Jump to content

Kernel Files Infected, cannot remove or quarenteen. please help!

Recommended Posts

So, this laptop is pretty new. I could only fix our old computer so many times(its near fifteen years old and a laptop that still runs but it isn't keeping up and the hardware is biting the dust slowly but surely and has been for awhile) so we got this new one on clearance.


Anyway, we have windows 10 on it. So some of the stuff I could use to see if I can get this out I can't.


Anyway, is says a kernel file has been detected as infected and it cannot be quarenteened or deleted as it is neccessary for windows to run. It is an essential file basically.


The one infected is C:\Windows\System32\RuntimeBroker.exe


It was flaged for hidden installation. Another I had quarenteened yesterday is a similarly named file that attempted to autorun without my permission or informing me. It was changing how files would work and updates would happen, that was the warning I was given in the pop up, the record in the thing though just says 'autorun creation'. On this current one, the one I cannot remove though, it is trying to download files secretly without my permission. Either it is embedded into a file, or is the file. Either it is a file that is supposed to be or it isn't. Not sure which one is scarier at this point.


I was refered to the forum by the pop up window from emsisoft malware to the forum.


Thank you in advanced, this really has me worried since it is either something pretending to be a neccessary file(I don't recognize it and windows ten is new to me), or something has infected a core file and isn't letting me fix it, either by removing it and reinstalling whatever is missing afterwards. Apparently I can't touch it and I don't know how to partition files or I would see if that was an option and if I knew someone who could id have them talk me through it but well, here I am.


This has me worried, I can't imagine anything effecting core files or that can simulate that it IS a core file can at all be a good thing.

Link to post
Share on other sites


Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use

To Highlight a few:

  • If you are seeking help make sure to only create one thread per problem at a time. Multiple threads about the same problem will get closed.
  • To keep the threads clean please don't post the content of log or report files directly in your reply. Instead attach any reports or logs you were asked to submit as a file attachment.
  • Don't use any kind of "l33t" speak or slang and always keep in mind that most of the other people here don't speak English as their native language.
  • Asking for help is only allowed in the forums. Requesting help via PM or mail is prohibited.
  • Because of the potential for harm only selected members as well as our employees are allowed to offer help in the malware removal sections of the forum. If you have a strong malware fighting background and want to help please contact Emsi, Fabian Wosar and Kevin Zoll (yes, all three of them) via forum PM
Link to post
Share on other sites

I see, I missed the part where it said not to post the file stuff, but to wait until you were asked. I appologize.


I already did what you are saying to do. In fact, that is the reason I have the emergency kit on my computer on top of emsisoft anti malware, which is what informed me of the issue to begin with.


I have been unable to find a version of Farbar that is compatable with windows10, the operating system this computer has. So far I can find versions that go all the way up to windows seven, however not one that says it is compatable with Windows10. Nevermind, it now says it is compatable. Odd, I didn't see that earlier today, then again I was still drinking my early morning 'wake up' when this occured.


I am typing as I do things to try and give you a better idea, rather than forget to mention something as I sort of have this habit of thinking worlds more than I can possibly ever type out. It often causes some humorous and maybe not so humorous misunderstandings, at least most of the time it is obvious. Basically, I finish typing and I have already bypassed that subject and thought ten steps ahead of that to several possiblilities or issues entirely depending and solved them already so... sometimes I have to remind myself not to do that. I also have very bad eyesite, so sometimes I miss something and probably will till I can get another job and pay for the glasses I need. So I appologize for any typo's I may or may not inflict upon you on accident. When I get more used to the computer I can adjust it so it will not be too bright to get up close, but for now, I cannot even see what I am typing and reading on the computer is quite the task. I am deeply sorry I didn't catch the window's ten compatability indication before.


Just to let you know, Farbar set off the behavior alert. It also was flagged by nearly everything I have going on including the browser though it flagged it for not being commonly downloaded. I am trusting you as emsisoft has never lead me wrong but(and quote honestly is the only one I trust not just because of quality but because I actually comb through the privacy agreements and other misc stuff in the user agreements etc etc etc with a fine tooth comb as the saying goes and I know how much many of them are shady at some points, mostly privacy and what they will do with your information and/or how much they are wanting to get away with)... I am uneasy about it. So, while I am uneasy I am doing this.


I did the scan with the emergency kit already(a couple hours ago) so scanning with farbar now. If you know the creator or something you might want to let them know neither of the versions say they are compatible with windows ten. I got someone else to confirm that for me, I wasn't reading it wrong. The general says it but not the individual so I sort of went through both, the 64 bit one worked, the other one was not compatible. Might want to let them know. Putting the creator so it isn't popping up 'unknown' might also help. That was a big reason it got flagged by emsisoft anti malware. That and 'simulating mouse clicks'. It was also another reason my browser flagged it, the creator unknown part.


I picked the optional scan so this is taking awhile. Like time to prep for early prep for dinner long, but not as long as installation of the operating system took so still OK. Besides, these things can take time.


It is done. I don't really know what to do with the information it is giving me though, takes a lot to really see it. I see a lot of hidden stuff I didn't download though. I must confess I have never been even close to a script kitty as a friend calls it and wouldn't even know where to start learning, which is important in planning to learn a lot, to have a good solid starting point. Anyway, I have not a clue what to do next. Sorry I could not be more helpful. Hopefully typing as I went was more helpful than it probably was annoying to read.

Link to post
Share on other sites


FRST is safe to use, you can tell the browser to ignore the warning, and it will download.

FRST is Windows 10 compatible. The download link I provide links to a download mirror on Bleeping Computer.


Once you have the logs attach them to your reply.

Any logs you post on this forum or accessible by authorized personnel only, we do not use any of the information in those logs other than for the purpose for which they were posted.

Link to post
Share on other sites

I feel like im talking to a wall.


Anyway, here are the logs.


I uploaded the major file.


Also, while this has been going on a couple more files just like it that won't allow removal but are downloading secretly and trying to set things to auto update etc etc etc, changing things without my permission etc etc etc have popped up and emsisoft scan jumps to eighty percent and won't scan past that, won't finish a scan. Or at least is having trouble doing so. I got this mornings scan up to eighty one percent... but the one that ran last night was still at eighty this morning. I am hoping to at least be able to have it finish scanning before I have to take off this morning.


Anyway, its been going way longer than should be, normally it only takes at most fifteen minutes. This is just ridiculous. I have had it going an hour and a half and for an hour it was stuck at exactly eighty percent.


So I hope you find whatever the issue is because it is causing other issues.





Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...