Is "restrictanonymous" controlled by NOD32?

Discussion in 'NOD32 version 2 Forum' started by squishyalt, May 27, 2007.

Thread Status:
Not open for further replies.
  1. squishyalt

    squishyalt Registered Member

    Joined:
    May 27, 2007
    Posts:
    4
    I tried to connect to a WinXP machine on my network that is in the same domain as my other 2 XP PCs and has folders shared for use by everyone.

    But, when I tried to connect to that PC to view the shared folders, I got a message that said "XXXXXXX is not accessible. You might not have permission to use this network resource. Access is denied."

    When I searched for a solution, I found a KB article at Microsoft (http://support.microsoft.com/kb/913628) that explained that the problems could be due to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous" setting being set to "1". The article said to set this to "0" to allow anonymous file sharing on the local network.

    So, I set the "restrictanonymous" setting to "0" and rebooted as the KB article said. But, when my PC rebooted, I still had the same problem and the "restrictanonymous" setting was back at "1".

    I tried to change it several more times - each time I got the same result.

    Finally (thinking that something may be changing it before logging off) I reset "restrictanonymous" to "0" and did a hard reboot by hitting my system's restart button. But, again, the "restrictanonymous" setting was back to "1".

    I even tried disabling the XP firewall (no reboot) and got the same error.

    Is NOD32 doing this? What could be resetting my "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous" setting to "1"?
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Not sure what is resetting it but it isn't NOD.
     
  3. squishyalt

    squishyalt Registered Member

    Joined:
    May 27, 2007
    Posts:
    4
    It seems that NOD32 failed to identify or remove the C:\WINDOWS\retadpu173.exe Win32/TrojanDownloader.Agent.NKY trojan.

    That's really sad - I had run a Deep System scan 4 TIMES! It never found or removed this trojan although Eset claims to have added this trojan to the antivirus defs on May 14, 2007 (see http://www.eset.eu/podpora/aktualizacia-2264-20070514?lng=en ).

    My NOD32 Info states...
    --------------------------------------
    NOD32 antivirus system information
    Virus signature database version: 2293 (20070527)
    Dated: Sunday, May 27, 2007
    Virus signature database build: 9923

    Information on other scanner support parts
    Advanced heuristics module version: 1.059 (20070517)
    Advanced heuristics module build: 1153
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.053 (20070524)
    Archive support module build version: 1189

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
    Version: 2.70.39
    NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
    Version: 2.70.39
    NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
    Version: 2.70.39

    Operating system information
    Platform: Microsoft Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 2048 MB
    Processor: AMD Athlon(tm) 64 Processor 3000+ (2002 MHz)
    --------------------------------------

    So, why didn't NOD32 catch and remove this?

    Also, why does NOD32 show a threat screen at times and only have the "Leave" button enabled.

    Why the hell would I want to LEAVE an identified virus or malware object on my system?

    I think NOD32 is now being targeted by hackers - and it's failing fast.
     
  4. squishyalt

    squishyalt Registered Member

    Joined:
    May 27, 2007
    Posts:
    4
    Last edited by a moderator: May 27, 2007
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    squishyalt,

    Kindly submit undetected files to the various antivirus vendors for examination. Thanks.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    Inappropriate reply removed.

    This thread is closed unless an Eset moderator cares to respond.
     
Thread Status:
Not open for further replies.