Friendly request: why is NOD32 on my PC?

Hi Forum folks. Please advise what is happening and how to correct:

Frequently on my Vista system I will see a yellow balloon appear at the task bar telling me I need to update NOD32. It looks like an official MS Vista notifier.

Also frequently when I close IE7 it crashes with the message "Error caused by NOD32 Antivirus Situation: No solution available".

I have not installed NOD32 on my system and find no record of it in either my registry or Program Files folder.

All comments welcome. Please help me understand what's happening and how to correct it.

Thanks.

 

It sounds like a rogue=Fake program.try running this programhttp://www.malwarebytes.org

 

Don't you have McAfee installled by chance? Recently Microsoft has incorrectly identified ESET as the cause of an issue instead of McAfee.

 

Thanks Marcos. I have never had McAfee installed on my system.

 

hello
what Eset Antivirus you have install pls tell us build

 

He said he's never installed NOD.

 

Thanks djohn. I installed and ran Malwarebytes and it came up wth zero issues.

 

That's correct. I've not ever installed NOD32.

The yellow balloon message that comes up from the clock task bar area looks like the Win Vista updates balloon. So I'm wondering what piece of NOD32 might somehow have gotten on my system to initiate this periodic notice to update.

The impact is that IE7 crashes very frequently when closing. The offending element in the subsequent dialog is that NOD32 caused the crash and that there's no solution found.

Is there a way I can follow a guide of instructions for manually removing all elements of NOD32? I'm glad to pick through folders and the registry to find and remove whatever it may be.

Thanks everyone.

Hugh

 

You could try Regseeker and search for Nod32 and remove all hits.
Or installing and removing a trial of Nod32 could do the trick.

 

What does your security center say for protection? does it list nod32 in the center.?If you never installed nod there should not be registry entries temp file and the like.also in control panel open folder options click View and scroll to find show hiden files and folder.then check you program files program data and under user look in appdata local, roaming and so fourth to see of anything shows Eset which is nod

 

Thanks Dave. I have Avast as my A/V and the default Windows Defender running in Security Center. I've got hidden files and folder showing, and checked all trees for eset -- even did a full system scan -- and it doesn't show up as a find.

Hugh

 

Very weird indeed if you system is clean from any rogue or spyware/malware then I am at lose.As you No windows does some crazy stuff for no appearant reason at times.But seems rather suspicious especially the browser crashing.perhaps some one else here can further assisist on rather strange problem.sorry i could not be much more help.

 

Perhaps you should download and run SysInspector from Eset and post when you have the results.

 

Dave, very muich appreciate everything you offered.

 

i have that problem b4, but it is upon uninstalling NOD32 the previous day.....
but yours is weird...

Maybe u can try installing NOD32 and uninstall it...

 

Hmmm...tempting, but that'll be two Eset things I'll have on my system. I'd kind'a like to go the other way and get rid of the first one.

I found 10 eset items in my Cookies folder. One of them is eset.js. I'm going to delete these and see how things go, keeping SysInspector in mind for later.

Thanks everyone, much appreciated. I'll report back with findings.

Hugh

 

Funny...after posting the above I closed IE7 and got the nag message again. Here is a link to a screenshot to see what it looks like:

http://www.followthelegend-ledzeppelin.com/MCPSITF/after IE7 crash.JPG

 

Sounds like you may have a trojan. GOOGLE. Note one of the Aliases according to Avira.

 

It looks like a notificatoin from Vista. Could you post a screenshot of the screen that appears after clicking on the balloon?

 

Concur.

I found the same reference to the alias Eset Trojan here:

http://www.exterminate-it.com/malpedia/remove-js-trojandownloader-small

After deleting the file I ran a boottime full disck scan with Avast. The system came back clean, so now I'll keep a look at the folder as I browse to see if the file returns.

 

Will do next time it happens.

 

As promised, here is a link to it:

http://www.followthelegend-ledzeppelin.com/MCPSITF/Capture4.JPG

And here is the detail from that crash:

Product
Internet Explorer

Problem
Stopped working

Date
11/27/2008 8:59 PM

Status
More information available

Problem signature
Problem Event Name: APPCRASH
Application Name: iexplore.exe
Application Version: 7.0.6001.18000
Application Timestamp: 47918f11
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c0000005
Exception Offset: 00043387
OS Version: 6.0.6001.2.1.0.256.1
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Extra information about the problem
Bucket ID: 630998817

Thanks to all for trying to help me get this resolved.

Hugh

 

Just some other suggestions, If you have not done so.Run some other scanners with full system scan such as Drweb cureit,SuperAntispyware,Mcafee stinger maybe even a trial run of nod32 or Avira it is very possiable avast is missing they all do.also suggest shut down windows system restore before the scans. I noticed from a early screenie you have protection mode/UAC off.Unless your running a standard account, I would turn it back on it helps with some malware etc that require admin level to run and if you touch the web in a admin account is real risky IMO.

 

Concur on all points, Dave. I've already run AdAware and SpyBot in addition to the earleir suggested MalwareByte, adn CClean -- all came up clean. UAC is off b/c it's a nag I can't deal with throughout my day on the system.

 

Here is something that may make UAC more friendlyhttp://www.nortonlabs.com/inthelab/uac.php works well it can remember if you choice it to not prompt by building a whitelist.