IMON disabled with X-Cleaner

Discussion in 'NOD32 version 2 Forum' started by BenoitG, Nov 5, 2005.

Thread Status:
Not open for further replies.
  1. BenoitG

    BenoitG Registered Member

    Joined:
    Sep 24, 2005
    Posts:
    5
    Hi guys,
    I faced to a little problem and I think this is the best place to get an explanation. When I go to online scan of X-cleaner at http://www.spywareinfoforum.com/xscan.php the applet shows this message :

    Errors were detected during verification of your ''Layered service provider'' setting ! You might experience trouble using Internet Application because of this. Attempt repair now ?? If I choose Yes, IMON gets disabled at the next PC reboot. If I choose NO, nothing seems to happen. It gets disabled even if I protect NOD32 configuration with a password.

    I know I should choose NO everytime but I thought ESET guys might have a clue on that one because I don't know why I get this message. I've never get it before installing NOD32. Is it something with my configuration ?? Is it a NOD32 bug ?? Please help me.

    Regards
    Ben
     
  2. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    The "Layered Service Provider", or "LSP", is something in Windows TCP/IP networking that programs can latch into, allowing them to process TCP/IP data. Think of it as a way for programs to "filter" data. Many antivirus programs and antispyware programs use this. Unfortunately, so do other programs, like some adware/spyware, hijackers, etc.

    What is happening is that X-cleaner is finding IMON inserted into LSP chain, but does not know what to make of it. Thinking it may be an "undesirable", it asks you if you want to "repair" it. In the process, it ends up breaking IMON.
     
  3. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Can NOD be excluded from an X-Cleaner scan?
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    X-Cleaner (if it's the one I'm thinking about) is a fully automated quick-scan app with no options.
     
  5. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    And what exactly would keep malware from doing the same thing that x-cleaner has done?
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Hmm.. I was thinking the same thing. If something can disable IMON it can also disable AMON I think. I know you can't disable NOD32kui/krn (unless the driver is disabled?) but the on-demand scanner can. Hmmm indeed..
     
  7. GWA

    GWA Registered Member

    Joined:
    May 21, 2005
    Posts:
    59
    Location:
    Albuquerque, New Mexico
    I would sure like to know about this as well. :eek:
     
  8. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Maybe Marcos can comment?
     
  9. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    Still waiting on an answer from someone at ESETo_O
     
  10. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    You can protect the registry keys that control the LSP stack using RegDefend, and the polling registry/spyware monitors can tell you when things are changing (or have recently changed). Both RegDefend and RegRun watch the key in their default configuration, MJ Registry Watcher does as well and I think that Microsoft AntiSpyware does (see here, the LSP stack is stored under the key HKLM\System\CurrentControlSet\Services\WinSock2)

    For NOD to partially protect itself it would need to poll the LSP registry entries periodically to ensure that its LSP modules are still installed and show a warning if they were gone. There are practical limits to what NOD can do to protect itself without implementing enough functionality to become a full blown security suite.

    It probably would make sense to at least have a simple startup and periodic check because that would consume relatively few resources and at least warn if the module has fallen out of the stack while the configuration thinks it should be there
     
  11. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i would just like to point out that Trend Micro's Anti-spyware also has a similar function which scans the LSP chain, however unlike x-cleaner, u can disable the check.
     
  12. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    Well this is most typical of things here.......in most threads here the ESET folks will reply to mundane things, make comments, etc., however, when specifically asked about something, will not give an answer. Either that or lock it prematurely.
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Thank's gottadoit and WSFuser for pinch hitting and answering our questions.:D
     
  14. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Well, either that, or they are off somewhere enjoying the weekend.
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    There are not many threads locked at all in the Nod32 forum.

    Cheers :D
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Thank's for posing the question. It was a good one.:)
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    with that question in mind, i have a few more:

    which software should protect the lsp chain? nod32, or a third-party tool maybe?
    and should all security software have some sort of self-protection (like norton does)?
     
  18. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    ESET? Me thinks this thread is going to be ignored!
     
  19. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Perhaps version3 will incorporate this?
     
  20. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    Why has this thread been ignored after repeatedly asking for an answer from an ESET representative on this "official" ESET support forum?
     
  21. GuruGuy

    GuruGuy Registered Member

    Joined:
    Jun 18, 2005
    Posts:
    48
    bump...
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    GuruGuy, enough with the bumping.

    I have asked for someone at Eset to reply to this thread.

    Blackspear.
     
  23. BenoitG

    BenoitG Registered Member

    Joined:
    Sep 24, 2005
    Posts:
    5
    Blackspear, thank you very much. The purpose of my thread was not to try to catch ESET but just to make sure my configuration was good. So far NOD32 is an excellent product, far superior to any av I have used before. This forum is great but next time I will go directly to ESET customer support to avoid public flaming, my mistake this time.

    Again thank you.
    Regards
    Ben



     
  24. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The purpose of your original post is well known to all and you are not responsible for any other poster. We as individuals are solely responsible for our own posts. GuruGuy is bothered by the fact that he has not had a response from Eset yet regarding a question he posed sometime earlier in your thread that was indirectly related. Any upset has nothing whatsoever to do with you.:)
     
    Last edited: Nov 8, 2005
  25. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    No problem at all.


    This is the official Nod32 support forum, and the question you asked is good, and answers ought to be given. Also this way we have a knowledgebase that can be delved into by others with the same questions.

    Don’t worry about those trying to aggravate a thread, that is what Moderators are for.


    My pleasure.

    Cheers :D
     
Thread Status:
Not open for further replies.