"Error occured during communication with NOD32 Kernel Service" at System Startup

Discussion in 'NOD32 version 2 Forum' started by CT-Eltham, Aug 16, 2006.

Thread Status:
Not open for further replies.
  1. CT-Eltham

    CT-Eltham Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    3
    I have a machine on the work bench giving the above error when starting up.

    I have un-installed & re-installed NOD32, followed all links with this error message and performed all suggested fixes, still getting the same error.

    Have scanned drive externally with NOD32 and various other tools, nothing found.

    Have performed a Windows XP Home repair install to rectify, still no luck.

    Just can't get NOD32 to function at all or launch the Control Centre.

    Other than reformatting and reloading, is there any other suggestion to over-come this issue.

    TIA,
    David
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi CT-Eltham, welcome to Wilders.

    I have been advised the following:

    Please post your machine spec's, RAM etc

    Please post a HijackThis Log available HERE

    CHeers :D
     
  3. CT-Eltham

    CT-Eltham Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    3
    The PC Spec's are as follows:-
    - Gigabyte 8SR533 MoBo
    - 2.00 Ghz CPU
    - 512Mb RAM
    - XP Home SP2

    I've done the Hijackthis scan myself, regardless, here is the Log:-

    Logfile of HijackThis v1.99.1
    Scan saved at 10:20:20 AM, on 17/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\RFA Platinum\rfagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    G:\Tools\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
     
  4. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Hello CT-Eltham,

    It could be that the NOD32 Kernel Service (nod32krn.exe) is corrupted. So normally, I would recommend to download and save a fresh installer (http://www.eset.com/download/registered_software.php), uninstall NOD32 (Start > Programs > ESET > Uninstall), reboot, check that the ESET folder has been removed from C:\Program Files and then run the new installer by double-clicking it and follow the 'Typical' installation route.

    Secondly, check that the NOD32 Kernel Service is set to start and is running automatically, by going to Start > Control Panel > Administrative Tools > Services and scroll down to NOD32 Kernel Service.

    Thirdly, check that the registry entry for NOD32 Kernel Service is set correctly:

    1. Click Start, and then click Run...
    2. In the Open box, type regedit, and then click OK
    3. Locate, and then click the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NOD32krn
    4. In the right pane, double-click ImagePath
    5. In the Value data box, check there are quotation marks around the complete path of the executable file for the service, as follows: "C:\Program Files\Eset\nod32krn.exe"
    6. Click OK, and then quit the Registry Editor.

    Fourthly, you could run msconfig (Start > Run... > type in msconfig) and in "Services" tab uncheck all non-Microsoft, non-Eset services, ie: any backup software or webclient program, and restart the machine.

    Bandicoot.
     
  5. CT-Eltham

    CT-Eltham Registered Member

    Joined:
    Aug 16, 2006
    Posts:
    3
    Hi Bandicoot,

    Thanks for the feedback.

    I have tried your first 3 suggestions before, regardless I have attempted all four suggestions again in order to eliminate all posibilities.

    Still NOD32 Kernal service cannot start, even when attempting to launch manually.

    Still scratching my head with this one.

    Regards,
    David
     
  6. Bandicoot

    Bandicoot Eset Staff

    Joined:
    Mar 23, 2004
    Posts:
    297
    Location:
    California
    Can you try installing NOD32 in 'Expert' mode and not enable any of the modules? Check if the NOD32 Kernel Service is running. Then enable AMON and restart and check again, then IMON, EMON, DMON... how does it look?

    Can you re-install in safe mode, restart in normal mode... is the Kernel Service running now?

    If still no joy, could you create a log from WinAudit log? Download WinAudit (http://www.pxserver.com/WinAudit.htm) and save it to your desktop. Run the utility by double-clicking on it, which might take a minute while it gathers information from your machine. When it's finished, a new window will appear with all the details. Save the log as an HTML file (default). It will create 3 files on your desktop. Please send all 3 to support [at] eset.us

    Bandicoot.
     
  7. hackmanj

    hackmanj Registered Member

    Joined:
    Nov 6, 2006
    Posts:
    1
    I am also having a similar issue on one machine at one deployment as above. When I login to that machine I get the same error message. When I go to manually start NOD32 I get the same message. I tried the earlier recommendations and they did not work. I believe there may be a conflict with some software installed on this machine. Winconnect Server XP specifically. It's some software that allows multi-user RDP to an XP Pro box. A recipe for breaking some software no doubt. For now I am going to uninstall NOD32 from this particular machine. I will forward the logs from the tool referenced above and await a response.

    Best,

    Joe
     
  8. KrackerJack

    KrackerJack Registered Member

    Joined:
    Nov 6, 2006
    Posts:
    20
    Hi All.

    I had a similar issue on a machine infected with a Stration worm. The machine was running AVG. Uninstallation of AVG and reinstallation resulted in the AVG version of the kernal error message you're seeing in NOD32. After two days of messing about with AVG I tried installing NOD32. Same problem but with the kernal error your'e seeing. I tried all of the suggested fixes including the TCP fix for WinXP, uninstalling NOD32 and reinstalling with the latest, safe mode install, manual startup, shutting down all non-essential services (MSCONFIG). Of all the suggested fixes I found for this error (both for NOD and AVG) none seemed to work for any of the posters. Three days of this and I just trashed the machine and reinstalled. I won't make the mistake of waiting so long next time.

    Sorry it's of no help but I'd hate to see anyone waste precious reinstall time like I did.

    Cheers
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Did you actually ask ESET's support for assistence in removing Stration? With our help you'd have removed it in a minute or two.
     
  10. KrackerJack

    KrackerJack Registered Member

    Joined:
    Nov 6, 2006
    Posts:
    20
    Well no.

    1. The worm wasn't the problem. I got rid of that quite easily. Thanks for the offer. It may have been the result of a worm infection but given the number of posts regarding this non-communications error and the lack of any guaranteed fixes it may have been the result of something else.

    2. I wasn't an ESET customer at that time. I went to the Trial version to see if I liked it and see if it was an AVG problem or a problem in general.

    Cheers
     
  11. Joyo

    Joyo Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1
    i got the same problem and cant fix it ._.
    happened after my pc crashed and even installing the new beta version gives me the same error =(
    is it possible that some files got damaged during the crash which cause this problem D;?
    if yes any idea how i can find them >,>?
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Most likely Stration was the problem you had, I assume some of its remnants prevented you from installing NOD32

    Even trial version users can contact ESET's support for assistence.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please send a log from Hijackthis (http://www.merijn.org/files/hijackthis.zip) and send it to support @ eset.com with a link to this thread.
     
Thread Status:
Not open for further replies.