install corrupted / registry key locked even in safe mode

Discussion in 'ESET Smart Security' started by red_jack, Apr 8, 2010.

Thread Status:
Not open for further replies.
  1. red_jack

    red_jack Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    56
    I remotely updated ESS to the 4.2 and it locked up during the install - registry key failure on update. The PC had to be hard reset, eset is there but corrupted to start kernel. Every attempt to uninstall or reinstall fails with registry permissions. I have logged in with admin with service perms and I can not remove these keys for the services or the hklm software eset The installer errors on scheduler key first then eventually can not ignore past the service key. had someone reboot the PC in safemode, tried running the esetuninstaller.exe it detects the install but it fails on removing the keys also, permissions. I have tried taking ownership on all keys starting from the subkeys, no access. I removed all the common locations of exe files. I have created a new user with admin priv, still no access. I tried the MS install cleaner, doesn't see eset installed. I cleaned out the temp files and cached msi. I have tried several tools that try to reset perms on the keys. There has to be another way to get this uninstalled without me going up there with a boot CD to manually remove the registry key from offline editor. Is there a system dll loaded up protecting the entries even in safe mode? All the keys are visible, just no type of changes are allowed.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    No, in safe mode it must be possible to remove the ESET key unless there's a problem with permissions or perhaps corrupted registry hive.
     
  3. red_jack

    red_jack Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    56
    Yeah that is what I thought also but it was still locked. The registry itself was healthy. HijackThis has that tool that scans the registry, aside of the normal entries that show up, only the Eset services were denied access. I ended up booting it up with a PE disk and editing the reg hive offline. This method they were deleted no problems, no change of permissions was needed... Something had to be loaded up protecting those keys, system service, msi, eset, dunno.

    Here is part of the error log, run from safemode HDD OS

    [04/08/10 14:46:00] Eset services and devices ...
    [04/08/10 14:46:00] Services: deleted service: Epfwndis
    [04/08/10 14:46:00] Services: deleted device: ESET_EPFWNDISMP
    [04/08/10 14:46:00] Services: deleted service: eamon
    [04/08/10 14:46:00] ERROR! Service delete failed! 0x5
    [04/08/10 14:46:00] Services: deleted device: LEGACY_EAMON
    [04/08/10 14:46:00] Services: deleted service: ehdrv
    [04/08/10 14:46:00] ERROR! Service delete failed! 0x5
    [04/08/10 14:46:00] Services: deleted device: LEGACY_EHDRV
    [04/08/10 14:46:00] Services: deleted service: ehttpsrv
    [04/08/10 14:46:00] Services: deleted service: ekrn
    [04/08/10 14:46:00] Services: deleted device: LEGACY_EKRN
    [04/08/10 14:46:00] Services: deleted service: epfw
    [04/08/10 14:46:00] ERROR! Service delete failed! 0x5
    [04/08/10 14:46:00] Services: deleted device: LEGACY_EPFW
    [04/08/10 14:46:00] Services: deleted service: epfwtdi
    [04/08/10 14:46:00] ERROR! Service delete failed! 0x5
    [04/08/10 14:46:01] Services: deleted device: LEGACY_EPFWTDI
    [04/08/10 14:46:01] Services: deleted device: LEGACY_EPFWTDIR
    ..
    ..
    [04/08/10 14:46:02] Uninstallation ESS/EAV/EMSX failed.

    I had the same problem installing another upgrade install. I am not using the push from era. These were standard msi installer with cfg.xml - interactive gui method. I was connected with RAdmin 3.4. Normally soon as the firewall goes active my remote connection is dropped and reconnects no problem. The config file has the zone rule to allow the radmin connections. These last two installs, it disconnected me a second time - this is not normal. Upon the 2nd reconnect is when the PC is locked up. The remote screen will not generate an image. The authentication process is being done but the remote session never completes. On the local side screen is still picture Eset msi box but not responding, locked up. Eventually the authentication request will no longer prompt but there is a handshake going on because the tcp is not timing out. The only program that I can see being able to conflict on the install is malwarebytes 1.45.
    The second PC that locked up did not have the same problem of the regkey. Soon as the PC was rebooted, the Eset installer tried to recover itself. The user logged on, a few minutes later all the open windows are closing and the system reboots. The PC performed two automated system shutdowns like that back to back and then it was running fine with Eset installed.
    The next install I am going to use the same package but with reboot cmd switch enabled. See if that gets me out of the lockup at the end of the install.
     
  4. red_jack

    red_jack Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    56
    malwarebytes active protection conflicts with eset 4.x installer

    Just a follow up for anyone that cannot re-install Eset 4.x after clean uninstall while you have full version of malwarebytes installed. I had to open a case file w eset to help locate the problem. Apparently there are others reporting install issues when Malwarebytes active protection is installed. The problem is not with the freeware version installed. Eset installer will not complete the install, locks up after the driver and service install. MSI service will be stuck in wanting to reboot your PC after a hard reboot. Can't install, repair or uninstall Eset. Safemode reboot, esetuninstaller.exe will bring back to previous state. Malwarebytes seems to be preventing the installer to complete. I had even shutdown the mbam service and mbam.exe prior to eset installer, still locked up. Working solution is to uninstall malwarebytes, reboot, install Eset, reboot, install malwarebytes, reboot. Everything is running normal again. Verified problem/solution on three machines.
     
  5. Archie2

    Archie2 Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    3
    Re: malwarebytes active protection conflicts with eset 4.x installer

    Thanks so much for this post. I had been trying for 5 hours, to fix this problem with my desktop pc, before finding this forum and this very solution.
    It was so easy after reading this, to cure my problem.

    Thanks again,
    Archie
     
Thread Status:
Not open for further replies.