opti1

(I've searched the forum but haven't found an answer to my question . . .) I seem to remember that earlier this year ESET NOD32 put up messages to the screen warning that updates to v16 for Windows 7 would end sometime in 2024 (please correct me if I am 'mis-remembering' 🙂). I tucked the information away but now I cannot find it. Can someone please clarify what is the plan going forward for Windows 7 updates? I.e., will virus signature and module updates stop, will ESET NOD32 itself stop working, and if so after what date? Thanks!

@itman Thanks for replying. It seems others who have tried to access or get information about that domain had the same experience after this particular domain was outed as a source of the malware. Presumably the owners killed it and moved to another domain. But there was a period of time when VirusTotal was able to find it and scan it with several dozen different anti-virus\anti-malware software packages, the vast majority of which treated it as 'Clean'. That's kind of scary . . .

I have read and heard many times that Malwarebytes anti-malware plays well with ESET products. Is this so? And does this mean Malwarebytes can also run real-time with ESET running real-time or should Malwarebytes only be run manually? Thoughts?

What is ESET's position on this which appears to be the source of a "fake ‘Windows Defender’ scare": "Along with a great deal of other information, VirusTotal maintains a separate detection webpage listing the vendors that do and do not perceive a threat in the Dothrakiz domain name shown in Figure 1." Do the latest signatures for ESET products still treat this domain as clean, or not perceive it as a threat? Thanks!

Great. Thanks for the quick response!

Hello, I am running ESET NOD32 version 13.1.21.0. ESET just pushed a big pop-up that asked me to install the latest update. I checked this forum to confirm there is an update but I don't see anything. Is there a new update to NOD32? Thanks!

Ugh. Unfortunately I no longer have the Flash Player download I ran that caused trouble on the laptop. I asked ESET to delete it. I still have the one I downloaded to the desktop, and also the one from last month, but I don't know that they would help since both ran without issues. By the way, it seems that I have the current updated version of the Flash Player on the laptop so it appears that the update installer completed its task. Thanks again for all of your input into my trying to understand this incident.

My ESET Detections log, shown below, has only four entries, all associated with this incident. I assume that is one entry for each of the four times I clicked on the Delete button (instead of the 'Allow to proceed' button) because the window was slow to close. I cannot find anywhere that specifically shows which files were deleted, only that Delete was the action taken. Thanks again for all of your input into my trying to understand this incident.

Thanks again for your response. What you say makes sense. What do you make of the ESET deep scan I 'ran as Administrator' finding no threats? I.e., no Kryptik variant like it detected when I tried to update the Flash Player nor any other malware? When ESET detected the Kryptik variant and presented me with the options to Delete 'the file' or to allow the process to continue I selected Delete. Would you expect that ESET deleted the Kryptic variant, that it is gone, and that is why it wasn't detected on the run as Administrator scan, or that it could still be hiding somewhere? Thanks!

Yep. Working on it. 🙂

Thanks again for your response. The Cyrillic language popup did not appear on my desktop, only on my laptop, and only after I attempted to update the Flash Player and ESET detected the Kryptic variant threat. As mentioned above the Cyrillc language popup has not returned to the laptop so far. On my desktop the Flash Player update installed without problems or threat notification from ESET nor the Cyrillic language popup as it always has so far. I allow Adobe to notify me that an update is ready for download but I always manually go to their site to download it and install it and I always uncheck the boxes to install McAfee or whatever additional third party software they have offered. The file that I manually downloaded was flashplayer32_xa_install.exe which matches what you describe in your response to Nux. As best as I can recall this episode on my laptop with ESET detecting the Kryptik variant and then my getting the Cyrillic language popup is the first time I have had any problem installing the Flash Player on any of our PCs.

Thanks again for your response. Yesterday without success I tried to force the renewal pop up on this laptop by logging off and back on, restarting my laptop, logging off and shutting down and starting up again, launching the ESET GUI, etc.. But after all of that I didn't see any renewal pop up, neither the normal English language pop up nor the same unusual non-English language pop up shown in the image in my previous message. I also haven't seen any renewal pop up since I started this laptop today. It's possible that this laptop never has given me renewal pop ups and only shows the renewal message in the ESET GUI along with the orange border color coding, etc. That non-English pop up may be just part of a one-time event associated with running the Flash Player update that ESET detected as a threat. It would be interesting to get a translation of what the non-English pop up says.

Thanks again for your latest response. No renewal pop up has popped up again since the one in what appeared to be Russian. I am waiting for the next one, not sure what triggers it. Yes, the ESET GUI appears to be normal. I have gone through almost all of the screens and everything is in the English language.

Thanks for your response. I ran the full "Scan as Administrator" as you suggested, results shown below. I am still confused as to why ESET didn't also detect the Kryptik variant on my desktop when I ran the Flash installer there. I was updating from the same previous version of Flash to the same current version of Flash. I am also still confused as to why ESET is now showing me the renewal pop up message in a language other than English . . .

