Marcos

In the mean time, you can try installing the following fixes and see if it helps: hxxp://support.microsoft.com/kb/2664888 hxxp://support.microsoft.com/kb/2735855 hxxp://support.microsoft.com/kb/979278 hxxp://support.microsoft.com/kb/981889

The install log didn't look as if the installation was interrupted due to an error. Please PM me a SysInspector log from your computer.

If the zip file wasn't detected, it could be that the archive was empty or corrupt. Today I've seen some emails with ORDER---9601228-4285214.zip attached and Order_details.exe inside but these were already detected as Win32/TrojanDownloader.Wauchos. Also make sure that you have the most current signature database 8858 installed.

Please follow the instructions in this KB article.

I'd suggest running a disk scan with ESET Online scanner first. If no malware is found, install ESET NOD32 Antivirus or ESET Smart Security from scratch and create install logs as per the instructions here. When done, send me the logs attached to a personal message.

If email protection detects malware in an email message, it's removed automatically by default. You can run a full disk scan (including a memory scan) to make sure that the computer is most likely malware-free.

Try reinstalling Windows Installer please.

If your system is Windows XP or Windows 2000, any application communicating via http will generate a communication via ekrn.exe which works as a local proxy.

Maybe the solution would be to use Eshell to disable protection during a backup or use it to temporarily exclude the target backup folder.

Without knowing the detection name (and ideally getting the file itself along with the ESET Event log), it's impossible to comment on it. Maybe EMSX updated to the signature database containing a signature for the given malware after the email was received by the mail server.

We recommend using default (automatic) mode for users unless they experience issues with certain applications. In automatic mode, all outgoing communication is allowed and all non-initiated incoming communication attempts are denied.

It's blocked because of a Java exploit present on the domain.

Please start Windows in safe mode and rename the drivers C:\Windows\System32\drivers\ehdrv.sys and eamonm.sys, one at a time. Let us know if renaming either driver makes a difference.

Does it happen with Device control integration disabled? Note that after disabling it, it's necessary to restart the computer for the change to take effect.

It happens that such archives are empty or corrupt so their content is benign. Please send some examples of suspicious files get get through your ESET protection as per the instructions here.

No. A password is always required when an operation potentially affecting protection is attempted.

I'd suggest the following: - enable debug logging - reproduce the problem - provide Customer care with the debug log C:\ProgramData\ESET\ESET Remote Administrator\Server\logs\era_debug.log Are you able to connect to ERAS after restarting the ERAS service by running the following commands with elevated admin rights? "net stop era_server" "net start era_server"

Just to make sure, does BSOD occur with the latest version 6.0.316 or you have an older one installed? If possible, try to reproduce it with the latest v6 or v7 beta and let us know about your findings. An issue with symlinks pointing to a different volume was already fixed in an older build of v6.

Regarding upd.ver, reading from or writing to it definitely cannot cause any issues. Please contact Customer care and provide them with the Procmon log for analysis. As for the problems with submitting longer posts, I've notified our forum administrator and we'll look into it.

It was not the icon file but an actual anchor referencing to a site recently hosting a malicious content. HTML/SrcInject is an algorithmic detection that is triggered automatically in case of a reference to a malicious site (ie. it was not made on purpose because somebody had reported it to us).

If you are from Belgium and purchased the license from the Belgian distributor, please fill in the support form in Belgian or French to contact the local Customer care. In the mean time, you can activate a 30-day trial version which will provide full protection until the issue is sorted.

Installation of a newer version over an older one with settings preserved has always been supported.

I'm able to access it without anything being blocked. There was a reason for the block as the domain referenced from the website in question has recently hosted malware endangering users.

It doesn't matter if ekrn is 32 or 64-bit, you wouldn't notice any difference at all if it was 64-bit.

It was a reference to a server known to have recently hosted malware which was blocked. The block has been adjusted slightly so that it's not triggered in this particular case.