[filename.info logo]
[cn ntoskrnl.exe][de ntoskrnl.exe][es ntoskrnl.exe][fr ntoskrnl.exe][gb ntoskrnl.exe][it ntoskrnl.exe][jp ntoskrnl.exe][kr ntoskrnl.exe][nl ntoskrnl.exe][pt ntoskrnl.exe][ru ntoskrnl.exe][us ntoskrnl.exe]
 

ntoskrnl.exe ( 5.1.2600.1106)

소프트웨어안에 포함하는

이름:Windows XP Home Edition, Deutsch
면허:상업
정보 연결:http://www.microsoft.com/windowsxp/

파일 세부사항

파일 경로:C:\WINDOWS\$NtUninstallKB826939$ \ ntoskrnl.exe
파일 날짜:2002-08-29 14:00:00
버전: 5.1.2600.1106
파일 사이즈:1.893.888 바이트

검사함과 파일은 잘게 썬다

CRC32:DB82818E
MD5:7720 1296 4E35 CFAB 8145 82AF 726F D10F
SHA1:8F1B 4E25 31AD 58AD 549E 0D35 F7BF 6A38 01C7 DE0A

버전 자원 정보

회사명:Microsoft Corporation
파일 설명:NT-Kernel und -System
파일 운영 체계:Windows NT, Windows 2000, Windows XP, Windows 2003
파일 유형:Application
파일 버전:5.1.2600.1106
내부 이름:ntkrnlmp.exe
법적인 저작권: Microsoft Corporation. Alle Rechte vorbehalten.
원래 파일 이름:ntkrnlmp.exe
제품 이름:Betriebssystem Microsoft Windows
제품 버전:5.1.2600.1106

ntoskrnl.exe은 뒤에 오는 보고안에 발견되었다:

W97M.Homer

W97M.Homer에 관하여
...It deletes the file C:WinntSystem32Ntoskrnl.exe from Windows NT systems Type: Virus...
위협 평가
...Deletes files: Ntoskrnl.exe Modifies files:...
기술적 세부사항
...The virus deletes the file C:WinntSystem32Ntoskrnl.exe from Windows NT systems. This payload is triggered...
근원: http://securityresponse.symantec.com/avcenter/venc/data/w97m.homer.html

W32.Bolzano

기술적 세부사항
...In such a case, W32.Bolzano has the chance to patch ntoskrnl.exe, the Windows NT kernel, located in the WINNTSYSTEM32 directory....
...virus modifies only 2 bytes in a security API called SeAccessCheck that is part of ntoskrnl.exe. This way Bolzano is able to...
...Unfortunately the consistency of ntoskrnl.exe is checked in only one place....
...The loader, ntldr, is supposed to check it when it loads ntoskrnl.exe into physical memory during machine boot-up....
...If the kernel gets corrupted ntldr is supposed to stop loading ntoskrnl.exe and display an error message even before a "blue screen" appears....
제거 지시
...If the system has been infected, the system files ntoskrnl.exe and ntldr.exe have been patched....
...prolific virus, W32.Funlove.4099, which applies the same patching techniques to ntoskrnl.exe and ntldr.exe. You can find this tool here:...
근원: http://securityresponse.symantec.com/avcenter/venc/data/w32.bolzano.html

W32.Funlove.4099

기술적 세부사항
...the equivalent rights logs on, W32.FunLove.4099 has the opportunity to modify the Ntoskrnl.exe file, the Windows NT kernel located in the WinntSystem32 folder....
...Unfortunately, the consistency of Ntoskrnl.exe is checked only once during the startup process....
...The loader, Ntldr, checks Ntoskrnl.exe when it loads into physical memory during startup....
...If the kernel becomes corrupted, Ntldr is supposed to stop loading Ntoskrnl.exe and display an error message, even before a "blue screen" appears....
...files on those computers. In addition, the Ntoskrnl.exe and Ntldr patch is performed on the network drives....
...components over the network. The Ntoskrnl.exe and Ntldr patches are executed by a routine picked up from the Bolzano virus....
...Developer Network documentation. Can Ntoskrnl.exe be infected across the network, without Flcss.exe actually being copied to the system?...
...As long as the drive is writeable, FunLove will modify Ntoskrnl.exe over the network, even without dropping Flcss.exe onto the system....
...FunLove does not actually infect Ntoskrnl.exe, but it changes the file's security function....
...Once the affected computer is restarted, the modified Ntoskrnl.exe and Ntldr are loaded, and security is compromised....
근원: http://securityresponse.symantec.com/avcenter/venc/data/w32.funlove.4099.html

W32.Petch

기술적 세부사항
...C:WindowsSystem32Ntkrnlpa.exe C:WindowsSystem32Ntoskrnl.exe C:WindowsSystem32Ntoskrnl.exe...
근원: http://securityresponse.symantec.com/avcenter/venc/data/w32.petch.html

W32.Gruel@mm

기술적 세부사항
...C:WINNTSystem32*.dll C:WINNTSystem32Ntoskrnl.exe C:WINNTSystem32Command.com...
...C:WINNTRegedit.exe C:WindowsSystem32Ntoskrnl.exe C:WindowsSystem32Command.com...
......
근원: http://securityresponse.symantec.com/avcenter/venc/data/w32.gruel@mm.html



Valid HTML 4.01!