So, in addition to this Flash Installer issue I now have this . . . My ESET subscription runs out in a few days, 7 I think. I have been getting the appropriate pop up window reminding me to renew, always in English on all three of our Windows PCs. Just now on this laptop the following window popped up. I don't know what language it is and I don't understand why it changed from English . . . but it seems strange that it would happen at the same time that I have this issue with the Flash installer . . . Thoughts?

Right, I figured as much. I scanned the .exe file just to confirm and eliminate that as an issue.

Thanks all for your responses. @Marcos From my original post: "About an hour ago I installed this same update to Adobe Flash without any problem on my desktop that has the same versions and updates of Windows, Flash, ESET NOD32, and Malwarebytes Anti-Malware. I still have the downloaded C:\install\flashplayer32_xa_install.exe file on my desktop so I scanned it with both ESET and Malwarebytes Anti-Malware and neither found any threats on that one." Both the laptop and the desktop have Windows 7 Home Premium SP1 64-bit. The detection was not triggered on the desktop. And I 'always' manually exclude the McAfee installer although I suppose it's remotely possible that unchecking one of the two check boxes didn't take this time.

So I just downloaded and tried to install the latest update to Adobe Flash, 32.0.0.387, on Win7 Home Premium SP1 64-bit, on my laptop. I'm running ESET NOD32 13.1.21.0, with Detection Engine 21489. After I entered the Administrator password to the prompt to allow the update to install I got the pop up shown below from ESET NOD 32. After some searching to see if I could find anything about this I selected to delete the file C:\install\flashplayer32_xa_install.exe. My log file shows ESET detected and deleted this threat four times between 7:19:52 and 7:28:07 PM which probably represents the number of times I clicked on the Delete button before the pop up went away (I saw no other way to get rid of the pop up other than allowing the update to proceed). There's a gap of about eight minutes between the first delete entry and the second through fourth entry which all are within seconds of each other. About an hour ago I installed this same update to Adobe Flash without any problem on my desktop that has the same versions and updates of Windows, Flash, ESET NOD32, and Malwarebytes Anti-Malware. I still have the downloaded C:\install\flashplayer32_xa_install.exe file on my desktop so I scanned it with both ESET and Malwarebytes Anti-Malware and neither found any threats on that one. Thoughts? Is this a false positive on the laptop or a missed threat detection on the desktop? Should I download the Flash update again to my laptop and allow it to proceed if I also get the ESET pop up with the warning again? (I know, I know, uninstall Flash and be done with it . . .) Thanks!

Thanks, Marcos.

I'm running Windows 7 Home Premium SP1 64-bit and ESET NOD32 AV 13.1.21.0. The attached image just popped up on my screen. ESET was not open when this happened. Is it legitimate? If yes, the buttons are confusing. What happens if I click on STAY PROTECTED? What happens if I click on POSTPONE? Does the pop up keep coming back? What happens if I just 'X' out? Thanks!

Today I noticed the orange dot on the ESET icon in Win7 system tray. I opened NOD32 and saw 'updates stopped by user'. So I checked for updates and version 13.0.22.0 came down and installed, with reboot. So far I'm running without issues on two Win7 Home Premium 64-bit PCs. 🙂

Ok, I see there is now a change log for v12.2.29.0 at the top of this forum. Thanks! It's dated September 5 but I can't believe I didn't see it when I posted my message above . . .

I'm running Windows 7 Home Premium SP1 (I know, running out of time) . . . After booting up just now I noticed a message waiting for me on the NOD32 notification icon (orange dot). I opened NOD32 and the message said downloads for an update had been stopped at my request (or words to that effect). As far as I know I did not actively stop any downloads, but I checked for updates. Notification of system updates popped up so, I downloaded them and they installed. I got the request to restart, which I did, and now I have NOD32 version 12.2.29.0. I haven't been able to find any mention of version 12.2.29.0 anywhere. I assume the release notes are coming? This pattern of receiving messages from NOD32 that updates were stopped because I terminated the downloads just started recently on all three of our PCs. I don't recall getting these messages before. I used to get a pop up that let me know the updates were available and ready for download. But now it seems to try to update automatically without notifying me and something prevents the update. Is this a new behavior initiated by ESET or has something else changed on our PCs to cause this? Thanks!

Shortly after my previous post Malwarebytes released Anti-Exploit update 1.12.1.48 that appears to have fixed this problem.

The problem with Firefox 58.0.2 (and other versions) no longer loading pages was caused by an update to Malwarebytes Anti-Exploit on March 8. Apparently it affects only some users. Uninstalling MBAE fixes the problem. Malwarebytes are aware of the problem and are investigating.