I noticed a couple of days ago,a process "SYSTEM PID 4 ntoskrnl.exe",located in windows,C,system32.A bit of searching indicates that this particular process,should never show up in TM.As a precaution,could you help me out?Malware or not,should it be there in plain sight,or not?
ntoskrnl.exe is a critical process in the boot-up cycle of your computer although should never appear in WinTasks whilst under normal circumstances
Note: ntoskrnl.exe can be altered by the w32.bolzano and variants. If this process appears in WinTasks, please update your virus definitions immediately.Might be a good idea to run a full scan with Malwarebytes or Windows Defender OfflineNote that ntkrnlpa.exe is not malware, provided that it is found in %SystemRoot%\System32. The following malware is known to disguise itself as ntoskrnl.exe:
- W32/Rbot-FB (%SystemRoot%\System32)
- This is a backdoor Trojan that can spread over network shares. It allows a remote attacker to take full control over an infected system.
- You should never see ntoskrnl.exe running in the Task Manager. The presence of an instance of it in the task manager is a strong indicator of a malware infection.
It is due to this kind of articles,that worried me about this process.Did a full scan with M,while in safe mode,no results found.Should i keep on with the defender?I must say,the process showed itself in safe mode too,does that comfort me or is it the other way around?
Read "Reply" from JW Stuart (MVP) here: Task Mgr shows "System" consistently using 50% of CPU, - Microsoft Community
Interesting approach,had already the process under surveillance via process explorer.The point is,i do not have any CPU spikes,nor a specified version or command line of this process.PE shows that it handles interrupts and smss.exe,two legitimate processes,i think its clean,unless advised otherwise.
Windows defender scan came up with no results,i am giving it a rest,if MBAM and WDO,couldnt find any culprits,all should be fine.Thanks everybody for the support,marking as solved.
Quote