New NOD32 v4.2 Trojan In Registry!

nosferatupc · #1 March 16th, 2010, 02:14 PM

After install nod32 antivirus v4.2 downloaded from www.eset.eu, malwarebytes antimalware and spyware doctor also found trojan in windows registry keys.Is this fake or real?I dont know,please help!Old version nod32 v4.0 has been clean.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack)

Thankful · #2 March 16th, 2010, 02:23 PM

More detail here:
http://www.wilderssecurity.com/showthread.php?t=267595
Funny though, I've never received an alert from Malwarebytes on this issue.

nosferatupc · #3 March 16th, 2010, 02:40 PM

Thanks for fast reply!This is first time in v4.2 that found this.Before installation I checked whole HD and computer has been clean from spyware trojan etc.After setup I scan again and trojan found.Seems this is false positive alert between nod antivirus and anti spyware software.Im not sure?!

Marcos · #4 March 16th, 2010, 03:42 PM

Unless the "Debugger" value under that key is not flagged, you can consider it FP. The references to qgui.exe and ekrn.exe in the aforementioned registry key are indeed created by ESET.

nosferatupc · #5 March 16th, 2010, 04:18 PM

I deleted this registry keys but I want to know is this two keys important for nod32 software functioning?For which purpose is this?Is it better leave or remove?

Thankful · #6 March 19th, 2010, 04:35 PM

http://www.wilderssecurity.com/showp...4&postcount=13

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search