What is Ntoskrnl.exe

NT Kernel & System - Microsoft® Windows® Operating System - Microsoft Corporation

File description

Ntoskrnl.exe with description NT Kernel & System is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is not digitally signed.

What is ntoskrnl.exe?
Ntoskrnl.exe is the OS kernel image for the Windows NT family of operating systems. It provides and segments kernel space, and manages services such as hardware virtualization, memory management, and process scheduling. It contains critical system components such as the Kernel, the Executive, and the Security Reference Monitor. Essentially, it is responsible for triggering the loading of the operating system.

This process is critical to the operation of the system. Removing it will render your system unbootable and will require a reinstallation of the operating system.

Dangers of ntoskrnl
As this is a critical system executable that is necessary for the operating system to run, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files may have the same name but be stored somewhere other than in %SystemRoot%\System32. Other malware may use a name that appears similar to it but with slight differences in spelling or with appended digits. Note that ntkrnlpa.exe is not malware, provided that it is found in %SystemRoot%\System32. The following malware is known to disguise itself as ntoskrnl.exe:
  • W32/Rbot-FB (%SystemRoot%\System32)
    • This is a backdoor Trojan that can spread over network shares. It allows a remote attacker to take full control over an infected system.
You should never see ntoskrnl.exe running in the Task Manager. The presence of an instance of it in the task manager is a strong indicator of a malware infection.

Common problems
  • "ntoskrnl.exe is missing or corrupt"
    • This can be caused by, as stated in the error message, a missing or corrupt ntoskrnl.exe. Boot into the recovery console using your Windows installation disc and restore ntoskrnl.exe.
    • This error can also be caused by a missing or corrupt boot.ini file. If you edited boot.ini, boot into the recovery console using your Windows installation disc and fix it.
    • This error can also be caused by a generally corrupt Windows installation or a damaged/corrupt hard disk. Check your hard drive for errors and then reinstall Windows.
    • If you are attempting to run Windows NT 4 on a partition larger than 7.8GB, you will get this error.

Automatic startup locations

001 Running Processes
066 Winlogon UIHost
153 HKLM Drivers32\Midi

Digital signatures found for this file

This file is not signed by its author

MD5 security rating in our database

2 files (Not yet rated and not signed)
2 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to ntoskrnl.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of ntoskrnl.exe: by 4 files and users.

Application errors

Fix ntoskrnl.exe application error:  Run a FREE registry scan

User comments

In windows 8 this system program seems to eat up a lot of processing power.

Please add your comments if you have more information about this file or if you know how to solve ntoskrnl.exe application errors.

File safety :

File security rating :

Are you human? How much is 16+29:

Like this page?

Please support this free service by giving us a Google+1

Browse files by letter


More system processes

ntoss.sys ntp.exe ntpad.sys
ntpci.sys ntpclient.exe ntpclock.exe
ntpd.exe NTPDA.sys ntpdate.exe
ntppsrv.exe ntpr11ab.sys ntpr11ag.sys

Lansweeper computer inventory From the creator of Runscanner:

is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.