Is "restrictanonymous" controlled by NOD32?

I tried to connect to a WinXP machine on my network that is in the same domain as my other 2 XP PCs and has folders shared for use by everyone.

But, when I tried to connect to that PC to view the shared folders, I got a message that said "XXXXXXX is not accessible. You might not have permission to use this network resource. Access is denied."

When I searched for a solution, I found a KB article at Microsoft (http://support.microsoft.com/kb/913628) that explained that the problems could be due to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous" setting being set to "1". The article said to set this to "0" to allow anonymous file sharing on the local network.

So, I set the "restrictanonymous" setting to "0" and rebooted as the KB article said. But, when my PC rebooted, I still had the same problem and the "restrictanonymous" setting was back at "1".

I tried to change it several more times - each time I got the same result.

Finally (thinking that something may be changing it before logging off) I reset "restrictanonymous" to "0" and did a hard reboot by hitting my system's restart button. But, again, the "restrictanonymous" setting was back to "1".

I even tried disabling the XP firewall (no reboot) and got the same error.

Is NOD32 doing this? What could be resetting my "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous" setting to "1"?

 

Not sure what is resetting it but it isn't NOD.

 

It seems that NOD32 failed to identify or remove the C:\WINDOWS\retadpu173.exe Win32/TrojanDownloader.Agent.NKY trojan.

That's really sad - I had run a Deep System scan 4 TIMES! It never found or removed this trojan although Eset claims to have added this trojan to the antivirus defs on May 14, 2007 (see http://www.eset.eu/podpora/aktualizacia-2264-20070514?lng=en ).

My NOD32 Info states...
--------------------------------------
NOD32 antivirus system information
Virus signature database version: 2293 (20070527)
Dated: Sunday, May 27, 2007
Virus signature database build: 9923

Information on other scanner support parts
Advanced heuristics module version: 1.059 (20070517)
Advanced heuristics module build: 1153
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1.053 (20070524)
Archive support module build version: 1189

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.39
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.39
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.39

Operating system information
Platform: Microsoft Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 2048 MB
Processor: AMD Athlon(tm) 64 Processor 3000+ (2002 MHz)
--------------------------------------

So, why didn't NOD32 catch and remove this?

Also, why does NOD32 show a threat screen at times and only have the "Leave" button enabled.

Why the hell would I want to LEAVE an identified virus or malware object on my system?

I think NOD32 is now being targeted by hackers - and it's failing fast.

 

Results from http://www.virustotal.com for avp.exe...

~Screenshot removed per this policy. https://www.wilderssecurity.com/showthread.php?t=180057 - Ron~