Blocked internet and Outlook express

Discussion in 'ESET NOD32 Antivirus' started by Wolfie138, May 9, 2009.

Thread Status:
Not open for further replies.
  1. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    Just had a trauma the last couple days thinking i'd been trojanned or something. long story short, after a week or so of Eset V4, it suddenly decided to block net responses : i got my BB connection no prob, FTP would work, but no pages would load in any browser and Outlook Express wouldn't pull mails.
    after much messing i took the "enable HTTP checking" off and got the web back, and took POP3 protocol checking off to get the mails back.


    i'm feeling slightly underprotected now, so how can i restore full protection w/out losing all access again?

    specs :
    XP home, SP1
    FIreFOx 2
    eset v4.0.424.0
    Virus signature database: 4054 (20090505)
    Update module: 1028 (20090302)
    Antivirus and antispyware scanner module: 1213 (20090505)
    Advanced heuristics module: 1092 (20090309)
    Archive support module: 1094 [noparse](2009042:cool:[/noparse]
    Cleaner module: 1040 (20090401)
    Anti-Stealth support module: 1011 (20090415)
    SysInspector module: 1212 (20090414)
    Self-defense support module : 1005 (20081105)

    thanks....
     
  2. ASpace

    ASpace Guest

  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Couldn't it be that you have a firewall installed that would prevent ekrn.exe from communicating via HTTP/POP3?
     
  4. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    sigs won't update

    i use Zone Alram as a firewall, like i say it's never been an issue until last tuesday, i haven't changed any settings anywhere but for some reason i suddenly lost access.
    i can't see SP1 or FF2 being an issue as they were all working fine together before.

    my signatures updates won't update - i've checked my user ID and passsword form the email ESET sent me, i got the progress bar standing at 0% for a bit and then a "virus signature database could not be updated - an error occured while downloading update files" message, no explanation why.
    any ideas? the manual's a bit rubbish saying to check my internet connection, which is running
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: sigs won't update

    Given that you are unable to download through http/pop3 and update does not work either, it must be that the ZA firewall is blocking ekrn.exe. If it worked before, a blocking rule for ekrn.exe must have been created later.
     
  6. DesertRat

    DesertRat Registered Member

    Joined:
    Jul 12, 2008
    Posts:
    32
    I wonder if you turned on SSL protocol filtering. If not fully configured it has the effects just as you mention.
     
  7. JohnnyDollar

    JohnnyDollar Guest

    This doesnt answer your question but, I would say that XP installed with SP1 and using firefox v2 is being underprotected. Once you rectify this issue with Nod32 then if I were you I would install the latest service pack (SP3) and update all of your software including firefox (current version 3)
     
  8. ASpace

    ASpace Guest

    Re: sigs won't update


    This is what I would do now (valid for both v3 and v4) in addition to your check re. ZA rule about blocking the outgoing access of ekrn.exe

    If the above two things doesn't work , download the latest install file of the program from the ESET servers and reinstall the program

    I would also suggest you make sure SSL scanning/filtering is disabled (valid for v4.0 only) and also you could play with the "Protocol filtering" options
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2217&actp=LIST_RECENT

    Change to "Applications marked as Internet browsers and email clients" or "HTTP and POP3 ports" . Make sure Active mode is not used.

    Try this additionally.



    ASpace
     
  9. michael_sharp

    michael_sharp Registered Member

    Joined:
    Apr 20, 2009
    Posts:
    8
    Hi,

    I have seen a virus that behaves in the manner you have detailed. The one I saw was not picked up by any malware or anti virus software.

    Can you get into the command prompt (CMD.exe) or the registry editor (regedit.exe) if you cant there is a potential for there to be a threat on your system.

    Try running a third party registry editor (to bypass the block on regedit.exe) and browse to the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32


    If you see a key called AUX or AUX2 check to see if the key is pointing to a random file name with a random extension then make a note of the file it is poitning to then delete the file AND the registry key. If it is pinting to a legitimate windows file leave it alone.

    An example of a random file might be something similar to "adgf.drf"

    Restart the computer to clear the memory of any infection.

    NOD32 will then start to function properly and allow you to access the internet and you can then run an update followed by a full scan,


    If this solution doesnt work try running rootalyzer to identify any potentially hidden files or services which you can then remove with avenger.
     
  10. ASpace

    ASpace Guest

    I've seen it , too . Combofix can also help identifing it.
     
  11. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    hi,
    thanks for the info, working my way through..

    ZA is set up to accept the eset stuff

    i can't get CMD or REGEDIT, so that's not looking good. an anyone recommend a good free regeditor or shall i just go in via safe mode?

    combofix sounds like it's way beyond my tech level!

    cheers....
     
  12. Wolfie138

    Wolfie138 Registered Member

    Joined:
    May 3, 2009
    Posts:
    23
    FAO Michael Sharp

    Bud, many thanks indeed for that heads-up : i found wgdtl.lol stuck in my reg, i deleted it as you advised and now i've got my CMD back, ESET is running as normal w/ 11-05-09 updates. i'm indebted to you.

    what i am not so impressed w/, is NOD's performance on this. it let it onto my system, and it found nothing despite two scan. can i assume they'll be removing the much touted "100% record" claim from the advertising? >:-/
     
  13. ASpace

    ASpace Guest

    Not being able to access these tools could be a sign of malicious software (malware) not detected by NOD32 and blocking both the antivirus and other functions. Combofix should be able to recover your access to CMD/Windows Registry editor . However , using/suggesting such tools here is generally not suggested and allowed.Visit and register in forum that provides malware cleaning services.I vote for AumHa.Describe your problem in details there and wait for an answer/follow the suggestions.

    Edit : Sorry , I didn't read the previous post(s)
     
Thread Status:
Not open for further replies.