ESET was automatically uninstalled

Baraa Modallal · August 4, 2019

I just noticed that ESET wasn't giving me a warning sign opening a known malicious website, I went to the task bar to realize that it doesn't exist there.
I first thought it was forced to close, but when I search for the program, I can see its thumbnail, but when I click it, it says "location not found".
This is a disaster, leaving my computer exposed for couple of days without my knowledge, I have tons of external drives attached to it, because I "used to" trust that ESET will protect me from all the viruses.
Now I have to do a whole wipedown because I'm sure that my computer is infested with tons of viruses.
This is a joke.

Edited August 4, 2019 by Baraa Modallal

Marcos · August 4, 2019

ESET cannot uninstall itself. However, it happens that if a user doesn't have settings protected with a password and an unauthorized person manages to log in with administrator rights, the person (attacker) pauses protection or uninstalls ESET.

Please make sure that you don't have RDP enabled if you don't need it. If you need it for remote access, use VPN and RDP only within your local network. Also make sure that all critical OS updates are installed and administrator users don't use weak passwords.

itman · August 4, 2019

Open Windows Task Manager and verify if Eset Service is running. In Win 10, it should be listed as Eset Service (2). Click on it and two services will be shown; Windows Firewall Helper and Eset Service. Note that the Firewall Helper Service would only appear for EIS or ESS. NOD32 doesn't include the Eset firewall component.

If the Eset Service is running, this indicates you're protected and the problem lies in the Eset GUI interface components.

Edited August 4, 2019 by itman

Nightowl · August 4, 2019

4 hours ago, Baraa Modallal said:

I just noticed that ESET wasn't giving me a warning sign opening a known malicious website, I went to the task bar to realize that it doesn't exist there.
I first thought it was forced to close, but when I search for the program, I can see its thumbnail, but when I click it, it says "location not found".
This is a disaster, leaving my computer exposed for couple of days without my knowledge, I have tons of external drives attached to it, because I "used to" trust that ESET will protect me from all the viruses.
Now I have to do a whole wipedown because I'm sure that my computer is infested with tons of viruses.
This is a joke.

Marhaba , What is Windows Security reporting ? that Windows Defender is running or ESET? , If you RDP to your PC , make sure to firewall to your IP so others won't have access , only you

And as others said , ESET won't remove itself , unless someone with admin rights has done so , a malware can do so also.

itman · August 4, 2019

As @Rami noted and assuming you're running Win 10, Windows Defender would immediately engage if for some reason, Eset's real-time protection was non-functional. As such, you would still be protected from malware.

novice · August 4, 2019

4 hours ago, Marcos said:

it happens that if a user doesn't have settings protected with a password and an unauthorized person manages to log in with administrator rights, the person (attacker) pauses protection or uninstalls ESET.

You do like this explanation, don't you?????

What can be more convenient then blaming the user for "not securing his PC"????

And I assume I will banned for reveling the truth....

itman · August 4, 2019

26 minutes ago, novice said:

And I assume I will banned for reveling the truth....

I most certainly hope so. That will give you time to work on your spelling skills.

As far as what the "truth" is, we haven't established that Eset is non-functional as evidenced by the absence of ekrn.exe running. All that is known at this point is that Eset's GUI interface is non-functional.

novice · August 4, 2019

47 minutes ago, itman said:

we haven't established that Eset is non-functional

This doesn't matter... If somehow is an ESET glitch , still the old "an unauthorized person manages to log in with administrator rights and disabled ESET.." can be used successfully.

Who can prove otherwise????

itman · August 5, 2019

17 hours ago, novice said:

This doesn't matter... If somehow is an ESET glitch , still the old "an unauthorized person manages to log in with administrator rights and disabled ESET.." can be used successfully.

Who can prove otherwise????

Who can prove this is the case?

You are obviously trolling and need to be banned.

itman · August 5, 2019

Also for the record, any third party Windows AV solution can be uninstalled by simply doing so via Control Panel -> Uninstall programs option.

Even Windows Defender which technically can't be uninstalled can be disabled via registry means. As far as Win 10 1903 tamper protection of it goes, just turn off that option setting and then proceed with the registry disabling method.

novice · August 5, 2019

1 hour ago, itman said:

Also for the record, any third party Windows AV solution can be uninstalled by simply doing so via Control Panel -> Uninstall programs option.

I remember an antivirus ( do not recall which) asking for CAPTCHA in order to proceed with uninstall.

A simple and elegant solution.

peteyt · August 5, 2019

1 hour ago, novice said:

I remember an antivirus ( do not recall which) asking for CAPTCHA in order to proceed with uninstall.

A simple and elegant solution.

And eset has a password option if enabled. As i have pointed 100s of times and probably shouldnt anymore, the AV is only part of a security setup. Its no good using an AV with for example a no longer supported update or without all the latest patches. Until people realisle the importance of this problems like this will happen.

But again as also mentioned we dont know what has happened and all we can do is suggest.

itman · August 5, 2019

2 hours ago, novice said:

I remember an antivirus ( do not recall which) asking for CAPTCHA in order to proceed with uninstall.

Worthless if the attacker has remote control of the system. He will just enter the CAPCHA characters as you would if physically present at the device. As far as the CAPCHA validation server is concerned as long as the response are the valid characters requested, it satisfies the validation.

Solutions such as Emsisoft primarily use CAPCHA to control disabling of real-time protection; not to validate software being uninstalled. Your best protection against hidden misuse of software uninstallers is to always keep UAC at its maximum level. This will ensure you get a UAC alert when such activity is taking place.

Your overall best protection against unwanted system activities is to always use a standard user account for normal system activities. As such, any unwanted system activities requiring elevated privileges such as software install/uninstall will fail since that account lacks those privileges.

Edited August 5, 2019 by itman

novice · August 5, 2019

20 minutes ago, itman said:

You overall best protection against unwanted....

And you were advising me to work on my spelling skills....

itman · August 5, 2019

All said, I came across this interesting article showing how both Eset ERA and File Security could be remotely uninstalled using PowerShell: https://mikefrobbins.com/2018/03/01/remotely-uninstall-eset-antivirus-with-powershell/ .

Note that the attacker would have to have intimate knowledge of the targeted system since specific registry keys must be specified.

Azure Phoenix · August 6, 2019

10 hours ago, novice said:

I remember an antivirus ( do not recall which) asking for CAPTCHA in order to proceed with uninstall.

A simple and elegant solution.

Only recall Webroot doing this.

Marcos · August 6, 2019

9 hours ago, itman said:

All said, I came across this interesting article showing how both Eset ERA and File Security could be remotely uninstalled using PowerShell: https://mikefrobbins.com/2018/03/01/remotely-uninstall-eset-antivirus-with-powershell/ .

Note that the attacker would have to have intimate knowledge of the targeted system since specific registry keys must be specified.

It's a standard uninstallation via msiexec. If ESET is protected with a password, the esmc agent service should be protected as well.

peteyt · August 6, 2019

15 hours ago, novice said:

And you were advising me to work on my spelling skills....

I hate to sound personal but I love how when it comes to it you tend to pick selected stuff and ignore the things people have said

novice · August 6, 2019

9 hours ago, peteyt said:

I hate to sound personal but I love how when it comes to ....

Hate and love so close each other.... :wub:

Sign In

ESET was automatically uninstalled

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics