[Ham-Computers] RE: Need info possible spyware

Hsu, Aaron (NBC Universal) aaron.hsu at nbcuni.com
Wed Oct 11 21:35:48 EDT 2006 

Sorry Brian, not enough info.  Kernel32.dll is the memory management portion of the Windows kernel - the "core" of the operating system.  Just about anything can kill kernel32.dll in Win98/Me as the kernel isn't well protected in non-"NT" flavors Windows (9x/ME).

On top of that, Windows ME was absolutely the worst version of Windows ever shipped.  Even Microsoft wishes it never released that piece of crap.  However, with this in mind, this bashing doesn't help your situation.

With Win9x/ME, if a particular app or component of Windows "blew-up", it could also take with it other components in Windows and make it unstable.  In your case, it sounds like some app written with Visual C (much of Microsoft's library is written in Visual C) crashed (or caused MSVCRT.DLL to crash) and it, in turn, took out KERNEL32.DLL.

MSVCRT.DLL is the Microsoft Visual C Runtime component that allows you to run apps written with Visual C.  As Visual C development kits were updated, so was the MSVCRT.DLL runtime.  If you installed an application that was built with a newer version of MSVCRT.DLL, then it would over-write the existing MSVCRT.DLL file when you installed the app.  Unfortunately, some of the DLL's were not backwards compatibile and caused apps that relied on the older version to stop working.  Work-arounds were to install the MSVCRT.DLL file in the same location as the application, but unless the app looked there first, it would try to default to the WINDOWS or WINDOWS\SYSTEM folder to look for MSVCRT.DLL.  This mixing and version compatibility problem was commonly known as "DLL Hell".

So, in your situation, I would check to see if any apps were recently installed.  If not, try installing Firefox or some other browser and see if you still have problems...it's probably isolated to IE.  Also, run a full malware (spyware and virus) scan on the system.  As you're already aware, malware can be a pain in the butt to remove and no single program on the market today catches everything.

You didn't mention what specific Presario 5000 it is.  Compaq sold many different "flavors" of the Presario 5000 - the "5000" was just a marketing name.  Many in the 5000 series are completely different from other models in the "5000" series.  If it were I, depending on the system specs, I'd seriously consider trashing WinME and installing Win98SE or WinXP.  I setup WinXP on a Compaq Deskpro EN with a 600MHz P-3 CPU and 256MB RAM and it runs perfectly for my mom's computing needs.  The key is not loading the system down with a lot of "junque".  On older (aka slower) systems, less is more.  Basically, WinXP, AV software, Firefox, and a few games is all my mom needed and the 600MHz P3 works great.

In short, if it takes you more than a couple hours to fix the problem, seriously consider re-installing the OS...preferably not WinME.

For reference, I believe there is a malware app out there that forges the name KERNEL32.DLL and puts itself in a location that's different than the valid KERNEL32.DLL.  But, I don't remember the specific details.  A Google search might find some info.

73,

  - Aaron Hsu, NN6O


-----Original Message-----
Sent: Wednesday, October 11, 2006 4:59 PM
Subject: [Ham-Computers] Need info possible spyware

My mom has a older Compaq computer, Compaq Presario 5000 running Windows Millenium and has been having problems not being able to log onto her Yahoo mail.

I wrote down what she's getting on the screen and this is what it says.
As a side note she only gets this when trying to access her Yahoo mail, no other time does she see the following.

msvcrt.dll pops up in 1 window and when she hits the X, then she gets this, kernel32.dll

Is this spyware or is her version of Windows corrupt?

I remember seeing kernel32 somewhere long time ago, but can't remember what it was about.

Suggestions...Comments...

73,
Brian

More information about the Ham-Computers mailing list