Is nod32krn.exe really a worm?

I was just checking the running processes for anything unusual and came across several sites saying that nod32krn.exe is really a worm. Here's one http://www.castlecops.com/s7845-nod32krn_exe.html

Other sites say that it is just a normal nod32 process. Which is it?

 

Th

What you have linked to is a reference for startup items.

nod32krn.exe is the 'NOD32 Kernel Service' but it should not appear in your startup items since it is a system service set to start automatically.

Cheers

 

So it should NOT be listed in task manager?

 

If you find nod32krn.exe in the Windows\system32 folder it probably is a worm.
If not, then I'm quite sure it's legit since it's part of NOD32

^ Only the "real" nod32krn process should be in the task manager...

 

I just searched my computer and the only instance of the file is in C:\Program Files\ESET

But it is listed in task manager as a running process.

 

That's how it should be

 

Is it that way on your computer? LOL, I'm paranoid.

 

It's been like that for over a year now hehe.
nod32krn.exe and nod32kui.exe

 

OK. Whew!!! Thanks for clearing that up.

 

Exactly

If you have any doubts whatsoever you can test your nod32krn.exe and nod32kui.exe at VirusTotal. Your results should look something like this and this.

Cheers

 

I didn't scan it at VirusTotal but I did scan it at Jotti's. It came back clean.

Thanks again.

 

No worries

 

It is a kind of social engeneering in action. Rbot.AAO copies itself to the Windows system32 folder as nod32krn.exe and creates entries in the registry to run itself on system startup. Just for case, check HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
for presence of "Nod32 Free antivirus" key.