Jump to content
James Harper

NOD32 deinstalled without my knowledge

Recommended Posts

I downloaded a file and I wanted to check if it was a safe file, I right-clicked it and the Eset option was nowhere to be found. I searched on my computer for NOD32 but I didn't found it. I went to windows security and there wasn't even anything except the title. I've searched the internet for answers but I couldn't found it. Can someone please help me with this?

windefender.png

Share this post


Link to post
Share on other sites
Posted (edited)

Open Windows Task Manager and see if either Eset Service or ekrn.exe is running. Additionally, Eset Proxy GUI should also be listed and running.

In any case "Security at a glance" should not be totally blank. Does this directory, C:\Program Files\ESET\ESET Security, exist assuming you're running a x(64) Windows version. Does it contain files and folders?

Also are you running Windows Pro or Enterprise?

Edited by itman

Share this post


Link to post
Share on other sites

Im running Windows 10 Pro x(64)

I can't find the ESET folder in neither Program files or Program files x86. It seems deleted.

Share this post


Link to post
Share on other sites
Posted (edited)
8 hours ago, James Harper said:

Im running Windows 10 Pro x(64)

As such, you have full RDP functionality enabled. My best guess at this point is someone possibly did a brute force RDP attack against you. I am also assuming you haven't configured any logon password lockout restrictions via Group Policy.

The attacker once connected to your device remotely uninstalled Eset and only God knows what else was done. Once Eset was uninstalled, Windows Defender should have immediately "kicked in" as your real-time AV solution with Windows Firewall being your firewall protection. Since Windows Security Center is devoid of any details, it appears the attacker also disabled those. Again using Win Task Manager see if the Windows Defender engine process, MsMpEng.exe, is running. If you are not running Win 10 1903, WD has no self-protection. Even if on ver. 1903, self-protection might not have been enabled if you never used WD previously. This was the case on my 1903 build. I had to manually enable WD self-protection the first time I use it. If the attacker had remote access to your device, he could have just simply disabled WD self-protection via Windows Security Center access. He then could have disabled both the Win Firewall and Windows Defender services.

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...