Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


File ntkrnlpa.exe is open or in use by another program
01-05-2012, 11:05 PM
Post: #1
File ntkrnlpa.exe is open or in use by another program
File ntkrnlpa.exe is open or in use by another program

I came across this when installing SP3 on to an XP machine causing the installation to fail.

Microsofts Technet to the rescue, go get Process Explorer here.
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

You can use the 'find' option at the top to search for ntkrnlpa.exe

[Image: 754052.gif?556]

That should give you a rough idea, I found that mine was rogue and ran a TDSSKiller scan which found a rootkit.


[Image: engrish25.png]
Reply
04-05-2012, 12:51 AM
Post: #2
RE: File ntkrnlpa.exe is open or in use by another program
So you decided to use one of Mark Russinovich's tools.....I have only mentioned the SysInternals Suite about half a dozen times or so. Autoruns is one of the most useful tools in that suite if you are trying to kill viruses wherever you may find yourself. The ability analyze an offline system (which was an option incorporated about a year or so ago) is one of the most useful tools in chasing and ultimately deleting malware. Unfortunately SysInternals rootkit revealer is rather outdated, and I see you have found TDSSKiller, which can be a very useful tool. It's biggest problem, however is that it doesn't work against a rootkit unless it has already been in the wild, analyzed, and reverse engineered. The fun ones are the ones in which there is no tool that will auto detect and delete it. That is when it helps to be......VC

[Image: icpn5k.jpg]
Trolls are the last thing you need to be concerned with.

VCD Wrote:// Forever more, count and reply, bitch.
Reply



Forum Jump:


User(s) browsing this thread: 1 Guest(s)