Jump to content
rbkaiser

Installation Problems due to Malware Detected

Recommended Posts

14 hours ago, itman said:

Right mouse click on the Rainmeter shortcut. Select Properties and take a screen shot of what is shown. Post screen shot in your forum reply.

yes that's for my customized desktop icons and layout. had that there since i got the PC in 2016

image.png.08572e88121121b787baa72348219953.png

image.thumb.png.09919e66753714966a05eff525bd6d04.png

Share this post


Link to post
Share on other sites
Posted (edited)

Looks like it is time to employ the "heavy gun" in regards to what is attempting to run these .dlls at system startup time.

Download SysInternal's Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . Unzip it. From the extracted folder created, right button mouse click on Autoruns.exe and run it as Administrator.

Once it starts up and populates entries, mouse click on the Options tab and ensure it is configured as shown in the below screen shot:

Autoruns_1.thumb.png.590ec48909bdd9953e9ba67dddc43539.png

I believe Autoruns will repopulate after the above reconfiguration. If it does not, terminate it and restart it as done above.

Copy each file name shown below:

startupchecklibrary.dll

winscomrssrv.dll

one at a time into the "Filter" box shown at the top of the Autoruns screen display. After each file name entry, wait for Autoruns to complete its search. Delete the existing file name entry prior to entering the next one ensuring Autoruns has first repopulated all entries.

If Autoruns finds a startup entry for the file name, post a screen shot of the entire Autoruns screen display where the entry was found. Terminate Autoruns execution for the time being.

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

Also after posting the above Autoruns use, I actually found a posting on how to do the same that can be referenced if my instructions are a bit confusing: http://sufistech.com/startupchecklibrary-dll-and-winscomrssrv-dll-error-on-windows-startup-fixed/

Also it appears that startupchecklibrary.dll and winscomrssrv.dll detections are pretty wide spread. For example, Windows Defender also detected same as noted here:http://www.geekstogo.com/forum/topic/373867-there-was-a-problem-starting-startupchecklibrarydll/ . There were also statements made that these detections might be false positives. Appears the issue dates back to a borked Win Update. In any case, deletion of the .dlls do not appear to cause any system issues. Also Eset is far from alone in not also removing the registry startup entries related to them.

Edited by itman

Share this post


Link to post
Share on other sites
On 7/26/2020 at 9:12 PM, itman said:

Looks like it is time to employ the "heavy gun" in regards to what is attempting to run these .dlls at system startup time.

Download SysInternal's Autoruns from here: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns . Unzip it. From the extracted folder created, right button mouse click on Autoruns.exe and run it as Administrator.

Once it starts up and populates entries, mouse click on the Options tab and ensure it is configured as shown in the below screen shot:

Autoruns_1.thumb.png.590ec48909bdd9953e9ba67dddc43539.png

I believe Autoruns will repopulate after the above reconfiguration. If it does not, terminate it and restart it as done above.

Copy each file name shown below:

startupchecklibrary.dll

winscomrssrv.dll

one at a time into the "Filter" box shown at the top of the Autoruns screen display. After each file name entry, wait for Autoruns to complete its search. Delete the existing file name entry prior to entering the next one ensuring Autoruns has first repopulated all entries.

If Autoruns finds a startup entry for the file name, post a screen shot of the entire Autoruns screen display where the entry was found. Terminate Autoruns execution for the time being.

sorry late reply.. i was away for a while

did i get the correct screenshots? 

image.thumb.png.fb2b74657c545aea298e10dad0fadeab.png

image.thumb.png.f48c2125a55a7163dd9df399615af417.png

 

 

Share this post


Link to post
Share on other sites
Posted (edited)
12 hours ago, rbkaiser said:

did i get the correct screenshots? 

Yes.

To be safe, first create a System Restore point.

Then via Autoruns, delete those two scheduled task entries as shown from an article I posted a link to previously: http://sufistech.com/startupchecklibrary-dll-and-winscomrssrv-dll-error-on-windows-startup-fixed/

 

Edited by itman

Share this post


Link to post
Share on other sites

hey guys thank you for the help! sorry for the late reply.. i was busy for a week and only got to try this last wed

been checking if there were any problems and so far since... its been good

i still have a system restore point saved, and deleted the 2 tasks... no more pop ups since Wed, and everything been okay since.. thank you

 

i noticed one thing however... when I turn on my PC, ESET does not seem to automatically start up? or it is there, but just hidden?

image.png.ac8d2c87be131d675088cbefc5fdbb68.png

there is no ESET icon here

if i specifically open ESET it looks like this nowimage.png.399a011d02cd36b9599bab3b951b8a53.png

 

 

Share this post


Link to post
Share on other sites
13 hours ago, rbkaiser said:

i noticed one thing however... when I turn on my PC, ESET does not seem to automatically start up? or it is there, but just hidden?

