Solve : Error Msg- C:\Windows\System32\ekrn.exe is not a valid Win32 a

1.	Solve : Error Msg- C:\Windows\System32\ekrn.exe is not a valid Win32 application?
Answer» hi, and thanks in advance for any help you can give me. OS is WinXP, SP2 (media center edition) 2002 Running on an HP Pavilion dv 8000 laptop w/ Turion 64 mobile 1.79 Ghz and 768 mb of RAM. The message started popping up two days ago. I checked in the processes, and it doesn't show up there. I ran Norton 360 Comprehensive Scans (it is updated) (thinking I might have a virus?)and its not finding anything. I have run Registry Mechanic and Registry Booster. I checked the file path, and the file exists, so I disabled it, but it didn't stop the error msg from popping up. The only program I have downloaded since this started happening is iii HomeInventory-308 (insurance institute home inventory program). I also installed the mininova toolbar (which if ANYONE can FIGURE out how to uninstall, I'll bake you some cookies!!) I close the error message and it stays closed about 5 seconds and pops up again. My questions are.... 1.how do I get rid of this msg 2. and is this a virus of some sort? I have spent the better part of today trying to figure it out and am just happy to find you all here. Again, thanks for any help MaryTWelcome to the CH forums. Look here and here.. Good luckekrn.exe is part of Eset NOD32 Antivirus Do you have two antivirus programs running?Broni, no only Norton 360 running. Dusty- I had gone to the two links you said, before I posted, and I'm not trying to run any program, (except what starts up when I turn on the system, would it help to send that?) I ran chkdisk, and scandisk, no problems. I've defragged. The message pops up when I start the computer. I started it in Safe Mode this morning and tried deleting the file (which has 0 bytes) it did it in Safe Mode , I checked and it was gone. When I restarted, it was back again and the same message popped up. It still does not show up in the processes. My instinct is telling me its something simple that I'm missing, and I'm going to kick myself when its figured out. But I'm getting pretty frustrated. I really appreciate the help and anymore you can give is greatly appreciated.Check to be sure the other anti-virus program is uninstalled with add and remove programs. Do a reboot and open the registry to the Run key and see if you have any old entries for the virus software and after backing up the key delete the entry for the old antivirus software. http://support.microsoft.com/kb/314866 Info on the registry run key. Than reboot. If this didn't work you can also click start and go to the run and type MSConfig and look though the start up to see if you can find what is starting when you boot your machine that would cause this problem Let us know how this works out. The quoted part of one of the links I posted seems to indicate that your version of ekrn.exe is malware - note that it's in the C:\Windows\System32\ folder: Quote from: From posted link Important: Some malware camouflage themselves as ekrn.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the ekrn.exe process on your pc whether it is pest. You could search your registry for an entry which is attempting to start ekrn.exe and, if found, delete it. Hi, Thanks for the replies. I did as you all suggested. Looked for any other antivirus program (there isn't any). Under msconfig startup there is ekrn.exe I unchecked it (both in safe mode and not) and it doesn't stay that way when rebooted. It reverts back to checked. I went into the registry and searched for instances of ekrn.exe and when found (there were two of them) I BACKED them up and then deleted them. I rebooted and the same issue is there. I start the system, the error msg comes up. But NOW when I go into the task manager, it shows up under applications (it did not previously) so I hit end task from there, and it stops coming up. If I do not do that and just hit 'OK' in the popup it will continue popping up about every 5 seconds. The instances of ekrn in the registry were under search assist and one came up with a reference to mininova. I am still trying to uninstall the mininova (it conveniently did not come with a utility for that). So, that is what I have done up to this point. Thanks again for your help. Quote The instances of ekrn in the registry were under search assist and one came up with a reference to mininova. I am still trying to uninstall the mininova Aha, the revenge of the Torrents strikes again. LOL DOWNLOAD HijackThis: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download Click on Download HijackThis Installer Post HijackTHis log.Here you go: log is attached also, I got the toolbar off my browser (firefox 3) but it still has taken over my firefox homepage. I'm pretty sure at this point that the mininova toolbar is where the problem came from. thanks again for helping me out. [recovering disk space -- attachment deleted by admin]Well, as this entry shows: - O4 - HKCU\..\Run: [NOD32] C:\WINDOWS\system32\ekrn.exe you had Eset NOD32 Antivirus installed, at some point. Go to Add\Remove, and see, if it's listed there. If so, uninstall it. If it's not listed there, let me know.Hi, Just looked again, and no Eset, no Nod32 in Add/Remove. MaryThat's fine. Since I don't see any infection present, I won't be sending you to "Malware removal" section. Simply open HJT, and checkmark: - O4 - HKCU\..\Run: [NOD32] C:\WINDOWS\system32\ekrn.exe Click "Fix checked" button, and it should take care of your problem. Restart computer. Did it. Clicked "Fix Checked" on that line, restarted, and its still doing the same thing. Ran HJT again and the same line is still there. - O4 - HKCU\..\Run: [NOD32] C:\WINDOWS\system32\ekrn.exe Mary Hmmm....interesting Go Start>Run, type in: regedit Click OK. Registry Editor will open. Navigate to: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run In RIGHT pane, you'll see NOD32 entry. Right click on it, click Delete. Restart computer.

Solve : Error Msg- C:\Windows\System32\ekrn.exe is not a valid Win32 application?

