Which of the following steps should John take as a countermeasure to this situation?

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on
Windows Server 2003. One day, while analyzing the network security, he receives an error message
that Kernel32.exe is encountering a problem. Which of the following steps should John take as a
countermeasure to this situation? Each correct answer represents a complete solution. Choose all
that apply.

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on
Windows Server 2003. One day, while analyzing the network security, he receives an error message
that Kernel32.exe is encountering a problem. Which of the following steps should John take as a
countermeasure to this situation? Each correct answer represents a complete solution. Choose all
that apply.

A.
He should restore his Windows settings.

B.
He should upgrade his antivirus program.

C.
He should observe the process viewer (Task Manager) to see whether any new process is running
on the computer or not. If any new malicious process is running, he should kill that process.

D.
He should download the latest patches for Windows Server 2003 from the Microsoft site, so that
he can repair the kernel.

Explanation:
In such a situation, when John receives an error message revealing that Kernel32.exe is encountering
a problem, he needs to come to the conclusion that his antivirus program needs to be updated,
because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.).
Although such viruses normally run on stealth mode, he should examine the process viewer (Task
Manager) to see whether any new process is running on the computer or not. If any new process
(malicious) is running on the server, he should exterminate that process.

Answer A and D are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need
to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the
kernel.
Note: Such error messages can be received if the computer is infected with malware, such as
Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.



Leave a Reply 0

Your email address will not be published. Required fields are marked *