howtothings.co.uk

howtothings.co.uk > Computing > Operating System and Software Support > File ntkrnlpa.exe is open or in use by another program
Full Version: File ntkrnlpa.exe is open or in use by another program
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Mark

01-05-2012, 11:05 PM
File ntkrnlpa.exe is open or in use by another program

I came across this when installing SP3 on to an XP machine causing the installation to fail.

Microsofts Technet to the rescue, go get Process Explorer here.
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

You can use the 'find' option at the top to search for ntkrnlpa.exe

[Image: 754052.gif?556]

That should give you a rough idea, I found that mine was rogue and ran a TDSSKiller scan which found a rootkit.

Pack3t SynAck3r

04-05-2012, 12:51 AM
So you decided to use one of Mark Russinovich's tools.....I have only mentioned the SysInternals Suite about half a dozen times or so. Autoruns is one of the most useful tools in that suite if you are trying to kill viruses wherever you may find yourself. The ability analyze an offline system (which was an option incorporated about a year or so ago) is one of the most useful tools in chasing and ultimately deleting malware. Unfortunately SysInternals rootkit revealer is rather outdated, and I see you have found TDSSKiller, which can be a very useful tool. It's biggest problem, however is that it doesn't work against a rootkit unless it has already been in the wild, analyzed, and reverse engineered. The fun ones are the ones in which there is no tool that will auto detect and delete it. That is when it helps to be......VC
howtothings.co.uk > Computing > Operating System and Software Support > File ntkrnlpa.exe is open or in use by another program