Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafesj

Post to this Thread - Sort Ascending - Printer Friendly - Home


Tech. Strange message. Is it safe etc?

GUEST,Andy 26 Oct 06 - 04:40 PM
JohnInKansas 26 Oct 06 - 12:50 PM
Amos 26 Oct 06 - 09:44 AM
GUEST,Andy 26 Oct 06 - 09:35 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum Child
Sort (Forum) by:relevance date
DT Lyrics:





Subject: RE: Tech. Strange message. Is it safe etc?
From: GUEST,Andy
Date: 26 Oct 06 - 04:40 PM

Thanks John and Amos. Very comprehensive answer John, I will go through the steps you've suggested tomorrow and try to resolve this little issue.
Regards

Andy


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech. Strange message. Is it safe etc?
From: JohnInKansas
Date: 26 Oct 06 - 12:50 PM

Win98 is somewhat prone to Kernel32.dll corruption, as outlined in Microsoft Knowledge Base article 190517: Troubleshooting Office Kernel32.dll errors under Windows 98. Usually, however, the messages you'd get would refer to a "page fault" or some other "error" notice.

The message you're getting is just a "status" notice, probably from your firewall. It indicates that the Kernel32.dll "program file" is attempting to do something that's its normal function, but your firewall doesn't think it's safe.(?)

If you have a router connected in your setup, and your router uses the 224.0.0.2 address, it's possible it's a normal attempt to connect, but you need to know what's trying to connect and for what purpose. The message indicates that "something" on your machine is attempting to connect to the internet. If you don't have a program that's supposed to be checking in, it most likely is malware.

AVG has one of the better reputations for consistent performance among the free AV programs. If updated to the latest signatures it should catch any likely virus.

As Amos suggested, it may be a virus trying to spread itself, but since it's asking for a "port" rather than just using your email, it's more likely that you've picked up a "bot" program that's trying to tell it's "master" that it's there so that other nasty stuff can be downloaded to your machine.

Unfortunately, most such "bots" are NOT VIRUSES. They get on your machine because you opened an email, or clicked something on a website, with the malicious item being rigged to make it look like you gave "permission" to install a program. Especially with Win98, it's also possible that someone "just passing by" noticed you had open connections and dumped something on your machine.

If you have a port open, your Firewall probably thinks you opened it on purpose so it may let someone talk to your machine through that port; and Win98 isn't very good about keeping things locked up tight.

(If you've downloaded any new "music sharing," tool bars, "computer speed-ups" or other even slightly questionable junk in the something-for-nothing category – i.e. not from a known and trusted source - odds are about 7 out of 9 that any such program includes malware.)

Once such a program is on your machine, it's "just another program," and it no longer looks like a virus, and your AV may not be able to detect it.

AVG, like most AV programs, has attempted to incorporate some recognition of bots and other spyware/malware, but the protection you get from the free programs is limited.

You should try:

1. Because corrupted temp space can sometimes cause kernel32.dll problems, especially in Win98, you should try clearing all your browser temp space. The KB article linked above includes a section " Check for a Valid Temporary Folder and Excess Temporary Files" that gives instructions for Win98. You may want to read the rest of the article for other hints, since you'll know more than we do about what's on your machine that might apply.

2. Update your AntiVirus and run a full scan.

3. If you don't already have it, get AdAware SE and run a full scan. Note that after you donwload AdAware SE, you do need to check for updates to it's signature files before running the scan.

4. If you don't already have it, get Spybot S&D and run a full scan. The same requirement – check for updates after you download it, before doing the scan – applies here as well.

The last (trusted) sites I have in my notes where you could get the above two (free) programs were:

Ad-Aware

(http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5)

Spybot S&D (http://www.safer-networking.org/en/download/index.html)

These should still be good, but if not you can Google and find several places where they're available.

There may be a completely "innocent" explanation for the message you're getting, since it really only indicates that "something" is trying to connect. There are a number of legitimate reasons why something on your machine may be supposed to do so, but anytime you get something "new and different" happening you have to expect that something's gotten to you.

You should run through at least the above steps to be reasonably assured that you haven't picked up some malware before you relax though. They can't guarantee you're clean; but for most of the common crud they're pretty effective.

And when you have time to relax, think seriously about getting something a little more current than Win98, if at all possible.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech. Strange message. Is it safe etc?
From: Amos
Date: 26 Oct 06 - 09:44 AM

If this is a new behavior and you haven't started any new programs that would need to access the net to find updates or other legitimate data, it is possible you picked up some sort of self-replicating bug that is trying to mail itself to others to multiply. If you are keeping your virus definitions current you should be able to scrub it with a new virus scan assuming this AVG (of which I know nought) is reliable.

John in Kansas or Jon in UK are your best sources for knowledgeable answers (unlike this one).:>)


A


Post - Top - Home - Printer Friendly - Translate

Subject: Tech. Strange message. Is it safe etc?
From: GUEST,Andy
Date: 26 Oct 06 - 09:35 AM

I have a Windows 98 setup, use Firefox with AVG anti-virus and a Sygate (SPF)personal firewall, the latter two being free download versions. All has been well (I think!) for the last twelve months or so, but now I'm getting a message appearing in the middle of my screen during my attempts to access the internet. The message is from Sygate and says

'Win 32Kernel core component(kernel32.dll) is trying to broadcast an ICPM Type 10 ( Router Solicitation) packet to (224.0.0.2). Do you want to allow this program to access the internet?'

And there are checkboxes for 'Yes' and 'No'.
So far I have clicked on the 'No' box 'cos I don't know what it means/is and I'm not a very computer-orientated person.

Can any computer gurus out there explain it, say if it's something harmful and tell me how to stop it?

Regards
Andy


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 25 October 12:49 AM EDT

[ Home ]

All original material is copyright © 2022 by the Mudcat Café Music Foundation. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.