Should I block it?

90%
90% of PCs block this file from running.
Possible reason:
Multiple malware detections

VersionsAdditional versions

7.0.302.0 10.29%
6.0.316.0 11.27%
6.0.314.0 0.49%
6.0.308.0 11.27%
6.0.306.0 7.35%
6.0.115.0 RC 2.45%
5.2.7.0 16.67%
5.2.15.0 4.41%
5.0.94.0 4.41%
5.0.93.7 1.47%
5.0.93.0 2.45%
4.2.71.2 4.41%
4.2.67.10 0.49%
4.2.64.12 4.41%
4.2.58.3 0.49%
4.2.42.7 0.49%
4.2.42.0 0.49%
4.0.474.10 0.49%
4.0.474.0 1.47%
4.0.468.0 0.49%
4.0.467.0 0.49%
4.0.437.0 0.49%
4.0.417 6.86%
4.0.314 1.47%
3.0.710 0.49%
View more

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
DuplicateToken, RegEnumKeyW, DuplicateTokenEx, GetTokenInformation, OpenThreadToken, StartServiceW, RegQueryInfoKeyW, RegEnumKeyExW, OpenSCManagerW, RevertToSelf, RegOpenKeyW, ControlService, OpenProcessToken, CreateProcessAsUserW, SetServiceStatus, RegisterServiceCtrlHandlerW, CreateServiceW, StartServiceCtrlDispatcherW, QueryServiceStatus, DeleteService, RegDeleteKeyW, AllocateAndInitializeSid, EqualSid, FreeSid, RegEnumValueW, RegDeleteValueW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetSecurityDescriptorDacl, GetKernelObjectSecurity, SetKernelObjectSecurity, RegOpenKeyA, RegUnLoadKeyW, RegLoadKeyW, LookupPrivilegeValueW, AdjustTokenPrivileges, LookupAccountNameW, GetSidSubAuthority, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, SetThreadToken, RegOpenKeyExW, CloseServiceHandle, OpenServiceW, RegCloseKey, LookupAccountSidW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExA, RegDeleteKeyA, GetNamedSecurityInfoW, SetNamedSecurityInfoW, LogonUserW, LsaNtStatusToWinError, LsaAddAccountRights, LsaRemoveAccountRights, GetAclInformation, GetLengthSid, InitializeAcl, AddAccessAllowedAceEx, AddAccessDeniedAceEx, GetAce, AddAce, DeleteAce, LsaStorePrivateData, LsaRetrievePrivateData, ReportEventW, RegisterEventSourceW, DeregisterEventSource
gdi32.dll
SelectObject, CreateCompatibleDC, GetObjectW, DeleteDC, DeleteObject, GetDIBits
kernel32.dll
MoveFileExW, MoveFileW, GetVersion, LocalFree, SetFileAttributesW, FileTimeToLocalFileTime, GetComputerNameA, GetLocalTime, GetACP, VirtualAlloc, ReleaseMutex, OpenFileMappingW, DuplicateHandle, UnmapViewOfFile, CreateMutexW, MapViewOfFile, OpenMutexW, GetDriveTypeW, QueryDosDeviceW, GetEnvironmentVariableW, GetLogicalDriveStringsW, FindResourceW, FindResourceExW, LoadResource, LockResource, FreeResource, SizeofResource, LocalAlloc, GlobalMemoryStatus, ReadProcessMemory, GetModuleHandleA, lstrcmpA, InterlockedExchangeAdd, GetLocaleInfoW, LoadLibraryExW, GetLogicalDrives, GetModuleFileNameA, VirtualProtect, GetFileTime, SetFileTime, SetFilePointer, SetEndOfFile, GetTempFileNameW, FlushFileBuffers, GetFileInformationByHandle, GetDiskFreeSpaceW, LockFileEx, UnlockFileEx, GetSystemInfo, VirtualFree, TryEnterCriticalSection, CreateSemaphoreW, ReleaseSemaphore, GetExitCodeThread, SetUnhandledExceptionFilter, TlsFree, TlsGetValue, TlsSetValue, GetExitCodeProcess, InterlockedExchange, QueryPerformanceCounter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoA, InterlockedCompareExchange, GetVersionExA, RaiseException, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, lstrcpynW, lstrlenW, GetFullPathNameW, GetFileAttributesW, GetModuleFileNameW, WaitForMultipleObjects, WriteFile, FileTimeToSystemTime, CreateProcessW, GetShortPathNameW, SetThreadPriority, CopyFileW, CreateDirectoryW, GetTempPathW, GetCurrentThread, FindClose, FindNextFileW, InterlockedDecrement, InterlockedIncrement, FindFirstFileW, GetModuleHandleW, GetTimeZoneInformation, GetCurrentThreadId, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, GetLastError, SystemTimeToFileTime, CompareFileTime, EnterCriticalSection, GetSystemTime, WaitForSingleObject, ReadFile, GetFileSize, FreeLibrary, SetEvent, LoadLibraryW, Sleep, GetProcAddress, ExpandEnvironmentStringsW, ResetEvent, WideCharToMultiByte, lstrlenA, MultiByteToWideChar, TlsAlloc, GetTickCount, GetCurrentProcess, GetCurrentProcessId, GetTimeFormatW, SetErrorMode, TerminateThread, GetDateFormatW, GetSystemTimeAsFileTime, GetComputerNameW, LocalFileTimeToFileTime, OpenProcess, DeleteFileW, SetLastError, GetSystemPowerStatus, GetFileAttributesA, GetFullPathNameA, AreFileApisANSI, lstrcpynA, CreateFileA, CreateFileMappingW, CreateFileMappingA, DeviceIoControl, CreateEventW, CreateFileW, CreateThread, CloseHandle, ResumeThread, IsBadReadPtr, GetOverlappedResult, GetVolumeNameForVolumeMountPointW, GetVolumePathNameW, lstrcpyW, lstrcatW, CreatePipe, GetWindowsDirectoryW, SetHandleInformation, RemoveDirectoryW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GlobalFree, IsProcessorFeaturePresent
msvcp110.dll
DllMain
msvcp80.dll
DllMain
msvcr110.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoCreateGuid
secur32.dll
FreeCredentialsHandle, AcquireCredentialsHandleW, LsaFreeReturnBuffer, LsaEnumerateLogonSessions, LsaGetLogonSessionData
shell32.dll
SHGetMalloc, SHGetDesktopFolder, SHGetPathFromIDListW, SHGetPathFromIDListA, SHGetSpecialFolderPathW
user32.dll
UnregisterClassA, PostMessageW, GetDC, PeekMessageW, TranslateMessage, DispatchMessageW, MsgWaitForMultipleObjects, wsprintfW, SendMessageW, KillTimer, DefWindowProcW, LoadStringW, RegisterClassW, CreateWindowExW, SetTimer, GetIconInfo, DestroyIcon, GetMessageW
ws2_32.dll
WSAIoctl
wtsapi32.dll
WTSLogoffSession, WTSOpenServerW, WTSCloseServer

