v3 Install problem - cannot start Ekrn

Discussion in 'ESET NOD32 Antivirus' started by Capp, Aug 17, 2009.

Thread Status:
Not open for further replies.
  1. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    I am working on a XP Pro SP2 machine.

    For the past couple of years, it has had NOD32 v2.7 that I installed on it. Last week, it began doing some weird stuff. Anytime the user opened IE6, a message stating that "Error occurred during communication with NOD32 Kernal Service" and then it would close the IE window. Even after unistalling NOD32 completely, it was closing after opening with no message.

    I looked into to system a little deeper and saw that the ekrn service wasn't even running. I tried to manually start it and was told that it could not be started due to insufficient privelages. Knowing I'm running on an Admin account, I knew there was a problem.

    So, I uninstalled NOD32 v2.7, Deleted the c:\prog..\Eset folder, did a full registry cleaning, cleared all temp files and restarted.

    Then I downloaded v3 today and tried to install. It makes it all the way to the end of the install and says "could not start kernel service, insufficient privelages" again. I manually try to start it in services.msc and as soon as I click start, it says "did not respond in a timely manner"

    There has never been another Antivirus on this system as I installed everything from scratch when it was brand new. The only other security tools on this system are SpywareBlaster, Spybot S&D, and SuperAntispyware. None of which are running real-time.

    I have done full system scans with Spybot and SuperAntispyware and everything they found was removed. Subsequent scans show nothing.

    Ran CCleaner as well. All Windows updates are installed. Updated System to IE7. Can now surf the web without it closing on its own, but cannot install NOD32. Ran HiJackThis and saw nothing of interest.

    I'm at a loss as to why this is happening. Any ideas?

    Thanks
     
  2. e36

    e36 Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    80
    Possible malware (?)
     
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Updates:

    After reading the entire Eset KB library, I saw that maybe i needed to reinstall the .Net 1.1 Service pack. Downloaded and installed that....no dice.

    Tried reinstalling NOD32 v2.7. Service would not start after reboot. GUI started though.

    Tried reinstalling v2.7 via batch file with setup file attached. Service would not start after reboot.

    Tried manually starting service via services.msc and via command prompt. Told me "Service did not respond in a timely manner"

    So, Back to trying v3 installer.

    Makes it to the end and fails stating "cannot start Eset Service (Ekrn)...." again.

    Tried doing install on separate account with admin privileges, same thing.

    Going to try and download the Sysinspector and see if it finds anything.

    Any help is appreciated because this just doesn't make sense.
     
  4. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Quite definite a possibility. There were some Trojans on the system that Spybot S&D and SuperAntispyware found, but according to further scans, they find nothing.

    Didn't see anything in HijackThis that would indicate an infection either.

    *Shrugs* I dunno
     
  5. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Ran SysInspector. Didn't find anything other than the Spybot Host file entries as "critical" Nothing else looked threatening.

    Tried running Eset's online scanner, would not respond after clicking "install ActiveX control".

    I believe there is something on there I cannot find. It now won't let me access Regedit either, so I don't know what is going on.
     
    Last edited: Aug 17, 2009
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    The best would be to create a log from SysInspector and send it to customer care along with a description of the problem for perusal.
     
  7. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Will do, hope they can find something I can't.
     
  8. e36

    e36 Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    80
  9. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    GPEDIT.MSC in the " run " box
    viruses like to change settings here.To regain access to regedit, even though it might be checked as not configured, click the not configured again and try again.

    http://img34.imageshack.us/img34/5822/81626107.jpg

    then do a full registry search of all keys and values of ekrn.exe and delete all you find, you might have to right click and edit permissions for some of the keys to be deleted.then reboot and try again.
     
  10. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    After a whole lot of work and getting Eset Customer Support to analyze my SysInspector log, I finally found something on another website that had me download "ComboFix", which seemed to actually fix the problem.

    I was able to re-install NOD32 v3 just fine.

    Now, my problem is....I can't get it to update.

    On the update page it says "Update has not been run yet". I click "update" and it says its trying to update, then it just goes back to the same screen.

    Nothing on the Event log, definitions dated 10/2008...which is the date of the last build.

    Prior to this install, I did a complete uninstall, deleted program folders, all temp files, registry keys, and application data folders before reinstalling.

    It at least runs now, but does not update. I don't know if I should have started a new thread over this or not since its kinda related, but a different problem.

    Anybody?
     
  11. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    it sounds like something has messed with the registry permissions on that machine. Perhaps a repair install with the XP disc would help, then install SP3 ?
     
  12. nonoise

    nonoise Registered Member

    Joined:
    Jun 6, 2008
    Posts:
    322
    try to restart ekrn.exe process and update again. theres whole bunch of things to try, as described here. if that doesn't help, i'd go with dannyboys recommendations.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Can you access this file in your browser?
     
  14. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Ok, Problem has been corrected.

    Marcos: Yes, I could download the file from the browser just fine.

    nonoise: I had already read through all of that. The problem was, I wasn't actually getting an error. It just wouldn't update. It just kept saying "Update hasn't been run yet"

    dannyboy: That was one part of the initial problems, but I got that fixed.


    Eset Customer Support had be try to do the install with v4, so I did, and it seems to be working and updating the way it always did before. No sign of infection from previous scans, browser doesn't close on it's own, etc.. So, it seems to be fixed.


    Thank you guys for your help, I do appreciate it :D
     
Thread Status:
Not open for further replies.