Mauricio Osorio 1 Posted March 4, 2019 Share Posted March 4, 2019 I have a problem with some computers on my client's network When i try to install an EMA (Agent) everything works well but when i try to install EES it does not run. It install without any errors, but doesnt run anyway. I have tried to executed manually but does not work either. Maybe its a malware problem but this answer is not enough for my client. How can i solve this issue?. On this link you can see the installation process and the problem with it: https://youtu.be/aSt5w7xMZvA Regards. Link to comment Share on other sites More sharing options...
axlgabo10 0 Posted March 4, 2019 Share Posted March 4, 2019 Hello Mauricio, apparently you are installing an endpoint version on a server, you need the product eset file security on servers. links file server: 32 bits: https://download.eset.com/com/eset/apps/business/efs/windows/latest/efsw_nt32.msi 64 bits: https://download.eset.com/com/eset/apps/business/efs/windows/latest/efsw_nt64.msi Link to comment Share on other sites More sharing options...
Administrators Marcos 3,830 Posted March 4, 2019 Administrators Share Posted March 4, 2019 Let's start off by gathering logs with ESET Log Collector. It could be that ekrn.exe and egui.exe processes are running but the gui is not showing up for some reason. You can also check if the eicar test file is detected / blocked. Link to comment Share on other sites More sharing options...
Mauricio Osorio 1 Posted March 4, 2019 Author Share Posted March 4, 2019 Just now, axlgabo10 said: Hello Mauricio, apparently you are installing an endpoint version on a server, you need the product eset file security on servers. links file server: 32 bits: https://download.eset.com/com/eset/apps/business/efs/windows/latest/efsw_nt32.msi 64 bits: https://download.eset.com/com/eset/apps/business/efs/windows/latest/efsw_nt64.msi Thanks for your answer, it isn't a server, that is a skin that my client uses to use!. Link to comment Share on other sites More sharing options...
Mauricio Osorio 1 Posted March 4, 2019 Author Share Posted March 4, 2019 Just now, Marcos said: Let's start off by gathering logs with ESET Log Collector. It could be that ekrn.exe and egui.exe processes are running but the gui is not showing up for some reason. You can also check if the eicar test file is detected / blocked. Thanks Marcos for your answer. On ESMC you can see this error on that computer: (Attached) (eset product is installed but not running) I will try to take out the Log Collector and upload it as soon as possible. Thanks!. Link to comment Share on other sites More sharing options...
Administrators Marcos 3,830 Posted March 5, 2019 Administrators Share Posted March 5, 2019 I'd better check ELC logs since the warning from the ESMC console doesn't ring a bell. For instructions how to gather ELC logs, please refer to http://support.eset.com/kb3466/. Link to comment Share on other sites More sharing options...
Mauricio Osorio 1 Posted March 5, 2019 Author Share Posted March 5, 2019 (edited) 10 hours ago, Marcos said: I'd better check ESET Log Collector logs since the warning from the ESMC console doesn't ring a bell. For instructions how to gather ESET Log Collector logs, please refer to hxxp://support.eset.com/kb3466/. Hi @Marcos, On the attachment you can see the logcollector. Thanks for your help!. Regards. ees_logs.zip Edited March 5, 2019 by Mauricio Osorio forget to mention my interlocutor Link to comment Share on other sites More sharing options...
Mauricio Osorio 1 Posted March 6, 2019 Author Share Posted March 6, 2019 Maybe is there some information about this topic?. Regards. Link to comment Share on other sites More sharing options...
Administrators Marcos 3,830 Posted March 8, 2019 Administrators Share Posted March 8, 2019 You have Win32/Agent.AABQ trojan and Win32/TrojanDownloader.Agent.DVC trojan running there. The detection was added in Nov 2018 and Jan 2019 respectively. Please run a disk scan with ESET Online Scanner and clean the malware. Move the following files to a new folder (e.g. c:\esetvir). Next reboot the machine, compress the content of the folder and submit the archive to samples[at]eset.com. Only after you receive a reply delete the content of the folder: c:\windows\system32\s c:\windows\system32\p c:\windows\system32\tasks\DnsCore c:\windows\system32\tasks\Microsoft\Windows\RegistryCore c:\windows\system32\tasks\Mysa1 c:\windows\system32\tasks\Mysa2 c:\windows\system32\tasks\Mysa3 Finally try to install ESET from scratch. Link to comment Share on other sites More sharing options...
Mauricio Osorio 1 Posted March 8, 2019 Author Share Posted March 8, 2019 3 hours ago, Marcos said: You have Win32/Agent.AABQ trojan and Win32/TrojanDownloader.Agent.DVC trojan running there. The detection was added in Nov 2018 and Jan 2019 respectively. Please run a disk scan with ESET Online Scanner and clean the malware. Move the following files to a new folder (e.g. c:\esetvir). Next reboot the machine, compress the content of the folder and submit the archive to samples[at]eset.com. Only after you receive a reply delete the content of the folder: c:\windows\system32\s c:\windows\system32\p c:\windows\system32\tasks\DnsCore c:\windows\system32\tasks\Microsoft\Windows\RegistryCore c:\windows\system32\tasks\Mysa1 c:\windows\system32\tasks\Mysa2 c:\windows\system32\tasks\Mysa3 Finally try to install ESET from scratch. Thanks for your answer. I'll try and tell you how it's going. Link to comment Share on other sites More sharing options...
Recommended Posts