"restrictanonymous" setting problem.....

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I tried to connect to a WinXP machine on my network that is in the same
domain as my other 2 XP PCs and has folders shared for use by everyone.

But, when I tried to connect to that PC to view the shared folders, I got a
message that said "XXXXXXX is not accessible. You might not have permission
to use this network resource. Access is denied."

When I searched for a solution, I found a KB article at Microsoft
(http://support.microsoft.com/kb/913628) that explained that the problem
could be due to the
setting being set to "1". The article said to set this to "0" to allow
anonymous file sharing on the local network.

So, I set the "restrictanonymous" setting to "0" and rebooted as the KB
article said. But, when my PC rebooted, I still had the same problem and the
"restrictanonymous" setting was back at "1".

I tried to change it several more times - each time I got the same result.

Finally (thinking that something may be changing it before logging off) I
reset "restrictanonymous" to "0" and did a hard reboot by hitting my
system's restart button. But, again, the "restrictanonymous" setting was
back to "1".

I even tried disabling the XP firewall (no reboot) and got the same error.

I am running NOD32 antivirus (www.eset.com) and Windows XP Firewall.  No
other security applications are running (AFAIK).

I even disabled the firewall, uninstalled NOD32 and retried changinf the
"restrictanonymous" setting with the same result.  (I re-installed NOD32 and
re-enabled the firewall afterwards.)

PC is running slower than normal and NOD32 was picking up a lot of threats
last week (mostly in the temp files - which I deleted).

I have worked with a lot of XP PCs, but I have never seen this before.

What could be resetting my
setting to "1"?


...it gets worse.....

Quoted text here. Click to load it

I thought I'd use ProcessMonitor
to monitor which file was changing my registry setting.  Strangely enough, I
cannot download the exe from the website.  I just keep timing out.

Now, normally, I am not a paranoid-type person....but I am starting to


Re: ...it gets worse.....

Quoted text here. Click to load it

Now I have found "avp.exe" running in my processes.  Some report this as a
Kapersky antivirus file.  Only problem with that is that I have never loaded
Kapersky on my PC.

There are also 2 "McAfee Online Virus Scannner" entries in my startup
(according to TuneUp Utilities 2007) and I have never (and would never) run
anything from McAfee.  They suck.

I have disabled them from TuneUp Utilities 2007 only to have them re-enabled
when I restart the PC.

There is no uninstall for the Mcafee stuff.  They don't show in IE's add-on
manager and there is no McAfee folder in my Program Files directory.

The McAfee stuff was pointing to the avp.exe. file so I deleted it.

In msconfig/Services I see an entry named
"##Id_String1.6844F930_1682_4223_B5CC_5BB94B879762##".  I don't know wht the
hell that is, so I disabled it.

I also found "C:\WINDOWS\retadpu173.exe
61A847B5BBF728133598284503996897C881250221C8670836AC4FA7C8833201749139" in
HKLM\software\microsoft\windows\currentversion\run.  I don't know what the
hell that is - so I disabled it.

Looks like I may be in for another fucking re-install!

Well, I guess my days of trusting NOD32 are now officially over.


Re: ...it gets worse.....

Quoted text here. Click to load it

Found this at http://eset.com/threat-center/blog/?feed=rss2&p=62

"I don't know where to post this, but I find out that the Time
C:\WINDOWS\retadpu173.exe Win32/TrojanDownloader.Agent.NKY trojan
Also modifies this entry on the windows registry:

It changes "restrictanonymous" to 1
Also there are others registry keys that i find out different to the default

NOD32 has not cleaned this in 4 deep system scans.


Site Timeline