Zwcreatethread

[maxygolf]

Using TrendMicro Rootkitbuster, it found
ZwCreateThread, ZwLoadDrivers, ZwSetSystemInformation, ZwSystemDebugControl
all hooked by system32\drivers\ehdrv.sys and unable to fix.
What should I do?

[Marcos]

Ehdrv.sys is ESET's HIPS & Self-defense driver, there's nothing to fix and other programs should ignore it.

[maxygolf]

I know that ehdrv.sys is from ESET.
Looking it up online, ZwCreateThread, etc. is discussed as malware that can locate financial passwords or email passwords when I looked it up.
I was notified that the group "Anonymous" gathered my personal information due to a subscription to STRATFOR months ago, and don't know if that could have affected my computer system.
I have also had many problems with my computer over the last few months and had to reinstall the operating systerm twice recently.
I could not get the original OEM install CD to work and had to rely on the backup system on another drive.
I was afraid my ehdrv.sys got corrupted.
Is it possible to corrupt the ehdrv.sys?

[stackz]

Quote:

Originally Posted by maxygolf

Is it possible to corrupt the ehdrv.sys?

If you try hard enough it's possible to corrupt anything, but in your case I highly doubt that ehdrv.sys is corrupt.

ZwCreateThread is a function that can be used for millions of reasons. It's by no means anything out of the ordinary and like many API functions can be used or abused.

[maxygolf]

Thank you!