I've just installed Comodo Internet Security (Firewall and Defense+) and NOD32 Antivirus. Soon enough, Defense+ raised a warning that ekrn.exe was trying to modify an executable file that was already running. Why would NOD32 attempt to modify an executable at all? Is this warning created by the fact that ekrn.exe was opening the executable for reading, but file file open flags were carelessly set to R/W in the code? Otherwise it's a bit scary when your antivirus tries to modify an executable, and it's not in order to clean it.