I just noticed that my Eset Smart Security doesn't appear to be working, there was no icon in the system tray and when I checked with Process Explorer the ekrn service was not running. When I checked services.msc I saw that the service was disabled and if I try to set it to automatic and Apply I get a message "Access is denied". I checked msconfig and it seems to indicate that Selective Startup is enabled and in services the Eset service is unchecked (the only service or startup item that's unchecked, I'm using Windows 7 btw) and if I attempt to change the Startup Selection to "Normal Startup" and Apply it gives no error message but changes right back to Selective Startup. If I attempt to go to services and to enabled / check the Eset service and click Apply the same thing happens and Eset goes back to being unchecked. If I go into Control Panel / Programs and Features and select Eset Smart security and click Change, I get the setup program and if I try to repair it I just get a series of messages: The Installer has insufficient privileges to modify this file: C:\Program Files\ESET\ESET Smart Secuirty\callmsi.exe my only option is Cancel, Retry and Ignore and if I ignore it just goes on with the same message file after file.
I kind of figure that I've got some kind of virus that managed to get on the system and disable Eset Smart Security and somehow change permissions on the Eset service or on the file or folder permissions. I'm manually checked the permissions on ESET\Smart Security and the files in that directory but they seem correct with my user account as the folder owner and both the system and administrators accounts have full control of the folder. I've also tried using subinacl and this script:
cd /d "C:\Program Files (x86)\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f
to reset to defaults whatever registry, folder and file permissions are blocking me from starting the Eset service but I have the same problem after as before.
I'm trying to run the Eset online scanner to see if it can detect and remove whatever virus is causing the problem but all it found on the C: system drive was 6 instances of Win32/OpenCandy.A; I have two additional hard drives that I use for data storage which are being scanned now. If it locates anything else I'll post back with the results.
I've also tried looking at all scheduled tasks and I don't see anything suspicious.
Any ideas? Anything I haven't tried to get Smart Security working again?