I installed nod32 on a new machine and configured etc...rebooted... now when I go to the nod32 module and select c drive and scan... it scans alright, but then when done, before you have a chance to see results, it simply closes and your back to the main nod32 screen?

If you go to scan logs it shows it scanned, but also show "0" files scanned?

I sat there and watched it scan all the files?

anyone else have this problem?

What happens if you goto My Computer, and right click on C: drive and goto NOD32 Anti-Virus System?

I uninstalled it and am reinstalling..... I'm starting to wonder if I corrupted one of the scan engines by hitting "update now" when it was already trying to update itself?

Ill let you know!

Bummer.. same thing!!! It still stops after scanning without showing the results.
I do have "scrolling" enabled, but not for all files.

I did rightclick on c drive in my computer and scan that way... it made no difference.... it behaves the same way.

One interesting fact... on one machine that does fine... when you go into the nod32 module , the local drives and network drives is not ticked, but my C drive is!

However on the computer thats giving me fits, you cannot untick the C drive without it also unticking the local drive box?
I don't know if thats any relation at all....

What version of Windows?

Can you run a scan in Safe Mode with Nod32 fully tweaked to the max and then please and tell us the results.

Cheers ;D

winxp pro with sp2... and yes.. Ill try that too...

I do have "fast.exe" running in task manager on the problem machine.

i did the same thing again..... right before it ends... it scrolls some lines too fast to see, yet slower than when not in safe mode.. I still can't see then and the it simply closes and leaves you with your safe mode desktop.

Maybe Ill try cleaning the registry on this machine to see if that helps

Can you try following the steps found in post number 2 here:

http://www.wilderssecurity.com/showthread.php?t=47830

I think you have an infected machine.

Cheers ;D

Well you left quite a list...... There appears to be nothing working wrong other than this....
Here is where I am at so far.....
I have already ran the winsock fix.. because I don't trust how mcafee's leaves it after their unistall.
First of all .. I completely uninstalled and reinstalled nod32.... same results..
1. I ran spybot and updated and cleaned all the temp directories and internet files as well as ran a scan again... "it was already installed on this machine" set to scan daily.
2. I ran regmechanic and cleaned any findings and rebooted.
3. I also installed, updated and ran pestpatrol..... it only found one unknown trogan... I deleted it .. rescanned and found nothing.
4. So I attempted to rescan with nod set the same way as before.....it still responded the same. THe scan log showed the scan but 0 files scanned.
5. Then I set it to clean and in the right column I set it to delete and quaranteen.... I reran nod32 again..........It still scans then then closes.. denying it actually scanned any files.
6. NOW I went to safemode again and reran nod32 with the clean function... that doesn't seem to do anything different.
7. Now still in safe mode, attempted to open nod32 control panel... I get an error.... "error occured during communication with nod32 kernel service "nod32kui" I don't know if this is normal while in safe mode... but nevertheless I am running a scan again with clean enabled to delete and quaranteen again.

interesting... this time I am able to see the results... "while still in safe mode"... I did notice some driver.cab files were corrupted too... I don't think that is the issue right now.....
I will now go into normal mode and see what happens....

-{ Quote: "Well you left quite a list......" }-
It is pretty comprehensive, tackling most problems out there.


-{ Quote: " I ran regmechanic and cleaned any findings and rebooted." }-
Can you download and run Regcleaner 4.3.0.780 from here: http://www.majorgeeks.com/download460.html and remove any entries left by McAfee and any other Antivirus remnants.


-{ Quote: "Now still in safe mode, attempted to open nod32 control panel... I get an error.... "error occured during communication with nod32 kernel service "nod32kui" I don't know if this is normal while in safe mode... but nevertheless I am running a scan again with clean enabled to delete and quaranteen again." }-
You can not open the Control Panel while in Safe Mode. In order to run Nod32, you have to go to Start> All Programs> Eset>

This is an oddball, if you are still having this issue after doing the above, I’ll send off an email to Eset and see what they can come up with.

Cheers ;D

you may have something about the remnant av.... mcafee leaves a ton of crap..... Ill run reghealer on advanced mode...... if that won't get it all out nothing will..... After running regmechanic on my machine.... reghealer found 2800 more entries!
Ill let you know if I figure anything out..

-{ Quote: "...Ill let you know if I figure anything out.." }-
Thanks, appreciate it, we all learn that way ;D

Regcleaner is pretty good as well.

Cheers ;D

humm.. well I'm stumped so far.... I cleaned over 2100 entries with reghealer and it still does the same..... there must be something about this system....
NOw I have to decide if nod will work on this system or whether I must reinstall mcafee?..... yuk..

try a windows repair maybe

Does it happen also if you leave only Files selected in the Objects to diagnose section in the on-demand scanner setup?