Via Win 10 Settings, verify that Eset Proxy GUI setting is enabled in "Select which icons appear on the taskbar" section:

Eset_Taskbar.thumb.png.d88026851e5881181d47ffaea3ad6556.png

Share this post


Link to post
Share on other sites

its set on but still does not appear

image.png.cbf3bb0a50d6fa829a615ffdd5515cb9.png

image.png.2c3d580f3abbbd89f6f5f5ffd6ba701d.png

 

I see "ESET service on the running tasks of task manager

image.png.4efbee01ba991cbdf37aee0f34b1879e.png

these one's only appear if i specifically open ESET

image.png.aad745cb468ab6d07afadd06f82acc5b.png

image.png.164404ea1a4e8c4078c2a1793cf94adf.png

 

Share this post


Link to post
Share on other sites

Let's manually add the Eset GUI icon to your desktop toolbar and see if that resolves the issue.

Open the Win 10 start menu. Navigate down to the Eset folder and open it. Then left mouse click on the Eset GUI icon named Eset Security and manually add it to your desktop toolbar as shown in the below screen shot. Once the icon is added to the toolbar, you can position it anywhere you wish on the toolbar.

Eset_GUI.thumb.png.0f50921d4f82676cbf773064e956cbcf.png

Share this post


Link to post
Share on other sites
17 hours ago, itman said:

Let's manually add the Eset GUI icon to your desktop toolbar and see if that resolves the issue.

Open the Win 10 start menu. Navigate down to the Eset folder and open it. Then left mouse click on the Eset GUI icon named Eset Security and manually add it to your desktop toolbar as shown in the below screen shot. Once the icon is added to the toolbar, you can position it anywhere you wish on the toolbar.

Eset_GUI.thumb.png.0f50921d4f82676cbf773064e956cbcf.png

 

i already have ESET pinned to my taskbar ever since i got it to work weeks ago

i always clicked it to "open" it every time i started my PC, since it was not appearing in the taskbar

image.png.8a061d50f7f1f7ae51ef1e1b669cbbb3.png

you know how its like this at first but if you click it the GUI opens up and the icon will become like this (since an instance is opened)

image.png.a8bfd75c3bbdcf76b4fa4489b6ed57b2.png

Share this post


Link to post
Share on other sites
Posted (edited)
7 hours ago, rbkaiser said:

you know how its like this at first but if you click it the GUI opens up and the icon will become like this (since an instance is opened)

That is normal Win behavior when you pin an icon to the desktop toolbar. By underlining the icon, Windows is just showing that the app was started via the desktop toolbar.

Edited by itman

Share this post


Link to post
Share on other sites
Posted (edited)

There is another Win 10 setting we forgot to check.

Verify that "Eset command line interface" is listed as a startup app and it is enabled per the below screen shot:

Win_Startup.thumb.png.322f5dd5574dd24ea96c7f0917b2bc7b.png

Edited by itman

Share this post


Link to post
Share on other sites

it was like this

image.png.d664a6bd54f9513b7ec30781151c3fdd.png

i turned it on as advised

image.png.ba5be21b46eca2634c07e216ec4ed014.png

 

i shutdown and restart.. i check back.. off again?

I turned it on. closed the apps tab. opened the apps tab again, always comes back "off"

image.png.7b76ecd1e38b2074e0dcfbafc5715de5.png

how to turn "on" and save as "on"?

Share this post


Link to post
Share on other sites
5 hours ago, rbkaiser said:

I turned it on. closed the apps tab. opened the apps tab again, always comes back "off"

One possibility is that since you have forced the Eset command line interface to start at boot time via posting it to the desktop taskbar, this is overriding the Win 10 Startup setting.

Right mouse click on pinned Eset icon on the desktop taskbar and select "Unpin from taskbar." Now repeat enabling the Eset command line interface setting in Win 10 Startup section and verify if it stays enabled. If so, reboot and verify that Eset icon now appears on the desktop toolbar as it should,

Share this post


Link to post
Share on other sites

- i unpinned ESET from the taskbar

- opened the Apps startup settings and enabled it

image.png.8cb22f28843b3cc2b0cc11e34dec5c34.png

- closed it, when i reopened, set to off again?

- I set it to on, closed, then restarted, when I turned on again, set to off again

am I missing a save button in the apps startup? like after switching on, im suppose to press this to "save changes"? since it seems like its not saving the settings i made

Share this post


Link to post
Share on other sites
22 minutes ago, rbkaiser said:

am I missing a save button in the apps startup? like after switching on, im suppose to press this to "save changes"? since it seems like its not saving the settings i made

No. Windows Setting options become effective when the setting is either enabled or disabled.

At this point, I would recommend you export your Eset settings if you made any custom changes. Then uninstall Eset. Reboot and reinstall Eset. Import your Eset settings if you previously exported them.

You can also try an Eset repair which is an option presented when the uninstaller runs to see if this fixes the issue. If it doesn't, then proceed with the full uninstall/reinstall of Eset.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...