I have isolated the file as âSVCKERNELL.COMâ. It also created a folder called âstartrwinâ and places âstartrwinâ in the WINDOWS folder.
SVCKERNELL.COM is listed in the processes (in Windows 98SE) when I press ctrl-alt-delâŚONLY BEFORE Windows completes loading my desktop. I caught it intime to find out what the forign startup program was called. I think it tries to hide itself.
Should I send it to you VLK? Iâve never tried sending a virus before?? ???
I sent the virus to them in a password protected .ZIP file.
Thanks for you help.
the virus was later detected⌠but the resident on access sheild did not⌠despite it being a .EXE entension.
This information was helpful from TrendMicro:
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Taskmanager = âC:\Windows\taskmgr.comâ
OR
Svckernell=âc:\windows\svckernell.comâ
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.
Just a curiosity: have you installed Norton SystemWorks (or NAV) anytime - even in the past - in your computer?
It messes your registry and you would be in danger with on-access scanning of .exe filesâŚ
Steele you may also consider moving the On-Access scanner sensitivity slider to the High position. Otherwise, the files are not usually scanned unless theyâre executed (i.e. the virus is trying to activate).