Unable to re-install NOD32 AV v5

Discussion in 'ESET NOD32 Antivirus' started by UtherIV, Dec 24, 2011.

Thread Status:
Not open for further replies.
  1. UtherIV

    UtherIV Registered Member

    Dec 24, 2011
    Hello. I've reached this forum looking for an answer to this, yet found nothing.
    A few months ago, I updated NOD32 v4 to v5 directly, as I couldn't find a way to just update the program modules (reaching the lastest v4 version); I don't actually remember if I did a fresh install or not, but it didn't really matter in the moment, as the transition was flawless and the new version got up and running after the required reboot.
    Everything was fine, yet, very recently, I realized the Web protection module wasn't working; it said there had been problems at initializing the required services and the HTML/POP3 protection wouldn't work.
    At first, I thought it was just a one-time issue, yet the next time I started Windows, the problem persisted.
    Worried, I ran a Malwarebytes' Anti-Malware full scan, which found and deleted 2 Trojans (sadly, I was asked to shut the PC down in the middle of the night and as sleepy as I was, couldn't pay attention to the infections' names/files and locations). Nevertheless, NOD32 was still unable to "start" those services.
    So I tried probing with other anti-malwares, such as Spybot - S&D, Windows Defender and Microsoft's Malware Removal Tool... Only to find out that Win Defender seemed to be affected as well- its service was no-where to be found, and had to resort to a borrowed reg file to get it running again. Even so, none of them found a single intrusion.
    Back to the AV, I finally decided to re-install it, after 2 failed repairs (the repair processes ran fine, yet the issue was still there).
    No problem with the uninstall whatsoever, ran CCleaner, rebooted, CC again, and reinstalled: the setup downloaded v5's last version, prompted for configs, and started installing- when it reached the "Installing drivers" part, it quickly rolled back and removed everything, saying it ended "prematurally".
    By now, I've already tried running the setup multiple times (this time, downloaded v5's last version in Latam Spanish .msi so it doesn't have to download it over and over again), some of those using the ESETUninstaller.exe method, yet with no success.
    The last time I decided to follow ESET's instructions for getting a setup log file, and found this particular lines near the issued part:

    MSI (s) (E4:94) [13:50:08:011]: Executing op: CustomActionSchedule(Action=EMsiInstallDrivers,ActionType=3073,Source=BinaryData,Target=InstallDriverPackages,CustomActionData={6EBB8CAE-947C-4B88-9A8C-C48C89D1CAA8}C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\epfwwfpr\3)
    MSI (s) (E4:94) [13:50:08:011]: Creating MSIHANDLE (380) of type 790536 for thread 660
    MSI (s) (E4:1C) [13:50:08:027]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI649B.tmp, Entrypoint: InstallDriverPackages
    MSI (s) (E4!F8) [13:50:08:027]: Creating MSIHANDLE (381) of type 790531 for thread 1272
    ESET: Entering CA InstSupp!InstallDriverPackages
    MSI (s) (E4!F8) [13:50:08:027]: Closing MSIHANDLE (381) of type 790531 for thread 1272
    MSI (s) (E4!F8) [13:50:08:432]: Creating MSIHANDLE (382) of type 790531 for thread 1272
    [SIZE="4"][B]RunUpdatedDriver failed with error 433[/B][/SIZE]
    MSI (s) (E4!F8) [13:50:08:432]: Closing MSIHANDLE (382) of type 790531 for thread 1272
    MSI (s) (E4!F8) [13:50:08:432]: Creating MSIHANDLE (383) of type 790531 for thread 1272
    ESET: Returing from CA InstSupp!InstallDriverPackages, with status 1075
    MSI (s) (E4!F8) [13:50:08:432]: Closing MSIHANDLE (383) of type 790531 for thread 1272
    [SIZE="4"][B]CustomAction EMsiInstallDrivers returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)[/B][/SIZE]
    MSI (s) (E4:1C) [13:50:08:432]: Closing MSIHANDLE (380) of type 790536 for thread 660
    Finalización de la acción 13:50:08: InstallFinalize. Valor devuelto 3.
    MSI (s) (E4:94) [13:50:08:432]: User policy value 'DisableRollback' is 0
    MSI (s) (E4:94) [13:50:08:432]: Machine policy value 'DisableRollback' is 0
    MSI (s) (E4:94) [13:50:08:432]: Executing op: Header(Signature=1397708873,Version=500,Timestamp=1066954296,LangId=13322,Platform=589824,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
    MSI (s) (E4:94) [13:50:08:432]: Executing op: DialogInfo(Type=0,Argument=13322)
    MSI (s) (E4:94) [13:50:08:432]: Executing op: DialogInfo(Type=1,Argument=ESET NOD32 Antivirus)
    MSI (s) (E4:94) [13:50:08:432]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Revirtiendo la acción:,,CleanupAction=RollbackCleanup,CleanupDescription=Quitando archivos de copias de seguridad,CleanupTemplate=Archivo: [1])
    Acción 13:50:08: Rollback. Revirtiendo la acción:
    I will post the full log, if really needed.
    Also, FYI I'm using Win 7 x64 Ultimate SP1, and System Restore is a no-go.. not only I don't remember when has this started, I also think I've erased most of them =/

    So, could you please help me with this? I REALLY do not want to reinstall the whole OS. Any help is appreciated, and thanks in advance. (Sorry if I took too long).

    PS: Do you think it could be that particular v5 version? Is there a chance it could work with the previous v5? I'm gonna try, and post any changes here.
  2. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    Could you please upload the install log somewhere and PM me the download link ? I suspect it could be that some malware removed the Base Filtering Engine in your Windows 7. You can check it in the Control panel -> Administrative tools -> Services.
  3. UtherIV

    UtherIV Registered Member

    Dec 24, 2011
    You're right, I'm missing both Base Filtering Engine and Windows Firewall.
    "Googling" about the service I've found this ESET kb support; shall I go with this, or have you come up with a different method?
    Anyway, I've uploaded the log for you to confirm your suspitions.
    Thanks a lot.

    PS: Do you know a way to recover Windows Firewall? That ESET page just gives you the tools for BFE. Thanks again.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.