Jump to content

NOD32 deinstalled without my knowledge

James Harper

By James Harper
in ESET NOD32 Antivirus

 Share

Recommended Posts

James Harper

James Harper 0

Posted
Posted

I downloaded a file and I wanted to check if it was a safe file, I right-clicked it and the Eset option was nowhere to be found. I searched on my computer for NOD32 but I didn't found it. I went to windows security and there wasn't even anything except the title. I've searched the internet for answers but I couldn't found it. Can someone please help me with this?

windefender.png

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

Open Windows Task Manager and see if either Eset Service or ekrn.exe is running. Additionally, Eset Proxy GUI should also be listed and running.

In any case "Security at a glance" should not be totally blank. Does this directory, C:\Program Files\ESET\ESET Security, exist assuming you're running a x(64) Windows version. Does it contain files and folders?

Also are you running Windows Pro or Enterprise?

Edited by itman
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)
8 hours ago, James Harper said:

Im running Windows 10 Pro x(64)

As such, you have full RDP functionality enabled. My best guess at this point is someone possibly did a brute force RDP attack against you. I am also assuming you haven't configured any logon password lockout restrictions via Group Policy.

The attacker once connected to your device remotely uninstalled Eset and only God knows what else was done. Once Eset was uninstalled, Windows Defender should have immediately "kicked in" as your real-time AV solution with Windows Firewall being your firewall protection. Since Windows Security Center is devoid of any details, it appears the attacker also disabled those. Again using Win Task Manager see if the Windows Defender engine process, MsMpEng.exe, is running. If you are not running Win 10 1903, WD has no self-protection. Even if on ver. 1903, self-protection might not have been enabled if you never used WD previously. This was the case on my 1903 build. I had to manually enable WD self-protection the first time I use it. If the attacker had remote access to your device, he could have just simply disabled WD self-protection via Windows Security Center access. He then could have disabled both the Win Firewall and Windows Defender services.

Edited by itman
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...