Installation Problems due to Malware Detected

[rbkaiser 0]

14 hours ago, itman said:

Right mouse click on the Rainmeter shortcut. Select Properties and take a screen shot of what is shown. Post screen shot in your forum reply.

yes that's for my customized desktop icons and layout. had that there since i got the PC in 2016

[itman 1,659]

Looks like it is time to employ the "heavy gun" in regards to what is attempting to run these .dlls at system startup time.

Download SysInternal's Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . Unzip it. From the extracted folder created, right button mouse click on Autoruns.exe and run it as Administrator.

Once it starts up and populates entries, mouse click on the Options tab and ensure it is configured as shown in the below screen shot:

I believe Autoruns will repopulate after the above reconfiguration. If it does not, terminate it and restart it as done above.

Copy each file name shown below:

startupchecklibrary.dll

winscomrssrv.dll

one at a time into the "Filter" box shown at the top of the Autoruns screen display. After each file name entry, wait for Autoruns to complete its search. Delete the existing file name entry prior to entering the next one ensuring Autoruns has first repopulated all entries.

If Autoruns finds a startup entry for the file name, post a screen shot of the entire Autoruns screen display where the entry was found. Terminate Autoruns execution for the time being.

Edited July 26, 2020 by itman

[itman 1,659]

Also after posting the above Autoruns use, I actually found a posting on how to do the same that can be referenced if my instructions are a bit confusing: http://sufistech.com/startupchecklibrary-dll-and-winscomrssrv-dll-error-on-windows-startup-fixed/

Also it appears that startupchecklibrary.dll and winscomrssrv.dll detections are pretty wide spread. For example, Windows Defender also detected same as noted here:http://www.geekstogo.com/forum/topic/373867-there-was-a-problem-starting-startupchecklibrarydll/ . There were also statements made that these detections might be false positives. Appears the issue dates back to a borked Win Update. In any case, deletion of the .dlls do not appear to cause any system issues. Also Eset is far from alone in not also removing the registry startup entries related to them.

Edited July 26, 2020 by itman

[rbkaiser 0]

On 7/26/2020 at 9:12 PM, itman said:

Looks like it is time to employ the "heavy gun" in regards to what is attempting to run these .dlls at system startup time.

Download SysInternal's Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . Unzip it. From the extracted folder created, right button mouse click on Autoruns.exe and run it as Administrator.

Once it starts up and populates entries, mouse click on the Options tab and ensure it is configured as shown in the below screen shot:

I believe Autoruns will repopulate after the above reconfiguration. If it does not, terminate it and restart it as done above.

Copy each file name shown below:

startupchecklibrary.dll

winscomrssrv.dll

one at a time into the "Filter" box shown at the top of the Autoruns screen display. After each file name entry, wait for Autoruns to complete its search. Delete the existing file name entry prior to entering the next one ensuring Autoruns has first repopulated all entries.

If Autoruns finds a startup entry for the file name, post a screen shot of the entire Autoruns screen display where the entry was found. Terminate Autoruns execution for the time being.

sorry late reply.. i was away for a while

did i get the correct screenshots? 

 

 

[itman 1,659]

12 hours ago, rbkaiser said:

did i get the correct screenshots? 

Yes.

To be safe, first create a System Restore point.

Then via Autoruns, delete those two scheduled task entries as shown from an article I posted a link to previously: http://sufistech.com/startupchecklibrary-dll-and-winscomrssrv-dll-error-on-windows-startup-fixed/

 

Edited August 2, 2020 by itman

[rbkaiser 0]

hey guys thank you for the help! sorry for the late reply.. i was busy for a week and only got to try this last wed

been checking if there were any problems and so far since... its been good

i still have a system restore point saved, and deleted the 2 tasks... no more pop ups since Wed, and everything been okay since.. thank you

 

i noticed one thing however... when I turn on my PC, ESET does not seem to automatically start up? or it is there, but just hidden?

there is no ESET icon here

if i specifically open ESET it looks like this now

 

 

[itman 1,659]

13 hours ago, rbkaiser said:

i noticed one thing however... when I turn on my PC, ESET does not seem to automatically start up? or it is there, but just hidden?

