Update to EAV v4 causes internet to stop working

Discussion in 'ESET NOD32 Antivirus' started by musicmasteria, May 29, 2009.

Thread Status:
Not open for further replies.
  1. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    Hi... My previous version of EAV (v3) was crashing in the middle of scans so I decided to update to EAV v4 yesterday. Well that didn't turn out so good...

    My computer is a:
    Vista SP1 64Bit Gateway Laptop

    What I did:
    Disabled all internet
    Removed EAV3 from my comp (possibly not completely but I'm pretty sure I did it right)
    Restarted
    Installed EAV4
    Enabled the internet

    What happens:
    The scan runs, finds 1-2 trojans, but stops scanning at 90% stuck on some .iso file.
    Also, NOD32 is unable to update it's virus list (signature? something... idk what it's called)

    Why?
    The internet has gone down...

    Well that's great...
    Tried to repair the internet -- "No Problem Found" -- What? Ya there is...

    Went to Start > Run > cmd > "ping yahoo.com"
    Returns everything is normal...
    Opens IE, Firefox, Google Crome... all unable to connect
    Skype and Google Talk both unable to connect as well...

    Checked status of internet:
    "Local and Internet" -- OK... what happend?...

    ----
    ----

    So the computer things it is fine but it isn't.

    I tried:
    (Followed the guide)
    Uninstalled EAV 4,
    Rebooted into safe mode
    Removed the user files and program folders
    Reboot
    Reinstalled EAV 4, checked internet... still not working
    (Repeat 3 times)
    No luck...

    I haven't tried reinstalling EAV 3 but as it was crashing before, I doubt it will do me much good.

    ----
    ----

    So.... any ideas/fixes as to why I have lost all connection to the internet?
    (btw I restarted my router in between one of those reinstalls, no luck)

    What should I do now?

    Thank you for your help in advance!

    --

    Musicmasteria
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    You need to get rid of trojans. Exclude that or those .iso then scan again. If still having probs visit one of the sites @ bottom of the link to help you clean that comp
    https://www.wilderssecurity.com/showthread.php?t=42148
     
  3. CivilTaz

    CivilTaz Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    146
  4. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    Yes I realize it is infected but like I said, it gets stuck at 90% on the scan.

    The files we both quarantined but I was never given the option to delete them. (It said they would be deleted on a restart but I'm not sure if they were removed on one of the many restarts I have done since then.

    The real question is, is it NOD32 that is breaking the internet or is it a virus that somehow poped up when I upgraded NOD32 to version 4?
     
  5. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    I just noticed something a little strange as well...

    I have always had 2 Program File folders:
    C:\Program Files\
    C:\Program Files (x64)\

    But now the (x64) is a (x86), so they are now:

    C:\Program Files\
    C:\Program Files (x86)\

    Why did NOD32 change my (x64) to a (x86)?

    But more importantly, where did my internet go?
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    get rid of malware and then you can troubleshoot further if necessary
     
  7. CivilTaz

    CivilTaz Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    146
    Are u sure nod32 did that? It seems more like a virus behavior.
     
  8. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    I'm in the middle of a scan now. (92%) At this moment it says "Number of Threats: 0" so so far so good. This scan isn't including my external harddrive though which had the .iso it got stuck on last time so I will run a seperate scan on that later.


    It could be but the timing of the change makes me doubt it.
    The existance of a "Program Files (x86)" folder isn't a bad thing (it's supposed to be for all the 32 bit programs on your comp) but why it changed from (x64) to (x86), I don't know.


    UPDATE:
    Scan was at 99% but jumped back to 11% when it finished with C:\ and went on to D:\
    So nothing found in C:\ (primary) this time. I guess I deleted those quarantines when I was installing/deleting/reinstalling NOD32 v4.

    So if the cause of the internet is a virus, NOD32 should find it in D:\ or else it isn't a virus causing the internet to be inaccessible to all my programs.
     
    Last edited: May 29, 2009
  9. CivilTaz

    CivilTaz Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    146
    Do you know that there are viruses released everyday? Maybe u got infected by a virus that Nod32 doesnt detect yet. New viruses need to be added to the signatures, so if they haven't, nod32 won't be able to detect it. That's why i told u to run malwarebytes, its a good tool for remove trojans, and it detects new threats faster.
     
