet Length: 110) Destination: ff-ff-ff-ff-ff-ff Source: 00-13-ce-d6-97-9e Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:0 Time to live: 128 Protocol: 0x11 (UDP - User Datagram Protocol) Header checksum: 0x30f6 (Correct) Source: 192.168.1.104 Destination: 192.168.1.255 User Datagram Protocol Source port: 26118400 Destination port: 35072 Length: 8 Checksum: 0x21bf (Correct) Data (76 Bytes) Binary dump of the packet: 0000: FF FF FF FF FF FF 00 13 : CE D6 97 9E 08 00 45 00 \| ..............E. 0010: 00 60 BF A4 00 00 80 11 : F6 30 C0 A8 01 68 C0 A8 \| .`.......0...h.. 0020: 01 FF 00 89 00 89 00 4C : BF 21 81 BD 29 10 00 01 \| .......L.!..)... 0030: 00 00 00 00 00 01 20 45 : 4B 45 50 46 44 45 49 46 \| ...... EKEPFDEIF 0040: 48 45 49 45 4A 46 45 45 : 46 46 44 45 46 45 4D 45 \| HEIEJFEEFFDEFEME 0050: 4D 43 41 43 41 41 41 00 : 00 20 00 01 C0 0C 00 20 \| MCACAAA.. ..... 0060: 00 01 00 04 93 E0 00 06 : 60 00 C0 A8 01 68 \| ........`....h it asks me if i want to allow it to access the network, and i click No because i have no idea what it is or why it wants to access the network. it seems like it randomly pops up, or whenever i turn my computer on. any help as to what this is and how i should go about dealing with it? thanks everyone.

11-11-2008, 02:54 PM	#2 (permalink)
josh48315 Registered User Join Date: Feb 2008 Posts: 17 OS: xp pro	Re: NT Kernel_System has changed since the last time you used it. help! somebody...anybody...please.

11-11-2008, 06:24 PM	#3 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Rhode Island, USA Posts: 6,342 OS: XP Home SP3, XP MCE SP3, XP Pro SP3	Re: NT Kernel_System has changed since the last time you used it. ntoskrnl.exe is a critical process in the boot-up cycle of the computer, that's why the warning pops up whenever you turn your computer on. The change can be due to a recent update. If you want to put your mind at ease, you can have it scanned here or here. On top of the page there is a field to add the filepath, copy and paste this filepath: C:\WINDOWS\system32\ntoskrnl.exe Then hit Submit The scan will take a while before the result comes up. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

11-12-2008, 11:26 AM	#4 (permalink)
josh48315 Registered User Join Date: Feb 2008 Posts: 17 OS: xp pro	Re: NT Kernel_System has changed since the last time you used it. ok, so i did the scan at both websites, and they both found nothing. so the next time i get this message popping up, should i click Yes to allow it to access the network?

11-12-2008, 03:25 PM	#5 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: Rhode Island, USA Posts: 6,342 OS: XP Home SP3, XP MCE SP3, XP Pro SP3	Re: NT Kernel_System has changed since the last time you used it. Yes, you can. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006

11-12-2008, 11:10 PM	#6 (permalink)
josh48315 Registered User Join Date: Feb 2008 Posts: 17 OS: xp pro	Re: NT Kernel_System has changed since the last time you used it. thanks for the help.