By Windsnowflake
Nov 10, 2007
  1. Hello. For the past month or so I've been receiving IRQL_LESS_OR_EQUAL blue screens of death with different codes. Some of those read:
    0x0000000A (0xE4051008, 0x00000002, 0x00000000, 0x804DB848)
    0x0000000A (0xE2517558, 0x00000002, 0x00000000, 0x804DB848)
    0x0000000A (0xE400C430, 0x00000002, 0x00000000, 0x804DB848)
    0x0000000A (0xE4A9EBF8, 0x00000002, 0x00000000, 0x804DB848)

    Driver Verifier shows I need to verify aspi32.sys, netdsl.sys, pavdrv51.sys and rspndr.sys drivers.

    Here are my minidumps. Hope you can be of help :)

    Thanks in advance,
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,984   +72

    Your minidumps point to KERNEL1.EXE which from everything I can find is a serious infection. It is a trojan that has been called Backdoor Death.

    File purpose and description:
    This program is a visual basic trojan virus, and although this file name used to be part of windows many years ago, it is now part of the backdoor tojan. You can kill this file if found on your pc, and the location is shown below. You will find this in your registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, so it always has a way to startup when you reboot. You can manually kill this trojan file, but remember that other files are often found with viruses, they are rarely just one file and that is also the case here. It is best to use software to remove this automatically, and if you want to manually cleanup your system then always be familiar with the registry and the startup locations where these files are found as you can identify all names there, and even random names as many of these use. (See the details below for the actual location of this file.)

    Actual file or task name:

    File type:
    This is an executable file.

    File or folder location:
    This trojan file can be found on your hard drive at c:\WINDOWS\system32\Kernel.exe Or it can also been hidden which makes it difficult to find.

    General information:
    Be aware that many tasks will be similiar names to existing tasks or processes. You can always view the running tasks on your computer by pressing ctrl-alt-del to view the windows "task manager", and then view the "processes" tab. This will show you all tasks running or currently active on your PC. Although this shows you all running tasks, it does not show dll file thats are loaded, as they get loaded as part of other processes. Many spyware writers attempt to hide their files on your computer, for example, kernel.exe may be intentionally misspelled to look like a similiar task, or spyware may be named very similiar to a Windows system task. In your case it appears to be misspelled as KERNEL1.EXE

    The reason they do this is so you cannot easily recognize the name in your tasklist as I have mentioned above. Make sure always check the location of the file if you are concerned. You can always find the location of kernel.exe on your computer by using your Windows search options.

    Google KERNEL1.EXE defined and you'll see for yourself.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...