ekrn.exe keeps dying and restarting

Discussion in 'ESET NOD32 Antivirus' started by betamax, Sep 9, 2009.

Thread Status:
Not open for further replies.
  1. betamax

    betamax Registered Member

    Joined:
    Sep 9, 2009
    Posts:
    2
    Hello. I've read thru the knowledgebase and checked out the sticky posts and couldn't find anything helpful. So now I'm making a post

    I'm not sure if I'm actually infected with anything. I ran a full scan in safe mode as well as the online scanner and nothing came up. Basically the ESET Service fails to start up. It just started happening out of the blue.

    When I look at procexp (a better version of task manager) I can see the ekrn.exe process getting killed and starting back up over and over again. When I look at the ESET Service in the control panel, it shows up as Starting. Whenever I try to disable it, I get access denied (probably because it's stuck in Starting mode). I have to disable it in safe mode.

    I also tried running the .exe in safe mode and seeing if it dies. It dies in procexp after running for a few seconds.

    I've completely uninstall the software, removed all registry keys, and reinstalled the latest version. However, as soon as installation completes, it hangs at "starting service" and when I look at procexp I see the same thing: ekrn.exe dying and restarting over and over.

    I'm running Windows XP SP3 32 bit. If there's any other info you would like me to provide, please ask.

    I'm out of ideas :ouch:
     
  2. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Try downloading and running malwarebytes ? the service is set to just keep restarting if you look at the recovery tab every zero seconds, so it will just keep doing that, sounds like a antivirus killer keeps trying to shut it down.Did you look at what other programs are running at bootup ? anything suspicious ?
    there is more than one place things can load and run from in the registry.Did you try the eset uninstaller ? are you sure your removing everything from the old install ? Try mcafee rootkit detective or rootrepeal to look for hiddin processes or services ?
     
  3. betamax

    betamax Registered Member

    Joined:
    Sep 9, 2009
    Posts:
    2
    I ran mcafee rootkit detective. You want me to dump the output?

    EDIT: I read up on the ESET Uninstaller tool and it said only to use it if the start menu uninstaller failed. It did not fail. Do you want me to try the uninstaller tool anyway? I have since reinstalled ESET. Can I use the tool to blow a way a full install or should I run the start menu uninstaller first, and then the Uninstaller tool?
     
    Last edited: Sep 10, 2009
  4. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    After you uninstall, are you deleting the \program files\ESET folder ?
    also Documents and Settings\All Users\Application Data\ESET ?

    are you going to the registry and deleting ESET key from hkey current users and hkey local machine ?

    then hkey local machine software microsoft windows current version installer folders and delete all you see from eset in there ?

    then unhide your system files and hidden folders and go to windows\installer and look for one of those files being from eset, then delete it, it will say in the properties of the radom named numbered file if it's part of the eset installer or not.

    Did you go into settings of mcafee rootkit detective and set that up before the scan ? what did the scan results show when you clicked the hidden processes / files or registry values radio button ?

    what did you add or remove as far as programs to your computer when the problem started.

    type msconfig in the start menu run box and go to the startup section and uncheck everything but eset and reboot ?
     
  5. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello betamax,

    Do you get an error when the ESET gui is loaded? If ekrn is not running correctly, then you should receive an error about not being able to communicate with the kernel.

    I would suggest uninstalling through the start menu and then running the uninstaller to remove any leftover traces. Then reinstall and see if you see the same behavior.
     
    Last edited: Sep 11, 2009
Thread Status:
Not open for further replies.