-{ Quote: "Now I have to decide if nod will work on this system or whether I must reinstall mcafee?..... yuk.." }-
Nah, we'll get it on there, haven't seen a system that we can't yet...

Can you send me a Hijack This Log, my email is in my profile, bottom left corner.

Cheers ;D

-{ Quote: "Does it happen also if you leave only Files selected in the Objects to diagnose section in the on-demand scanner setup?" }-

You know... maybe you can share what your on to... because when I do as you suggest "only scanning files" it works!.... even in normal "non-safe"mode!

I went to taskmanager and turned off everything that would turn off.. except for nod stuff and explorer and it still does it... so far the only scenario where it doesn't is when I go into safe mode "its done it there too, but it didn't once", and when I only scan for files?

Another peculiar thing this computer does is why you are installing something... it like to bounce to the task bar and disappear "whatever you are installing"... maybe that has something to do, I don't know?

but I appreciate you guys loving a challenge.... This is a computer I'm tuning up for a friend and it works great except the these issues.

I also ran the progs blackspear suggested and scanned for cws stuff and even bad jpg's along with the betterinternet stuff.... came up clean...

But if you can tell me whats up with the files only thing I would appreciate it!!!

-{ Quote: "Nah, we'll get it on there, haven't seen a system that we can't yet...

Can you send me a Hijack This Log, my email is in my profile, bottom left corner.

Cheers ;D" }-

Sorry Blackspear.. I also sent you a pm... but I cannot figure how to send you an email... I did as you suggested and all I got was "blackspear AT wilderssecurity DOT com".... I don't know how to turn that into an email?....
it says your not accepting emails either...

I was trying to send you the highjack log you asked for.
Ill send you another pm.

But here is a copy and paste of the highjack log:
Logfile of HijackThis v1.98.2
~~snip~~ HJT Log removed - Blackspear

-{ Quote: "I did as you suggested and all I got was "blackspear AT wilderssecurity DOT com".... I don't know how to turn that into an email?....
it says your not accepting emails either..." }-
Hi Windstrings, received and replied to your PM.

Regarding the email, replace AT with @ and DOT with "." so it looks like a normail email address. I display it this way so the address will not be harvested...

Cheers ;D

-{ Quote: "Hi Windstrings, received and replied to your PM.

Regarding the email, replace AT with @ and DOT with "." so it looks like a normail email address. I display it this way so the address will not be harvested...

Cheers ;D" }-

Ah.. yu prty smaaat!

I tried again to run it.... this time.. all I did is "unticked" the
archieves...and it also worked!!!!.....
I wasn't sure as of yet if its the fact that as long as "all" of them aren't
ticked they work.... or if its specifically the archieves being ticked thats
the problem.

Anyway... So next I did run it again with packers unticked... it messed up.... it appears that unticking the archieves is the secret to getting it to work....
I ran chkdsk also and it was good because I had ran it two days ago.

-{ Quote: "I tried again to run it.... this time.. all I did is "unticked" the
archieves...and it also worked!!!!.....
I wasn't sure as of yet if its the fact that as long as "all" of them aren't
ticked they work.... or if its specifically the archieves being ticked thats
the problem.

Anyway... So next I did run it again with packers unticked... it messed up.... it appears that unticking the archieves is the secret to getting it to work....
I ran chkdsk also and it was good because I had ran it two days ago." }-
I have sent a PM to Marcos asking for this thread to be followed up, it will be interesting to see what he has to say, as this is one very odd issue, and it will be good to see the outcome...

By the way, your HJT Log is clean, you can remove O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

Cheers ;D

i guess that toolbar is an old mcafee thing??

anyway...for the sake of anyone else who may encounter this problem... I am making most of my coorespondence with nod32 availiable to the forum...

Send#1
just so you know... as I watch the nod32scan.. towards the last.. I do see
that there are reports of some c:\windows\driver cache\i386\cab files that
are corrupted.
I did run it again with packers unticked... it messed up.... it appears that
unticking the archieves is the secret to getting it to work....
I ran chkdsk also and it was good because I had ran it two days ago.

Send #2
I did run it again with packers unticked... it messed up.... it
>> appears that unticking the archieves is the secret to getting it to
>> work....
>> I ran chkdsk also and it was good because I had ran it two days ago

questions from nod:
1.) Is it continually hanging on a particular file or files?
2.) Are the resources being used by NOD32 spinking during the scan of
these archives?
3.) Would you be able to overwrite the corrupted ones from the i386
folder on your disk?
4.) Does NOD32 list the individual file or just the cab?

