Is it a problem with Winsock or something else?

Discussion in 'ESET NOD32 Antivirus' started by N0kTu2nL, Jul 9, 2008.

Thread Status:
Not open for further replies.
  1. N0kTu2nL

    N0kTu2nL Registered Member

    Joined:
    Jul 9, 2008
    Posts:
    4
    Hi, let me start by saying that I've never experienced any troubles with NOD32 'til now. I've always used Blackspear's Extra Settings (for NOD32 2.7) and the antivirus ran like a dream. This year I purchased a 2-year licence, and after trying EAV 3.0 problems arose.

    I recently reformatted my computer's hard drive, not because it became infected with anything (and it was my last resort) but because I like to do it once a year. I figured testing EAV 3.0 would be better done on a fresh, clean system.

    I installed EAV 3.0 without any issues and prior to initially updating it, my computer was running perfectly (fast for a not so new machine). However after the initial update, connecting to the Internet became a serious issue. Connecting became a very SLOW process (I have 56k dial-up BTW please don't laugh too hard).

    I'd read something about high CPU usage with EAV 3.0 and more than a few NOD32 devotees say stick with 2.7 so rather than fiddle around searching for an answer I simply uninstalled 3.0, rebooted, deleted the ESET folder and installed NOD32 v2.70.39 (set up with Blackspear's settings once more). Nonetheless when I tried to update it, I still experienced the slow connecting.

    Then I remembered the mention of a damaged or corrupted LSP Chain (Winsock) and seeing as I was experiencing a "slow connection" I took a guess and deduced that this was probably my problem also.

    Fixing Winsock didn't run smoothly. I tried with 'Winsock XP Fix' but the problem persisted so I tried the manual repair. I ran regedit, deleted the 2 Registry keys, then restarted Windows. But when I went to Install TCP/IP the instructions did not match the procedure (for me at least).

    Blackspear's instructions are below:

    Step 2. Install TCP/IP

    1. Right-click the network connection, and then click Properties.
    2. Click Install.
    3. Click Protocol, and then click Add.
    4. Click Have Disk.
    5. Type C:\Windows\inf and then click OK.
    6. On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.
    7. Restart the computer.
    8. Repair IMON; see post number 55 HERE


    When I right-click on the network connection, and then click Properties there is no Install button. I have to navigate to the Networking tab to find an Install button. Furthermore Internet Protocol (TCP/IP) is already there listed in the "This connection uses the following items:" list.

    I followed the rest of the instructions 3. - 8. but it didn't resolve the situation, and my guess is I mightn't have performed the procedure correctly.

    Other software I have installed and running are: Comodo BOClean 4.26, ZoneAlarm Pro 7.0, and SpywareBlaster 4.1.

    I'm 99.9% positive there are no infections of any kind on my computer. I do take security seriously and I scan with other things such as: Dr.Web CureIt!, Rootkit UnHooker 3.7.300.503 (in addition to several other rootkit detectors: e.g. IceSword, Rootkit Revealer etc.) none of 'them' nor ESET's SysInspector and SysInternal's ProcessExplorer show any unordinary processes. WinXP (Home) + SP2 is up-to-date with all the latest security patches (except for SP3) I'll wait a while with that one. I disable some unnecessary services (Automatic Updates, Indexing Service) for better performance. And I do weekly scans with SUPERAntiSpyware Free, Microsoft Windows Malicious Software Removal Tool, and occasionally PrevX CSI. None of the aforementioned software detects anything dodgy.

    Just to recap, after connecting to the Internet, my system runs extremely slowly until NOD32 has updated, after it has updated (1 to 2 mins) everything works perfectly again. That's the only time I experience the problem. Scanning files there's no problem.

    I've since uninstalled 2.7, tried fixing Winsock and resetting TCP/IP (yet again) and now I'm presently back on EAV 3.0.667. The problem continues. Please can someone suggest another approach to this Winsock problem (if that is the problem at all?). I understand a lot of you do not have any issues with v3.0 but clearly some of us do.

    I also want to mention something else... The ESET download page displays EAV 3.0 as being 20Mb, but my download of it is only 17,439Kb (17.4Mb). I don't want to sound pedantic but 17.4 megabytes is not 20 megabytes and when it comes to security software there're a lot of fakes out there.

    At this point I'm even questioning the authenticity of my software. I purchased my single-computer 2-year licence through "Antivirus Australia Pty Ltd" (based in lovely Queensland). I was given their details after contacting sales @ eset com au (dots left out intentionally). Can somebody please verify that 'Antivirus Australia' is indeed a genuine ESET NOD32 reseller?

    Thanks in advance :)

    PS. I just wanna' add a special shout-out (great BIG thank you) to all those kind members of the Wilders Security Forums who're constantly helping people solve their problems. I became a regular daily visitor here in 2006 after I fell victim to Gromozon. In a way the rootkit was a blessing in disguise because I became fascinated with security, I enjoy learning new things, and trying different security set-ups. But I'm sticking with ESET (for now at least, hehe). :D
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Just to be sure, when did this actually start and have you installed yesterdays Microsoft Updates, in particular KB951748 ?
     
  3. N0kTu2nL

    N0kTu2nL Registered Member

    Joined:
    Jul 9, 2008
    Posts:
    4
    Hi Bubba, my connection problem started around the 2nd to 3rd week of June. It began after I updated EAV3.0 for the first time.

    I've used NOD32 for nearly 2 years, updates were always quick and I could browse web sites "while" NOD updated quietly in the background. Now it's impossible to do anything "until" NOD's finished updating.

    And it's not the "actual update" that seems to take long, it's "beginning" the update which takes time. It's like it "stalls" at update.ver. Once it's 'finally' started the downloading of the files is normal for a 56k modem.

    Regarding the Microsoft--ZoneAlarm thingy, no that doesn't apply to me as I haven't downloaded/installed that particular M$ update.
     
  4. N0kTu2nL

    N0kTu2nL Registered Member

    Joined:
    Jul 9, 2008
    Posts:
    4
    My apologies for double-posting but I finally figured out what "my" problem was, and it's pretty embarrassing! :oops:

    The WinsockXPFix worked, whereas I thought it didn't because my Hosts file wasn't reset. But my Hosts file was locked by ZoneAlarm (so in a way you're right Bubba, ZA related). :cool:

    What should you do if you use a Hosts file larger than 135Kb? Disable the DNS Client in Services! :rolleyes:

    This problem plagued me for over a month! I disabled DNS Client today and connecting to the Internet went back to normal. :D

    Sorry to waste peoples time. :(

    I'm back on v3.0 BTW. ;)
     
Thread Status:
Not open for further replies.