ekrn.exe

ESET Smart Security by ESET (Signed)

Remove ekrn.exe
Version:   3.0.710
MD5:   9ea99e600fb4884468066449c4558497
SHA1:   786afac91dc9a7ca3802b4c1454169558f322ffa
SHA256:   4ca1a4016ad6c2ea8029f89cf6ef3ce4888cd1bc0045786e34f9d19b2af07db9
Warning 3 antivirus scanners has detected malware.

What is ekrn.exe?

ESET NOD32 Antivirus, commonly known as NOD32, is an antivirus software package from ESET. ESET's use of assembly language in its products contributes to their low system requirements and disk space utilization. ESET calls its scanning engine ThreatSense, and makes extensive use of generic signatures and heuristics.

About ekrn.exe (from ESET)

Protect your family with ESET’s complete Internet security suite, built on the award-winning ThreatSense antivirus and antispyware engine. Our proactive heuristic technology intercepts and eliminates

DetailsDetails

File name:ekrn.exe
Publisher:ESET
Product name:ESET Smart Security
Description:ESET Service
Typical file path:C:\Program Files\eset\eset nod32 antivirus\ekrn.exe
File version:3.0.710
Size:457.25 KB (468,224 bytes)
Certificate
Issued to:ESET
Authority (CA):VeriSign
Expiration date:Wednesday, June 12, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
ESET Smart Security
 ESET spol. s r.o.
12% remove
ESET Smart Security 6 is an all-in-one Internet Security solution with new Anti-theft feature that locates your missing laptop and gives you tools to help recover it. Personal Firewall and Anti-Phishing keep your data safe from identity theft and other scams. How many personal photos, tax returns and private emails are stored on your computer? Our comprehensive Anti-theft features, accessed via the web, help you locate your misplaced la...

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'ekrn' (ESET Service)
  • ekrn

MalwareMalware detections

Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engineEngine versionDetection
Emsisoft Anti-Malware 3.0.0.575 Trojan.Win32.Agent (A)
Kaspersky 9.0.0.837 UDS:DangerousObject.Multi.Generic
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0725

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00125541%
0.028634%
Kernel CPU:0.00104276%
0.013761%
User CPU:0.00021264%
0.014873%
Kernel CPU time:93,938 ms/min
100,923,805ms/min
Context switches:48/sec
284/sec
Memory
Private memory:77.1 MB
21.59 MB
Private (maximum):163.02 MB
Private (minimum):13.22 MB
Non-paged memory:77.1 MB
21.59 MB
Virtual memory:154.54 MB
140.96 MB
Virtual memory (peak):246.51 MB
169.69 MB
Working set:70.81 MB
18.61 MB
Working set (peak):163.23 MB
37.95 MB
Resource allocations
Threads:14
12
Handles:327
600
GUI GDI count:11
103
GUI USER count:10
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:"C:\Program Files\eset\eset smart security\ekrn.exe"
Owner:SYSTEM
Windows Service
Service name:ekrn
Display name:ESET Service
Description:“ESET Service”
Type:Win32OwnProcess, InteractiveProcess
Parent process:services.exe (by Microsoft)

ResourcesThreads

Averages
 
ekrnamon.dll (ESET Smart Security by ESET)
Total CPU:0.77864301%
0.272967%
Kernel CPU:0.33370415%
0.107585%
User CPU:0.44493887%
0.165382%
Context switches:6/sec
79/sec
Memory:244 KB
1.16 MB
ekrnepfw.dll (ESET Smart Security by ESET)
Total CPU:0.02879310%
Kernel CPU:0.01806849%
User CPU:0.01072461%
Context switches:14/sec
Memory:252 KB
ADVAPI32.dll
Total CPU:0.01554060%
Kernel CPU:0.00464089%
User CPU:0.01089971%
Context switches:1/sec
Memory:688 KB
ekrn.exe (main module)
Total CPU:0.00006390%
Kernel CPU:0.00004260%
User CPU:0.00002131%
Memory:452 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 40.50%
Microsoft Windows XP 23.50%
Windows 7 Home Premium 11.50%
Windows 8 Pro 7.00%
Windows 7 Professional 6.50%
Windows 7 Ultimate N 2.50%
Windows 7 Home Basic 1.50%
Windows 8.1 N 1.00%
Windows 8.1 Single Language 1.00%
Windows 8.1 1.00%
Windows 8 Enterprise 1.00%
Windows 8 1.00%
Windows Vista Home Premium 1.00%
Windows 8 Consumer Preview 0.50%
Windows 8 Pro with Media Center 0.50%

Distribution by countryDistribution by country

Ireland installs about 14.50% of ESET Smart Security.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 18.54%
Hewlett-Packard 13.17%
Dell 12.68%
Intel 11.71%
Acer 9.27%
Lenovo 8.78%
Sony 8.78%
GIGABYTE 7.32%
Toshiba 6.83%
Sahara 0.98%
Samsung 0.98%
American Megatrends 0.98%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE