gfkernel.dll

seekermeister · 21 Apr 2010

Since I don't find that any of the malware scanner are 100% reliable, I usually run more than one. It occurred to me that I hadn't run SpyBot S&D for a while, so after updating it, I did so. The result was that it listed the file virtumonde.sdn at C:\\Windows\System32\gfbaksm.dat. after a quick Google, I decided to let Spybot remove it.

However, there is another file called gfkernel.dll, that SpyBot didn't mark or remove, that appears to be related to the former. What I have Googled seems to indicate that it should be removed also, but since SpyBot didn't complain about it, I wanted to double check by posting here and see if anyone knows anything about it?

Jonathan_King · 21 Apr 2010

It does look dangerous. Try running Malwarebytes or some other program, and see if it picks it up.

You can also try creating a backup the file, and deleting it.

Corrine · 21 Apr 2010

Good call, Jon. It is indeed nasty. See Prevx-GFKERNEL.DLL.html

With Virtumonde identified, I suggest taking a close look at Add/Remove programs and uninstalling all versions of Java prior to SE6u20. This includes any item listing J2SE or Java Runtime Environment in the name. It would also be a good idea to run JavaRa.

seekermeister · 21 Apr 2010

Corrine said:

Good call, Jon. It is indeed nasty. See Prevx-GFKERNEL.DLL.html

With Virtumonde identified, I suggest taking a close look at Add/Remove programs and uninstalling all versions of Java prior to SE6u20. This includes any item listing J2SE or Java Runtime Environment in the name. It would also be a good idea to run JavaRa.

I had already uninstalled all older versions of Java several days ago. Is this the most common source of these files? The one thing that I wish MS would change is that there would be an easy and simple means of tracking the source of all files installed.

What is JavaRa?

Just as a footnote, I just finished a full scan with Malwarebytes, and it didn't squawk about the file either, but considering the remarks given, I'm deleting it.

CarlTR6 · 21 Apr 2010

JavaRa is a Java uninstaller. It gets everything related to Java

seekermeister · 21 Apr 2010

Thanks, but since I just installed update 20 and uninstalled everything prior to that, just a few days ago, I will leave JavaRa until the next update.

EDIT: Of course, assuming that update 20 did not install these files, I guess that the uninstaller in Programs And Features doesn't do too good of a job.

CarlTR6 · 21 Apr 2010

JavaRa itself gets updated and will only remove Java up to certain version. Right now it seems to be two or more versions behind. At any rate, it does does not remove the current version.

Corrine · 21 Apr 2010

JavaRa cleans up the left-overs missed in the uninstall process.

CarlTR6 · 22 Apr 2010

Thanks, Corrine.

Bill2 · 22 Apr 2010

According to the security forums, A-squared is able to detect these 2 files. If seekermeister hasnt deleted them yet, perhaps he can check.