  10. xMarkx

    xMarkx Registered Member

    Joined:
    Dec 1, 2008
    Posts:
    447
    Hello,

    If your machine is still infected and the latest version of ESET NOD32 Antivirus didn't pick up anything else, you need to download and install and then run in safe mode another anti-malware program such as MalwareBytes which everyone here is recommending because it's very good. Then, if you can, send the infected files to ESET so they can add them to their Virus Signature Database as soon as possible. Since you're internet is gone, you'll need to download the setup file onto a removeable media source like a memory stick or CD and then install it on the infected computer.

    Regards,

    Mark.
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
  12. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    Alright, another Update:

    NOD32 found no infections on C:\ or D:\

    I downloaded MalwareBytes (free version) and ran a Quick Scan.

    It found 2 registry infections

    Here is the log for that:
    (Run in regular mode, not Safe Mode)

    It then had me reboot to finish deleting those infections. It looks like it quarantined them. I'm going to run a full scan and see if it finds anything else.

    I'm still skeptical that this is a virus however. The timing is just too strange and I'm thinking about reverting to version 3 to see if internet returns.

    I've heard of incompatibilities between vista and NOD32 v4 but I thought it was only for SP2 of Vista...

    ronjor, I looked at both the links you provided and neither of them seems to help... I did also look through the forums for other people with the same issue but no luck there either.

    UPDATE: Aborted full scan in MalwareBytes and restarted into Safe Mode.
    Restarted MalwareBytes Full Scan and Started a NOD32 command line (defaulted to it) scan as well. (Is running them at same time ok?)

    I'll leave those overnight and see what happens in the morning.
    Note: Still no internet even when it says that it does... ("Connected: Local and Internet")
     
    Last edited: May 30, 2009
  13. CivilTaz

    CivilTaz Registered Member

    Joined:
    Nov 19, 2008
    Posts:
    146
    It seems u couldn't update malwarebytes, something is blocking access to internet. You'll need to look for other ways to solve it.
     
  14. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    Seriously... "Something is blocking access to internet"
    I mentioned that already... Not even NOD32 can update itself.
    :p
     
  15. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    are there errors in eventviewer logs? if you boot in SafeMode with networking can you access the net?
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Maybe you could start with running "netsh winsock reset" to see if it helps.
     
  17. Biscuit

    Biscuit Registered Member

    Joined:
    May 26, 2006
    Posts:
    978
    Location:
    Isle of Man
    I've found on several occasions that Nod32 v4 will block Internet access. Just remove Nod32 & see if it comes back. On one occasion, installing Nod32 v3 for a customer still did not work & I had to use Nod32 v2.7 which worked fine.

    When running a MBAM scan, do not also run a Nod32 scan at the same time. Also download the latest version of MBAM (from another computer) & install that later version.

    Also, check IE proxy connections setup & check that there's nothing odd in there.
     
  18. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    An update to the overnight scan:
    MalwareBytes found another 2 infections but they were file infections this time in D:\. The Quickscan just searched C:\ I assume.

    NOD32... still nothing there.

    I did run them at the same time. Would that make them miss anything?


    Are you taking about NOD32 or MalwareBytes? NOD32 has quite a few "Cant open"/"file protected" errors when it runs. I didn't see any errors in the MalwareByters. I guess I can try connecting to the internet in safe mode but that sounds like I'd be asking for more viruses at that point.

    I'll try that as well. Thanks for the idea.

    So at least I'm not alone - "I've found on several occasions that Nod32 v4 will block Internet access."

    My version of MBAM is the most recent one they had on the site. - "download the latest version of MBAM"

    I guess I can do this but I doubt it would be causing such a global problem - "Also, check IE proxy connections setup & check that there's nothing odd in there."


    Thanks for the help thus far everyone. I hope we can get to the bottom of this.
     
  19. musicmasteria

    musicmasteria Registered Member

    Joined:
    May 29, 2009
    Posts:
    14
    YAY some progress!

    I did "netsh winsock reset" and after a restart the internet is back!

    I'm still wondering what caused it to go down though.
    I've never had to do anything with netsh winsock before this, not even with NOD32 v3.

    Thx Marcos for putting that out there. I hope nothing else goes wrong now. :)
     
  20. mbuc310

    mbuc310 Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    51
    Location:
    Phoenix, AZ, USA
    Those rogue spyware programs will kill your internet connection. MWB is a great program to rid yourself of them. You can get the latest sig from the malwarebytes website as a separate download from the program. Flash drive it from a working computer to the infected one and run the updater. Superantispyware is another tool. No silver bullet to keep the crud out. NOD32 and a little help from these works for me. They also have tools built in to reset your IP/winsock. Handy.
    Matt
     
Thread Status:
Not open for further replies.