Via Win 10 Settings, verify that Eset Proxy GUI setting is enabled in "Select which icons appear on the taskbar" section:

[rbkaiser 0]

its set on but still does not appear

 

I see "ESET service on the running tasks of task manager

these one's only appear if i specifically open ESET

 

[itman 1,659]

Let's manually add the Eset GUI icon to your desktop toolbar and see if that resolves the issue.

Open the Win 10 start menu. Navigate down to the Eset folder and open it. Then left mouse click on the Eset GUI icon named Eset Security and manually add it to your desktop toolbar as shown in the below screen shot. Once the icon is added to the toolbar, you can position it anywhere you wish on the toolbar.

[rbkaiser 0]

17 hours ago, itman said:

Let's manually add the Eset GUI icon to your desktop toolbar and see if that resolves the issue.

Open the Win 10 start menu. Navigate down to the Eset folder and open it. Then left mouse click on the Eset GUI icon named Eset Security and manually add it to your desktop toolbar as shown in the below screen shot. Once the icon is added to the toolbar, you can position it anywhere you wish on the toolbar.

 

i already have ESET pinned to my taskbar ever since i got it to work weeks ago

i always clicked it to "open" it every time i started my PC, since it was not appearing in the taskbar

you know how its like this at first but if you click it the GUI opens up and the icon will become like this (since an instance is opened)

[itman 1,659]

7 hours ago, rbkaiser said:

you know how its like this at first but if you click it the GUI opens up and the icon will become like this (since an instance is opened)

That is normal Win behavior when you pin an icon to the desktop toolbar. By underlining the icon, Windows is just showing that the app was started via the desktop toolbar.

Edited August 31, 2020 by itman

[itman 1,659]

There is another Win 10 setting we forgot to check.

Verify that "Eset command line interface" is listed as a startup app and it is enabled per the below screen shot:

Edited August 31, 2020 by itman

[rbkaiser 0]

it was like this

i turned it on as advised

 

i shutdown and restart.. i check back.. off again?

I turned it on. closed the apps tab. opened the apps tab again, always comes back "off"

how to turn "on" and save as "on"?

[itman 1,659]

5 hours ago, rbkaiser said:

I turned it on. closed the apps tab. opened the apps tab again, always comes back "off"

One possibility is that since you have forced the Eset command line interface to start at boot time via posting it to the desktop taskbar, this is overriding the Win 10 Startup setting.

Right mouse click on pinned Eset icon on the desktop taskbar and select "Unpin from taskbar." Now repeat enabling the Eset command line interface setting in Win 10 Startup section and verify if it stays enabled. If so, reboot and verify that Eset icon now appears on the desktop toolbar as it should,

[rbkaiser 0]

- i unpinned ESET from the taskbar

- opened the Apps startup settings and enabled it

- closed it, when i reopened, set to off again?

- I set it to on, closed, then restarted, when I turned on again, set to off again

am I missing a save button in the apps startup? like after switching on, im suppose to press this to "save changes"? since it seems like its not saving the settings i made

[itman 1,659]

22 minutes ago, rbkaiser said:

am I missing a save button in the apps startup? like after switching on, im suppose to press this to "save changes"? since it seems like its not saving the settings i made

No. Windows Setting options become effective when the setting is either enabled or disabled.

At this point, I would recommend you export your Eset settings if you made any custom changes. Then uninstall Eset. Reboot and reinstall Eset. Import your Eset settings if you previously exported them.

You can also try an Eset repair which is an option presented when the uninstaller runs to see if this fixes the issue. If it doesn't, then proceed with the full uninstall/reinstall of Eset.

[rbkaiser 0]

hi sorry for late reply. Just finish duty shifts

I exported and uninstalled ESET. Did full shutdown and reinstall + reactivate.

ESET is working okay now BUT same issue, still does not autostart and the windows settings, automatically goes off when i close the window

I actually tried turning it on, and leaving the window open the whole time. It was still on the whole time, but when i closed it later, still off again when i turn it on

[Marcos 5,070]

If egui_proxy is among running processes I'd recommend opening a ticket with your local support for further investigation.

[rbkaiser 0]

when i start up, only this is the ESET related thing in running processes in task manager

after clicking the shortcut in the taskbar below it becomes like this

is there a page or link for me to open ticket to the local support?