Send#3
my answers:
1. I can't tell if its hanging on a file... it just stops when the progress bar is at the end... I'm assuming its done... but I won't tell you the report... almost like it was cancelled?
2. the cpu usage bounces from 23 to 100% during the scan.
3. If I could see a report to see which files it was reporting as bad... I could do that..... when you hit the stop button... all is gone.
HOWEVER... when I view the successful ones... I see not corrupted cab files because those archieves were excluded..... AND.. when I watch it scan... I do get a glimpse that it is scanning the corrupted cab files when it all stops....
Note that the only time I could see what those files actaully were at all was when I was in safe mode.... while in normal mode, it scans much too fast!
4. not sure what you mean.... it list the pathway to the corrupted cab file and the file name itself if I remember right.
Maybe if I can find those cab files and replace them that will do the trick!

from nod:
Just thinking. How about opening the cabs, and copying the files to a
folder on your desk top. They won't be compressed and maybe NOD32 will
be able to see and report which individual file is corrupted. Think
it's worth a shot? I'm going to see if I can find some third party
software that would also do that.
my response:
what Im doing right now is I copied those cab files from my computer to a temp dir on the affected computer.
then I right click on the whole i386 directory and scan the good ones first I sent that are in the temp dir.
then scan the ones that are bad.
there are only 3 files..... ie: driver.cab, sp1.cab, and sp2 cab

just for fun I decided to individually scan those files.... its the driver.cab that is bad.... do I tried to extract it to a temp dir and even winzip responds the same way that nod does when it is extracted.... winzip closes.... it does get a few files but then close, crashes or whatever it does... nevertheless I can't see the individual bad file... unless I select each file individually and try to extract it.... which when I did that.... I found that the first file that was bad was a .wav file.
So I just deleted the whole driver.cab and replaced it...
now what puzzles me... if I right click on the i386 dir and scan with nod32, it will scan just fine and even give me a report where it wouldn't before with the bad driver.cab present..
but If I open the nod32 module and scan the whole c drive... it still stops prematurely...... maybe theres another file corrupted somewhere else?

Well this is getting quite tedious!.... if I right click on my c drive... I still get the foulup..... I have tested my whole s:\windows directory and it works for that... so now I have to find where the bad archieve is!

Does anyone know of a program that will scan and find bad archieves?

Wait a minute!... I did something really dumb... I have the bad file backed up in a temp directory.... I will scan c drive now with that deleted.

I finally fixed it!!!! ... it was all about the corrupted "driver.cab" file.... located in c:\windows\driver cache\i386.....winzip wouldn't open it either....

we did have mcafee on this system before... I don't know if it would have opened it or not without crashing?... we didn't do a scan of c drive.. so I don't know.....

But I want to thank all of you that gave your help, support and suggestions.... I learned alot in the process!

So for now..... to sum it all up ..... its the "archive" setting being ticked is what will cause nod32 to blip out during a scan "IF" you have a corrupted archieve file.. .such as a .cab etc
I've worked on this problem all yesterday eve and all today..... aside from being damn curious... I really wanted to keep nod32 on this system if I could...
Now Ill delete my restore files and create a new so I don't chance getting that funky file back again....
The scan took 16minutes and 47seconds to scan 129413 files, with everything set to full max settings.... not bad for a 950amd!
Special thanks to "Berni" here in the states for returning several emails as he worked on this personally today and to "Blackspear" for the trouble, time, and coorespondence.
again.... thanks..

Great to see you had a good result.

What an unusual problem. Hopefully Eset will be able to have Nod32 adjusted to go past such an error for anyone that comes across the same issue.

Cheers ;D

Well whatever the issue is... winzip would also crash when trying to open that bad .cab file.... not so much when it opened it, as much as when it "extracted it"

If nothing else... figure out a way for the log to show so someone can go see what the problem was and fix it.... right now it acts like it "cancels" when it encounters the issue. The scanlog shows it scanned, but acts like it scanned "0" files... like it forgot everything it had done up to that point... like a "cancel" command would do.....
I don't think it will be too hard to fix...... this system had a bad hardrive before that I replaced not to long ago.... the "smartdrv" was going out, according to the ibm utility "DFT".
I think this issue is resolved.

Flowers once again!.. and in the winter too!!....

this is probrably the best forum I've ever been involved in... its extremly hard to deal with so many issues from so many people!

Like any team, business, or family.... a quality forum starts with those at the top. I appreciate the sense of excellence I feel out here... many forums would take that attitude of "oh well", but you guys really take pride in figuring out stuff.....
When I contacted the nod32 guys by phone.... they said someone else had the same problem... the more they talked.. the more I realized it was me!!
They were already working on the problem.... literally when I called the tech as well as a couple of others were investingating and trying to duplicate the problem.
I really wish I would have saved the problem file so I could send it to them... but it was quite big anyway....
Hope everyone has a great thankgiving because even though things can get really low..... theres always so much to be thankful for...
cherio!!