Installation issue due to malware

[leo_nazareth 0]

I'm having trouble installing the NOD32 antivirus, during the installation it gives me the warning that the installation failed possibly due to the presence of spyware. I have already used the tool to scan the installer's own malware and also the ESET Online Scanner, both give me warnings that they have removed malware but the problem persists.

I collected the log through the ESET Log Collector and send it here as an attachment.

 

 

eav_logs.zip

[Marcos 5,074]

Have you tried running the ESET Uninstall tool in safe mode as per https://support.eset.com/en/kb2289-uninstall-eset-manually-using-the-eset-uninstaller-tool and then installing the latest v13.0.24 from scratch?

[leo_nazareth 0]

I actually didn't have any version of ESET NOD32 Antivirus installed. After the problem I installed other applications like ESET Online Scanner but the antivirus does not have.

[Marcos 5,074]

The thing is ekrn.exe was already running when you attempted to install ESET.  Please run the Uninstall tool in safe mode and install the latest version from scratch as suggested above.

When deciding between ESET NOD32 Antivirus (EAV) and other products such as ESET Internet Security or ESET Smart Security Premium, please note that unlike the other two products EAV cannot protect you from bruteforce attacks and from exploitation of vulnerabilities in network protocols, e.g. in case a particular critical Windows update is not installed as soon as made available by Microsoft.

[leo_nazareth 0]

Marcos,

Thanks for the help

I runned the unistall tool and it works.

 

 

[leo_nazareth 0]

After solving the previous problem I noticed that my EAV is not starting automatically with windows.

I tried to enable it through the windows task manager (it's disabled there) but I can't. I also tried it through the CCleaner app and says it is not possible.

I tried some solutions found in this topic https://forum.eset.com/topic/15233-eset-service-isnt-starting-after-shutdown/ , including the alternative that solved the problem ( https://forum.eset.com/topic/22602-installation-issue-due-to-malware ), where several threats were removed but did not work.

I ran ESET Log Collector for both cases, with windows just started and after starting EAV manually, I'm sending the first one attached here, and because of the limited size I will send the other one by the link hxxp://www.mediafire.com/file/k8u1n69oqjbx133/eav_logs_after_Run_Nod32.zip/file.

eav_logs.zip

Edited February 27, 2020 by leo_nazareth

[Marcos 5,074]

Ekrn is running, it's just gui that isn't. Please provide a Procmon boot log from a system start as well. For instructions, please refer to https://support.eset.com/en/kb6308-using-process-monitor-to-create-log-files#boot logs

[leo_nazareth 0]

Marcos,

Here is the boot log:

 

https://www.mediafire.com/file/ii9t4i078q2kj51/BootLog_LN.zip/file

[Marcos 5,074]

I've checked the log, however, it's not clear what causes the issue. Ecmds is registered in the run key, however, explorer doesn't attempt to run it at all.

I've noticed scpbradguard.exe running. What kind of protection software is it? Could you try uninstalling it?

[itman 1,659]

2 hours ago, Marcos said:

I've noticed scpbradguard.exe running. What kind of protection software is it?

Appears to be some type of bank provided security software. Appears among other things to be an anti-keylogger.

Ref.: https://www.advanceduninstaller.com/Componente-de-Seguran-a-Bradesco-fc49ec89df3fbd05adc38f47002ae212-application.htm

OP's bank might require it to do online banking activities.