Is "restrictanonymous" controlled by NOD32?

Discussion in 'NOD32 version 2 Forum' started by squishyalt, May 27, 2007.

Thread Status:
Not open for further replies.
  1. squishyalt

    squishyalt Registered Member

    Joined:
    May 27, 2007
    Posts:
    4
    I tried to connect to a WinXP machine on my network that is in the same domain as my other 2 XP PCs and has folders shared for use by everyone.

    But, when I tried to connect to that PC to view the shared folders, I got a message that said "XXXXXXX is not accessible. You might not have permission to use this network resource. Access is denied."

    When I searched for a solution, I found a KB article at Microsoft (http://support.microsoft.com/kb/913628) that explained that the problems could be due to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous" setting being set to "1". The article said to set this to "0" to allow anonymous file sharing on the local network.

    So, I set the "restrictanonymous" setting to "0" and rebooted as the KB article said. But, when my PC rebooted, I still had the same problem and the "restrictanonymous" setting was back at "1".

    I tried to change it several more times - each time I got the same result.

    Finally (thinking that something may be changing it before logging off) I reset "restrictanonymous" to "0" and did a hard reboot by hitting my system's restart button. But, again, the "restrictanonymous" setting was back to "1".

    I even tried disabling the XP firewall (no reboot) and got the same error.

    Is NOD32 doing this? What could be resetting my "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous" setting to "1"?
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Not sure what is resetting it but it isn't NOD.
     
  3. squishyalt

    squishyalt Registered Member

    Joined:
    May 27, 2007
    Posts:
    4
    It seems that NOD32 failed to identify or remove the C:\WINDOWS\retadpu173.exe Win32/TrojanDownloader.Agent.NKY trojan.

    That's really sad - I had run a Deep System scan 4 TIMES! It never found or removed this trojan although Eset claims to have added this trojan to the antivirus defs on May 14, 2007 (see http://www.eset.eu/podpora/aktualizacia-2264-20070514?lng=en ).

    My NOD32 Info states...
    --------------------------------------
    NOD32 antivirus system information
    Virus signature database version: 2293 (20070527)
    Dated: Sunday, May 27, 2007
    Virus signature database build: 9923

    Information on other scanner support parts
    Advanced heuristics module version: 1.059 (20070517)
    Advanced heuristics module build: 1153
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.053 (20070524)
    Archive support module build version: 1189

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
    Version: 2.70.39
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
    Version: 2.70.39
    NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
    Version: 2.70.39

    Operating system information
    Platform: Microsoft Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 2048 MB
    Processor: AMD Athlon(tm) 64 Processor 3000+ (2002 MHz)
    --------------------------------------

    So, why didn't NOD32 catch and remove this?

    Also, why does NOD32 show a threat screen at times and only have the "Leave" button enabled.

    Why the hell would I want to LEAVE an identified virus or malware object on my system?

    I think NOD32 is now being targeted by hackers - and it's failing fast.
     
  4. squishyalt

    squishyalt Registered Member

    Joined:
    May 27, 2007
    Posts:
    4
    Last edited by a moderator: May 27, 2007
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    64,727
    Location:
    Texas
    squishyalt,

    Kindly submit undetected files to the various antivirus vendors for examination. Thanks.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    64,727
    Location:
    Texas
    Inappropriate reply removed.

    This thread is closed unless an Eset moderator cares to respond.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.