Zwcreatethread

Discussion in 'ESET NOD32 Antivirus' started by maxygolf, May 20, 2012.

Thread Status:
Not open for further replies.
  1. maxygolf

    maxygolf Registered Member

    Joined:
    May 20, 2012
    Posts:
    3
    Location:
    United States of America
    Using TrendMicro Rootkitbuster, it found
    ZwCreateThread, ZwLoadDrivers, ZwSetSystemInformation, ZwSystemDebugControl
    all hooked by system32\drivers\ehdrv.sys and unable to fix.
    What should I do?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,429
    Ehdrv.sys is ESET's HIPS & Self-defense driver, there's nothing to fix and other programs should ignore it.
     
  3. maxygolf

    maxygolf Registered Member

    Joined:
    May 20, 2012
    Posts:
    3
    Location:
    United States of America
    I know that ehdrv.sys is from ESET.
    Looking it up online, ZwCreateThread, etc. is discussed as malware that can locate financial passwords or email passwords when I looked it up.
    I was notified that the group "Anonymous" gathered my personal information due to a subscription to STRATFOR months ago, and don't know if that could have affected my computer system.
    I have also had many problems with my computer over the last few months and had to reinstall the operating systerm twice recently.
    I could not get the original OEM install CD to work and had to rely on the backup system on another drive.
    I was afraid my ehdrv.sys got corrupted.
    Is it possible to corrupt the ehdrv.sys?
     
  4. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    634
    Location:
    Sydney Australia
    If you try hard enough it's possible to corrupt anything, but in your case I highly doubt that ehdrv.sys is corrupt.

    ZwCreateThread is a function that can be used for millions of reasons. It's by no means anything out of the ordinary and like many API functions can be used or abused.
     
    Last edited: May 20, 2012
  5. maxygolf

    maxygolf Registered Member

    Joined:
    May 20, 2012
    Posts:
    3
    Location:
    United States of America
    Thank you!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.