Jump to content

Archived

This topic is now archived and is closed to further replies.

Baraa Modallal

ESET was automatically uninstalled

Recommended Posts

I just noticed that ESET wasn't giving me a warning sign opening a known malicious website, I went to the task bar to realize that it doesn't exist there.
I first thought it was forced to close, but when I search for the program, I can see its thumbnail, but when I click it, it says "location not found".
This is a disaster, leaving my computer exposed for couple of days without my knowledge, I have tons of external drives attached to it, because I "used to" trust that ESET will protect me from all the viruses.
Now I have to do a whole wipedown because I'm sure that my computer is infested with tons of viruses.
This is a joke.

Untitled.png

Share this post


Link to post
Share on other sites

ESET cannot uninstall itself. However, it happens that if a user doesn't have settings protected with a password and an unauthorized person manages to log in with administrator rights, the person (attacker) pauses protection or uninstalls ESET.

Please make sure that you don't have RDP enabled if you don't need it. If you need it for remote access, use VPN and RDP only within your local network. Also make sure that all critical OS updates are installed and administrator users don't use weak passwords.

Share this post


Link to post
Share on other sites

Open Windows Task Manager and verify if Eset Service is running. In Win 10, it should be listed as Eset Service (2). Click on it and two services will be shown; Windows Firewall Helper and Eset Service. Note that the Firewall Helper Service would only appear for EIS or ESS. NOD32 doesn't include the Eset firewall component.

If the Eset Service is running, this indicates you're protected and the problem lies in the Eset GUI interface components.

Share this post


Link to post
Share on other sites
4 hours ago, Baraa Modallal said:

I just noticed that ESET wasn't giving me a warning sign opening a known malicious website, I went to the task bar to realize that it doesn't exist there.
I first thought it was forced to close, but when I search for the program, I can see its thumbnail, but when I click it, it says "location not found".
This is a disaster, leaving my computer exposed for couple of days without my knowledge, I have tons of external drives attached to it, because I "used to" trust that ESET will protect me from all the viruses.
Now I have to do a whole wipedown because I'm sure that my computer is infested with tons of viruses.
This is a joke.

Untitled.png

Marhaba , What is Windows Security reporting ? that Windows Defender is running or ESET? , If you RDP to your PC , make sure to firewall to your IP so others won't have access , only you

And as others said , ESET won't remove itself , unless someone with admin rights has done so , a malware can do so also.

Share this post


Link to post
Share on other sites

As @Rami noted and assuming you're running Win 10, Windows Defender would immediately engage if for some reason, Eset's real-time protection was non-functional. As such, you would still be protected from malware.

Share this post


Link to post
Share on other sites
4 hours ago, Marcos said:

it happens that if a user doesn't have settings protected with a password and an unauthorized person manages to log in with administrator rights, the person (attacker) pauses protection or uninstalls ESET.

You do like this explanation, don't you?????

What can be more convenient then blaming the user for "not securing his PC"????

And I assume I will banned for reveling the truth....

Share this post


Link to post
Share on other sites
26 minutes ago, novice said:

And I assume I will banned for reveling the truth....

I most certainly hope so. That will give you time to work on your spelling skills.

As far as what the "truth" is, we haven't established that Eset is non-functional as evidenced by the absence of ekrn.exe running. All that is known at this point is that Eset's GUI interface is non-functional.

Share this post


Link to post
Share on other sites
47 minutes ago, itman said:

we haven't established that Eset is non-functional

This doesn't matter... If somehow is an ESET glitch , still the old "an unauthorized person manages to log in with administrator rights and disabled ESET.." can be used successfully.

Who can prove otherwise????

Share this post


Link to post
Share on other sites
17 hours ago, novice said:

This doesn't matter... If somehow is an ESET glitch , still the old "an unauthorized person manages to log in with administrator rights and disabled ESET.." can be used successfully.

Who can prove otherwise????

Who can prove this is the case?

You are obviously trolling and need to be banned.

Share this post


Link to post
Share on other sites

Also for the record, any third party Windows AV solution can be uninstalled by simply doing so via Control Panel -> Uninstall programs option.

Even Windows Defender which technically can't be uninstalled can be disabled via registry means. As far as Win 10 1903 tamper protection of it goes, just turn off that option setting and then proceed with the registry disabling method.

Share this post


Link to post
Share on other sites
1 hour ago, itman said:

Also for the record, any third party Windows AV solution can be uninstalled by simply doing so via Control Panel -> Uninstall programs option.

I remember an antivirus ( do not recall which) asking for CAPTCHA  in order to proceed with uninstall.

A simple and elegant solution.

Share this post


Link to post
Share on other sites
1 hour ago, novice said:

I remember an antivirus ( do not recall which) asking for CAPTCHA  in order to proceed with uninstall.

A simple and elegant solution.

And eset has a password option if enabled. As i have pointed 100s of times and probably shouldnt anymore, the AV is only part of a security setup. Its no good using an AV with for example a no longer supported update or without all the latest patches. Until people realisle the importance of this problems like this will happen.

But again as also mentioned we dont know what has happened and all we can do is suggest. 

Share this post


Link to post
Share on other sites
2 hours ago, novice said:

I remember an antivirus ( do not recall which) asking for CAPTCHA  in order to proceed with uninstall.

Worthless if the attacker has remote control of the system. He will just enter the CAPCHA characters as you would if physically present at the device. As far as the CAPCHA validation server is concerned as long as the response are the valid characters requested, it satisfies the validation.

Solutions such as Emsisoft primarily use CAPCHA to control disabling of real-time protection; not to validate software being uninstalled. Your best protection against hidden misuse of software uninstallers is to always keep UAC at its maximum level. This will ensure you get a UAC alert when such activity is taking place.

Your overall best protection against unwanted system activities is to always use a standard user account for normal system activities. As such, any unwanted system activities requiring elevated privileges such as software install/uninstall will fail since that account lacks those privileges.

Share this post


Link to post
Share on other sites
20 minutes ago, itman said:

You overall best protection against unwanted....

And you were advising me to work on my spelling skills....

Share this post


Link to post
Share on other sites

All said, I came across this interesting article showing how both Eset ERA and File Security could be remotely uninstalled using PowerShell: https://mikefrobbins.com/2018/03/01/remotely-uninstall-eset-antivirus-with-powershell/ .

Note that the attacker would have to have intimate knowledge of the targeted system since specific registry keys must be specified.

Share this post


Link to post
Share on other sites
10 hours ago, novice said:

I remember an antivirus ( do not recall which) asking for CAPTCHA  in order to proceed with uninstall.

A simple and elegant solution.

Only recall Webroot doing this.

Share this post


Link to post
Share on other sites
9 hours ago, itman said:

All said, I came across this interesting article showing how both Eset ERA and File Security could be remotely uninstalled using PowerShell: https://mikefrobbins.com/2018/03/01/remotely-uninstall-eset-antivirus-with-powershell/ .

Note that the attacker would have to have intimate knowledge of the targeted system since specific registry keys must be specified.

It's a standard uninstallation via msiexec. If ESET is protected with a password, the esmc agent service should be protected as well.

Share this post


Link to post
Share on other sites
15 hours ago, novice said:

And you were advising me to work on my spelling skills....

I hate to sound personal but I love how when it comes to it you tend to pick selected stuff and ignore the things people have said

Share this post


Link to post
Share on other sites
9 hours ago, peteyt said:

I hate to sound personal but I love how when it comes to ....

Hate and love so close each other....:wub:

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...