Kernel

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
N	*WerKernelReporting	WerFault.exe	"Part of Windows Error Reporting technology (WER) for Vista. WER captures software crash and hang data from end-users who agree to report it - see here"
X	AdobeReaderPro	ntkernell32.exe	"Added by the RBOT-ATY WORM!"
X	CheckFaultKernel	mswdm.exe	"Added by the SMALL-CSK TROJAN!"
X	Compaq Service Drivers	NtKernelSystem.exe	"Added by a variant of the SDBOT WORM!"
X	Distributed File System	kernel32dll.exe	"Added by the MYFIP-C or MYFIP.K WORMS!"
X	dKernel	dKernel.exe	"Added by the DECOY-A WORM!"
X	filename process	kerneldll.exe	"Added by the AGOBOT-PO WORM!"
X	Kernel	bboy.exe	"Added by the MUMU.B WORM!"
X	Kernel	services.exe	"Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	kernel	kernel.exe	"Added by the MATCASH.CF TROJAN!"
X	Kernel	Update.exe	"Added by the DELF-FN TROJAN!"
X	KERNEL 32	SKERNEL32.com	"Added by the SEMAPI-A WORM"
U	Kernel and Hardware Abstraction Layer	KHALMNPR.EXE	"Part of Logitech's SetPoint control software for their range of wired and wireless keyboards and pointing devices (mice
X	Kernel Faults	ftphost.exe	"Added by the RBOT.BHU WORM!"
X	Kernel Loader	ntkrnl.exe	"Added by the CERVIVEC.A WORM!"
X	Kernel Manager	krnlmgr.exe	"Added by the JUNY.A TROJAN!"
X	Kernel Safe Mode	smss.exe	"Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Kernel Services	service32.exe	"Added by the PRX-B TROJAN!"
X	kernel system daemon	ACTIVAT0R.exe	"Added by the RANDEX.AW WORM!"
X	kernel12.exe	kernel12.exe	Added by an unidentified WORM or TROJAN!
X	kernel32	kern32.exe	"Added by the BADTRANS.A WORM!"
X	Kernel32	Kernel32.exe	"Added by a number of VIRUSES
X	kernel32	kernel.dli	"Added by the NETDEVIL.B TROJAN!"
X	Kernel32	Kernel.dll	"Added by the REDLOF.M VIRUS!"
X	kernel32	kernel32.dlI	"Added by the NETDEVIL.15 TROJAN!"
X	Kernel32	krnl32.exe	"Added by the EPON WORM!"
X	Kernel32	Kernel32.win	"Added by the GAGGLE.D or GAGGLE.E WORMS!"
X	Kernel32	kernel32s.exe	"Added by the BCKDR-CIC BACKDOOR!"
X	kernel32	kernel32.dll.vbs	"Added by the WEKODE-A WORM!"
X	Kernel32	svchosts.exe	Added by an unidentified WORM or TROJAN!
X	Kernel32	svchost.exe	"Added by an unidentified WORM or TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %System%\drivers"
X	kernel32dll	guardpc.exe	"Added by the FORBOT-CU WORM!"
X	kernel32sys.dll	IEXPLORER.exe	"Added by the RBOT-MK WORM!"
X	Kernel32_sysdamper	sysdamp.exe	"Added by an unidentified WORM or TROJAN! See here"
X	kernel44.dll	"taskkill /f /fi ""PID ge 0"" /im *"	"Added by the VBS.LIDO WORM!"
X	KernelCheck	sys***.exe [ = digit]	Added by an unidentified TROJAN!
X	KernelCheck	winser.exe	"Added by the TSPY_LMIR.SL TROJAN!"
X	KernelConfig	destiny32.exe	"Added by the AGOBOT.AMB WORM!"
N	kernelfaultcheck	dumprep 0 -k	"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
N	kernelfaultcheck	dumprep 0 -u	"Used in connection with memory dumps - you can disable these by - right clicking on My Computer
X	KernelFaultCheck	ptool32.exe	"Added by the LEGMIR-BN TROJAN!"
X	KernelFaultCheck	msime.exe	"Added by the TINY-P TROJAN!"
X	KernelFaultCheck	tell32.exe	"Added by the LEGMIR-BF TROJAN!"
X	KernelFaultCheck	winabc3.exe	"Added by the NUBYS-A VIRUS!"
X	KernelFaultCheck	winbin.exe	"Added by the DLOADR-AAX TROJAN!"
X	KernelFaultChk	sms.exe	"Added by the DEADHAT WORM! Do not confuse with the valid ""kernelfaultcheck"" which runs ""dumprep 0 -k"" or ""dumprep 0 -u"""
X	Kernell	systems.exe	"Added by the TARNO.C TROJAN!"
X	Kernell32	Kernell.dll	"Added by the DESTINY.A TROJAN!"
X	KernellApps	csrss.exe	"Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""System"" subfolder"
X	KernellApps	lexplore.exe	"Added by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case ""L"" rather than an lower or upper case ""i"" which is the case with Internet Explorer"
X	KernellApps	svshosti.exe	"Added by the BANCBAN-V TROJAN!"
X	KernellApps32	smss.exe	"Added by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!"