Answer»

hi, and thanks in advance for any help you can give me.
OS is WinXP, SP2 (media center edition) 2002 Running on an HP Pavilion dv 8000 laptop w/ Turion 64 mobile 1.79 Ghz
and 768 mb of RAM.

The message started popping up two days ago. I checked in the processes, and it doesn't show up there. I ran Norton 360 Comprehensive Scans (it is updated) (thinking I might have a virus?)and its not finding anything. I have run Registry Mechanic and Registry Booster.
I checked the file path, and the file exists, so I disabled it, but it didn't stop the error msg from popping up.

The only program I have downloaded since this started happening is iii HomeInventory-308 (insurance institute home inventory program).
I also installed the mininova toolbar (which if ANYONE can FIGURE out how to uninstall, I'll bake you some cookies!!)

I close the error message and it stays closed about 5 seconds and pops up again.

My questions are.... 1.how do I get rid of this msg 2. and is this a virus of some sort?
I have spent the better part of today trying to figure it out and am just happy to find you all here.
Again, thanks for any help
MaryTWelcome to the CH forums.

Look here and here..

Good luckekrn.exe is part of Eset NOD32 Antivirus
Do you have two antivirus programs running?Broni, no only Norton 360 running.

Dusty- I had gone to the two links you said, before I posted, and I'm not trying to run any program, (except what starts up when I turn on the system, would it help to send that?) I ran chkdisk, and scandisk, no problems. I've defragged.
The message pops up when I start the computer. I started it in Safe Mode this morning and tried deleting the file (which has 0 bytes) it did it in Safe Mode , I checked and it was gone. When I restarted, it was back again and the same message popped up.
It still does not show up in the processes.
My instinct is telling me its something simple that I'm missing, and I'm going to kick myself when its figured out. But I'm getting pretty frustrated.
I really appreciate the help and anymore you can give is greatly appreciated.Check to be sure the other anti-virus program is uninstalled with add and remove programs.

Do a reboot and open the registry to the Run key and see if you have any old entries for the virus software and after backing up the key delete the entry for the old antivirus software.

http://support.microsoft.com/kb/314866
Info on the registry run key.

Than reboot.

If this didn't work you can also click start and go to the run and type MSConfig and look though the start up to see if you can find what is starting when you boot your machine that would cause this problem

Let us know how this works out.
The quoted part of one of the links I posted seems to indicate that your version of ekrn.exe is malware - note that it's in the C:\Windows\System32\ folder:

Quote from: From posted link

Important: Some malware camouflage themselves as ekrn.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the ekrn.exe process on your pc whether it is pest.

You could search your registry for an entry which is attempting to start ekrn.exe and, if found, delete it.

Hi, Thanks for the replies.
I did as you all suggested. Looked for any other antivirus program (there isn't any). Under msconfig startup there is ekrn.exe
I unchecked it (both in safe mode and not) and it doesn't stay that way when rebooted. It reverts back to checked.
I went into the registry and searched for instances of ekrn.exe and when found (there were two of them) I BACKED them up and then deleted them.
I rebooted and the same issue is there.
I start the system, the error msg comes up. But NOW when I go into the task manager, it shows up under applications (it did not previously) so I hit end task from there, and it stops coming up.
If I do not do that and just hit 'OK' in the popup it will continue popping up about every 5 seconds.
The instances of ekrn in the registry were under search assist and one came up with a reference to mininova. I am still trying to uninstall the mininova (it conveniently did not come with a utility for that).
So, that is what I have done up to this point.
Thanks again for your help.
Quote

The instances of ekrn in the registry were under search assist and one came up with a reference to mininova. I am still trying to uninstall the mininova

Aha, the revenge of the Torrents strikes again. LOL

DOWNLOAD HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Click on Download HijackThis Installer
Post HijackTHis log.Here you go: log is attached
also, I got the toolbar off my browser (firefox 3) but it still has taken over my firefox homepage. I'm pretty sure at this point that the mininova toolbar is where the problem came from.
thanks again for helping me out.

[recovering disk space -- attachment deleted by admin]Well, as this entry shows:
- O4 - HKCU\..\Run: [NOD32] C:\WINDOWS\system32\ekrn.exe
you had Eset NOD32 Antivirus installed, at some point.

Go to Add\Remove, and see, if it's listed there. If so, uninstall it.
If it's not listed there, let me know.Hi,
Just looked again, and no Eset, no Nod32 in Add/Remove.

MaryThat's fine.
Since I don't see any infection present, I won't be sending you to "Malware removal" section.
Simply open HJT, and checkmark:
- O4 - HKCU\..\Run: [NOD32] C:\WINDOWS\system32\ekrn.exe
Click "Fix checked" button, and it should take care of your problem.

Restart computer.

Did it. Clicked "Fix Checked" on that line, restarted, and its still doing the same thing.

Ran HJT again and the same line is still there.
- O4 - HKCU\..\Run: [NOD32] C:\WINDOWS\system32\ekrn.exe

Mary

Hmmm....interesting

Go Start>Run, type in:
regedit
Click OK.

Registry Editor will open.
Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
In RIGHT pane, you'll see NOD32 entry.
Right click on it, click Delete.

Restart computer.

Solve : Error Msg- C:\Windows\System32\ekrn.exe is not a valid Win32 application?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment