Zwcreatethread

Discussion in 'ESET NOD32 Antivirus' started by maxygolf, May 20, 2012.

Thread Status:
Not open for further replies.
  1. maxygolf

    maxygolf Registered Member

    Joined:
    May 20, 2012
    Posts:
    3
    Location:
    United States of America
    Using TrendMicro Rootkitbuster, it found
    ZwCreateThread, ZwLoadDrivers, ZwSetSystemInformation, ZwSystemDebugControl
    all hooked by system32\drivers\ehdrv.sys and unable to fix.
    What should I do?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ehdrv.sys is ESET's HIPS & Self-defense driver, there's nothing to fix and other programs should ignore it.
     
  3. maxygolf

    maxygolf Registered Member

    Joined:
    May 20, 2012
    Posts:
    3
    Location:
    United States of America
    I know that ehdrv.sys is from ESET.
    Looking it up online, ZwCreateThread, etc. is discussed as malware that can locate financial passwords or email passwords when I looked it up.
    I was notified that the group "Anonymous" gathered my personal information due to a subscription to STRATFOR months ago, and don't know if that could have affected my computer system.
    I have also had many problems with my computer over the last few months and had to reinstall the operating systerm twice recently.
    I could not get the original OEM install CD to work and had to rely on the backup system on another drive.
    I was afraid my ehdrv.sys got corrupted.
    Is it possible to corrupt the ehdrv.sys?
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    If you try hard enough it's possible to corrupt anything, but in your case I highly doubt that ehdrv.sys is corrupt.

    ZwCreateThread is a function that can be used for millions of reasons. It's by no means anything out of the ordinary and like many API functions can be used or abused.
     
    Last edited: May 20, 2012
  5. maxygolf

    maxygolf Registered Member

    Joined:
    May 20, 2012
    Posts:
    3
    Location:
    United States of America
    Thank you!
     
Thread Status:
Not open for further replies.