X	KernelRuntime	[path to worm]	"Added by the MYTOB-JO WORM!"
X	Kernelw	Kernelw32.exe	"Added by the INDOR.E WORM!"
X	Kernel_check	wmiprvse.exe	"Added by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the %System%\wbem folder and should not normally figure in Msconfig/Startup!"
X	LoadWindowsFile	Kernel32.exe	"Added by the DELF.B TROJAN!"
X	Microsoft Kernel	Windows_kernel32.exe	"Added by the NETSKY.AE WORM!"
X	Microsoft Update 23	NtKernelSystem.exe	"Added by a variant of the RBOT WORM!"
X	Microsoft Windows	Kernel.exe	"Added by the EDIBARA-A VIRUS!"
X	Microsoft Windows	Kernel.vbs	"Added by the EDIBARA-A VIRUS!"
X	Microsoft Windows Kernel Services	winkrnl386.exe	"Added by the ZEBROXY TROJAN!"
X	Microsoft Windows System Kernel	kernel32.exe	"Added by a variant of the IRCBOT TROJAN!"
X	MSKernel32	MSKernel32.vbs	"Added by the LOVELETTER (I LOVE YOU) VIRUS!"
X	MSkernel32	System.exe 4820	"Added by the TUXDER BACKDOOR!"
X	Mstask	kernel32.exe	"Added by the STAP-C WORM!"
Y	NOD32kernel	Nod32krn.exe	"NOD32 antivirus"
U	NokKernel install	Nok_install.exe	"Installer for the NokNet Workstation Monitor surveillance software. Uninstall this software unless you put it there yourself"
N	NT Kernel Patch	ntkrnlpt.exe	"FaxServe network fax software"
X	Plob	kernel.com	"Added by the OPTIXPRO.12 TROJAN!"
X	RunDLL Kernel File Core	rundll.exe	"Added by a variant of the RBOT WORM! Note - this is NOT the Win9x/Me system file of the same name as described here"
X	rundll32	kernel32.exe	"Added by the STAP-C WORM!"
X	rundll32	kernel33.exe	"Added by the STAP-D WORM!"
X	Service System	kernels32.exe	"Added by the BANCOS-DA TROJAN!"
X	sittachasnahalbasya	ntoskernel.exe	"Added by the HANSAH-A WORM!"
X	SysBoot	syskernel.exe	"Added by the AUTORUN-EY WORM!"
X	System	kernels32.exe	"Added by the DLOADER-FC TROJAN!"
X	System	kernels64.exe	"Added by the VIXUP-S TROJAN!"
X	System	kernels1118.exe	"Added by a variant of the SDBOT WORM!"
X	System	kernels88.exe	"Added by the TIBS-PP TROJAN!"
X	System	kernels8.exe	"Added by the TIBS.AI TROJAN!"
X	System	kernel8.exe	"Added by the DLOADR-AOL TROJAN!"
X	System	kernelwind32.exe	"Added by the VXIDL.FT TROJAN!"
X	System	kernelwind64.exe	"Added by the DLOADER.DJD TROJAN!"
X	system	kernel32.ini	"Added by the SILLYFDC.CJ WORM!"
X	System Kernel	lsass.exe	"Added by the VBBOT-G TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	SystemTools	kernels32.exe	"Added by the DLOADER-FC TROJAN!"
X	SystemTools	kernels1118.exe	"Added by the SMALL.DGK TROJAN!"
X	SystemTools	kernels8.exe	"Added by the FNG TROJAN!"
X	SystemTools	kernels88.exe	"Added by the TIBS-PP TROJAN!"
X	Win32 Kernel core component	Kernel32.pif	"Added by the MOKS VIRUS!"
X	Win32 Kernel Update	win32update.exe	"Added by the PROXY-BS TROJAN!"
X	Win32 System Kernel	winservice.exe	"Added by the SDBOT.KIN WORM!"
X	Win32G	Kernel32.com	"Added by the ESTRELLA TROJAN!"
X	win32Kernel	findx.exe	"Added by the BANLOA-EY TROJAN!"
X	Win32KernelStart	microsoft.exe	"Added by the DELF-EWZ TROJAN!"
X	Windoes Kernel	kernel32.exe	"Added by the KICKIN.A (or CYDOG.C) WORM!"
X	Windows	Kernel32.exe	"Added by the TENDOOLF.A WORM!"
X	Windows Core Kernel Update	win32bootcfg.exe	"Added by the RANCK-EL TROJAN!"
X	Windows Kernel 64	kernal64.exe	"Added by the YIMP-B WORM!"
X	Windows Kernel System Service	wkssvr.exe	"Added by a variant of the RANDEX.GEL WORM!"
X	Windows System32 Kernel	system32.exe	"Added by the SDBOT-AAT WORM!"
X	Windows32KernelStart	wks.exe	"Added by the LAPURD TROJAN!"
X	WinKernel	WinKer.exe	"Added by the MIRAB or SERVIDOR TROJANS!"
X	WinKernel	[path to virus]	"Added by the PLEA VIRUS!"
X	winkernel32	wWin32.com	"Added by the BANSAP TROJAN!"
X	WSAConfiguration	kernel32.exe	"Added by the AGOBOT-KV WORM!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.