ESET Will not update v4.2.64.12

Discussion in 'ESET NOD32 Antivirus' started by carlegend2, Sep 15, 2010.

Thread Status:
Not open for further replies.
  1. carlegend2

    carlegend2 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    7
    Hello all!

    I am having a problem with one of my computers. My NOD will not update itself, simply says 'An error occured while downloading update files'. My browser is also getting redirected to random sites like 'Stopzilla' etc.

    Any help will be greatly appreciated.

    Also i cannot connect to any 'security' sites, such as eset.com / avg.com etc

    Regards, Carl
     
  2. no_idea

    no_idea Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    83
    Last edited: Sep 15, 2010
  3. carlegend2

    carlegend2 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    7
    cannot connect to that page...
     
  4. carlegend2

    carlegend2 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    7
    Ahhh no, i can see all the images.
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Have you tried to do a full scan with NOD32?

    TH
     
  6. no_idea

    no_idea Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    83
    ok, at least it's not conficker :)

    however, your system might still be compromised - I have searched a bit for "Stopzilla": http://en.wikipedia.org/wiki/Talk:Stopzilla

    I'm afraid I'm not that good at rogue-ware removal and can't help you out here.
    (my "cleaning" consists of restoring the latest uncompromised backup and going forward from that point)

    maybe someone else can you help out on this one.
     
  7. carlegend2

    carlegend2 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    7
    I also cannot update my MB anti malware... Am quite lost.
     
  8. carlegend2

    carlegend2 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    7
    Yes. And nothing is found.
     
  9. carlegend2

    carlegend2 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    7
    This is what malware bytes says:


    Malwarebytes' Anti-Malware 1.44
    Database version: 3510
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    15/09/2010 23:05:19
    mbam-log-2010-09-15 (23-05-19).txt

    Scan type: Full Scan (C:\|D:\|O:\|)
    Objects scanned: 299652
    Time elapsed: 1 hour(s), 5 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Delete on reboot.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\32788R22FWJFW\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully.
     
  10. no_idea

    no_idea Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    83
    In this case maybe a "second opinion" is in order.

    Please download the latest avira rescue system iso file and burn it to a cd:
    http://www.free-av.com/en/products/12/avira_antivir_rescue_system.html

    Then start the PC in question from this cd. Please do only a scan. Do not let Avira "repair" anything! (Avira is kind of an overzealous bastard that finds infections where there is no threat at all ...)

    Look what Avira thinks has befallen your system and go from that point.

    For the record: I do not endorse Avira but I have found their "rescue system" a good solution to get a second opinion. As it boots an independent operating system and installs nothing on your hard drive (if in scan only mode!), I find it a valuable asset. Its results have to be taken with a grain of salt, however. I have seen it moan over mrt.exe as being infected ;)

    <edit> anything suspicous Avira finds you may double check on http://www.virustotal.com/
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  12. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I would wait till an ESET Moderator replies before going any further as you are a paying customer! Or open a support ticket http://www.eset.com/support/contact# and they will help you clean your system if it is truly infected!

    TH
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Download jv6 PowerTools 2010 trial. Then uninstall Eset.
    Reboot.

    Now run CCleaner in safe mode including the registery cleaner.

    Reboot

    Install jv16 Powertools 2010 run theregistry cleaner.

    Reboot

    Download clean eset installer and reinstall

    reboot

    Try again to update

    There are no guarantees this procedure will work for you


     
  14. carlegend2

    carlegend2 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    7
    I would love to make a ticket, however as i said i cannot access eset.com
     
  15. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    you can download mbam rules seperatly, type download MBAM-Rules in google
     
  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hopefully a ESET Mod will reply here and help you!

    TH
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  18. AJStevens

    AJStevens Registered Member

    Joined:
    Aug 27, 2008
    Posts:
    97
    Location:
    Surrey, UK
    Hi Carl,

    Seeing as how it doesn't appear to be a major obvious infection, if I were you I'd do some basic network checks.

    Are you using another PC to post to Wilders Forums, or are you able to browse some websites such as this on your PC?

    If it's the same PC, then it's likely a DNS issue, can you start a command prompt (assuming you're using Windows XP/Vista/7 here), Start, All Programs, Accessories, Command Prompt.

    type in:
    ping www.eset.com

    and press enter

    it should reply and give an IP of 72.3.254.86

    there's also nslookup:
    nslookup www.eset.com

    should give the IP of 72.3.254.86

    If not, then somethings amiss, if you're on a home network, you could try resetting your Broadband Router incase it's got stuck with resolving addresses.

    Or, there could be overiding settings in place, there's a "hosts" file on Windows machines that overrides DNS lookups, and very often some malicous code can write entries in here for av products to prevent you getting help removing it. Although UAC should prevent this file being altered on Vista and Windows 7.

    Open Notepad (Start, All Programs, Accessories, Notepad).

    Click File, Open and type in the File name box:
    C:\WINDOWS\System32\drivers\etc\hosts

    and press open (this is assuming you're using Windows XP)

    Every line starting with # is a comment, ignore it.

    There should only be one entry in here by default and must remain, it will be:
    127.0.0.1 localhost

    ensure there are no other entries, check you can't scroll any further down (a trick by some malicious code is to leave a lot of empty lines, then add entries to trick the user to think there aren't any added).

    If you find some, such as for www.eset.com first copy all the text into another notepad and save the file as "alteredhosts.txt" to your desktop for later review then close the second notepad, then remove them, remove everything, except for the # comment lines and the default 127.0.0.1 entry then click file and save.

    Now try accessing www.eset.com again, if it still doesn't work, try entering the command:
    ipconfig /flushdns

    in a command prompt window, and then try www.eset.com again (be sure to completel close and reopen your web browser, eg Internet Explorer).

    Otherwise, some more details of the machine (OS, etc.) would help to assist further.
     
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    This is getting frustrating. Suggestions are made to try to help the OP and all we seem to get back is more problems or silence. No reports on what happened when OP took a suggestion or not. What is his PC? What is his O/s?

    Post are made here but how if the PC is in such bad shape.

    I'll try one more time,

    Carl, restore your PC from your backup image before any of these issues befell you. Or failing that go to the oldest restore point.
     
  20. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Perhaps the OP has not been able to post back, Escalader
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
  22. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I saw that, the OP may not have Intenet access for any number of reasons.
    If the OP does not reply, the thread will die a naturnal death.

     
  23. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Yes, it is true.
     
  24. Pokin

    Pokin Registered Member

    Joined:
    Sep 6, 2010
    Posts:
    3
    Not correct - the OP did initially report back to suggestions. This may be a case of suggestion-overload - too many for the OP to remain engaged (at least for now). Beside, there has been nothing posted by an ESET mod.
     
  25. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Suggestions will stop/ have stopped as there is no detailed reporting back. Questions put are ignored.

    This thread is dead
     
Thread Status:
Not open for further replies.