Error - nod32 kernel service

Hi all.

I have a problem, and I read others have had the same.

I used the trial version of nod32, worked great for a long time, but a few days ago I restarted my computer and nod32 didn't start up. It froze on the splash, and after about 5 minutes I got an error message saying "error communicating with nod32 kernel serice". 2 days before this error I installed a software called PowerISO, used to convert between image file formats among other things.

I suspected this might have been the cause of the error, since no other software installations had been made. This is what I did:

• Uninstalled PowerISO
• Rebooted the computer
• Removed the remaining folder of PowerISO
• Scanned through the registry for anything containing "powerISO" and deleted all the keys found
• Rebooted
• Uninstalled NOD32 trial
• Rebooted
• Removed the ESET folder, and scanned through registry for anything containing nod32 and removed all those keys
• Rebooted
• Downloaded a fresh copy of the nod32 trial version
• Installed it
• Rebooted

Now, on the FIRST reboot directly after installation of nod32, it worked and updates virus definitions as before this error occured. However, I rebooted after the definitions had updated, just to make sure, and on this second reboot nod32 just froze, like earlier, displaying the same warning message after about 5 minutes.

So what can I do? I consider my "cleansing" of both nod32 and the (possible) software that messed up nod32 quite good. I was really enjoying the simplicity and speed of nod32, but if it crashes on other (popular) software installs, and won't revive after a FULL un/re-install, I'm just not sure anymore.

Help appreciated,

/project6

Edit: During installation I shut down every process possible, and my WebClient service is disabled.

Edit 2: Problem solved. The nod32 kernel service was set to "inactive", thus stopped, in services. It's my belief that PowerISO caused this somehow, cause I sure haven't been fiddling in services.msc! I put it back to "automatic" , started it up, and voila: nod32 back and ticking.

 

Hi, this is my first post here on this forum.

I think i have the same problem like yours project6, installed PowerISO today to be able to open a .daa file, but after reboot i got a message from NOD32 that it cannot start "error occured during communication with NOD32 kernel service".
After uninstalling PowerISO, problem remained. Reinstalling NOD32 didn't help, when i start services.msc i always find NOD32 Kernel Service set to disabled, and have to manually enable it every time after reboot for antivirus to start normally.

I have tried setting service startup type to either manual or automatic, but it keeps falling back to disabled after every reboot.

Any thoughts on this plz? Tnx

 

I still have the exact same problem, reverts to "Inactive" every time windows starts up. Nod32 kernel service that is.

I'm looking in to it, but any help would be appreciated.

Edit: Horrible thought just struck me - might be a virus or trojan that disables nod32 kernel service in order to stay alive. Deep-scanning in progress.

 

Send a log from Hijackthis to support[at]eset.com with a link to this thread and I'll do my best to help you out.

 

Mail sent.

I just scanned and found no signs of viruses or trojans.

Here's what I found out so far:
On startup, my Nod32 Kernel Service is Inactive and, thus, stopped.

If I enable nod32 kernel service,start it, and then start upp nod32, the program starts and works. But right after it started up, the service (nod32 kernel service) reverts to Inactive!

So it's actually the software.. deactivating its' own service.

Oh my...

 

Same here,

Just talked a new customer into letting me uninstall norton, then spend over an hour with nod stalling at the splash screen.

Finally had to install AGV free ....nod has never let me down like this before.

It even stalled in safe mode

 

That happened because Norton was not uninstalled properly. You should either use a special uninstall tool provided by Symantec, or repair Winsock manually. AVG does not have this problem as it doesn't use a scanner that works at Winsock.

 

I've installed PowerISO, but didn't find any probs.

 

Instructions on repairing Winsock can be found HERE

Let us know how you go...

Cheers

 

I'm not having any winsock issues...everything works fine except for the exact same error message these other guys are having.

Are you suggesting that they reset winsock as well. What is the connection with nod not being able to communicate with the kernel service and winsock?

Wouldn't I have had internet connection problems if the winsock was toast?

I don't mind trying just about anything I just don't see any of the typical symptoms of a bad winsock on this machine. It's running SP2 so resetting is a snap, just two commands.

thanks for the suggestion in any case

 

We were refering to

 

I set Nod32 kernel service from Inactive do Automatic a few hours ago, but it reverted to "deactivated" after it ran an auto update.

Man I'm so tired of this now... I tried just about everything.

 

Hi, project6

As the Trial time Ran Out?

Take Care,
TheQuest

 

hey project6

please let me/us know how this is going. hopefully you are getting the help you asked for. I won't have access to the system that's doing this for some time but it would be great to have a solution the next time I'm in front of it.

If I could I would have taken the customers box with me and troubleshoot this myself but they need to use it on a daily basis and I can't reproduce this issue on any of the boxes I have around here.

Also just off the top of my head...you wouldn't by chance have spysweeper installed? I remember my customer had that and I disabled it because she wouldn't let me uninstall it...just a thought.

 

Hey napatec, still looking into this.
No I do not have spysweeper installed. But my guess is we do have some kind of software installed, maybe not exactly the same but something that acts in a similar fashion, causing Nod32 to deactive its' service.

I'm updating this thread with new info when/if I solve it.

 

Error - nod32 kernel service - SOLVED.

After about a week of troubleshooting, I finally managed to get my Nod32 kernel service to behave the way it's supposed to. Even though this may not be an ultimate solution for all of you, I figured I might as well describe the problem found.

The reason my Nod32 Kernel service was shut down every time I started up Windows (and when Windows was running) was because I had a trojan hidden on my drive.

It was known for blocking Antivirus kernel services and the likes, exactly the issue I had. I found it by uninstalling Nod32, then removing the Program Folder and all registry keys that looked like Nod32. After this, I did a Winsock reset (just to make sure) and then installed a new fresh copy of Nod32. I tried these steps before, but this time it was different.

As soon as I installed the new Nod32 version, it found the first part of the trojan (after about 5 seconds, after the first program update) and removed it. (Nod32 rebooted at this point to get rid of the file) Then I ran an in depth cleansing, and found the second part of it. After these had been deleted, I started up the Nod32 service, set it to automatic, and rebooted. And voila; no more problems (at least not yet)

The trojan disguised itself as the csrss.exe process (this IS a critical process, do NOT delete it!) so it was impossible to find through CTRL+ALT+DEL. It "started over" on every boot by using "Runservice" or simply "Run". If you see any of these in hijack this, or among the other services/processes, this trojan might be the reason for your Nod32 disfunctionality. (If you DO find "Runservice" or "Run", of course disable the actual service/process before attempting to reinstall/scan.)

Try installing a brand NEW version of nod, and update it fast, hopefully it will find this trojan and delete it as it did for me.

I wish you all good luck with this, over and out.

/project6

Edit: Here's some info from the logfiles: 1st part) c:\windows\csrss.exe - IRC/SdBot trojan - deleted (after the next restart) [2]
2nd part) C:\System Volume Information\_restore{31803DA0-2FB7-4E6F-8237-BB81F0E357F2}\RP766\A0114868.exe - IRC/SdBot trojan - deleted