Jump to content

Rollback problem in WinXPSp2

john_White24778
 Share

Recommended Posts

john_White24778

john_White24778 0

Posted
Posted

Hi dear ESET professionals.

 

We are installing ESET endpoint Antivirus in one of our client by Push installation but we recive an error. So we use direct installation with MSI on client and we see that installation rollbacked !!!

 

Windows is XP and EEA installer version is 5.0.2228.1

 

We useed uninstall tools in safe mode and we have "No supported Av found".

 

We create installation logs (As ESET and it is attached).

 

 

installLog.zip

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Hello,

the error listed in the log could be caused by an active infection on the computer preventing installation of security programs. We'd need further logs for analysis, such as a Process monitor log as well as fresh install logs, both from the same time. Also a SysInspector log might shed more light. Since the case will require deeper analysis, I'd strongly recommend contacting Customer care for further assistance.

Link to comment
Share on other sites
  • ESET Insiders
Podrska2NORT

Podrska2NORT 5

Posted
  • ESET Insiders
Posted (edited)

Hello,

 

Marcus is right, this error should be checked seriously.

 

But from our part we have seen lot of similar cases, where some malware was present on computer prior to installation of ESET.

Specially in the last couple of months we have seen lot of cases with Necurs infection.

 

If you have some time first check for it - with ESET Necurs cleaner tool . If you are lucky it may save you some time...

Edited by Podrska2NORT
Link to comment
Share on other sites
john_White24778

john_White24778 0

Posted
  • Author
Posted (edited)

I have sent these info to ESET customer care yesterday via ticket but right now we do not recive any answer after 24H. I will share sysinspector log and prosses monitor and fresh log and also prosssess monitor . is online scanner usefull for this kind of problems to clean the infections ?

Edited by john_White24778
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Since you are from United Arab Emirates, I assume you contacted Adaox who is the local distributor for this region, didn't you? Did you receive a confirmation email with a ticket number assigned?

Link to comment
Share on other sites
john_White24778

john_White24778 0

Posted
  • Author
Posted

No confirmation email is recived !!! . OK i will reinstall the windows . i think it is better and easiest way . if problem repeat in other client i will ckeck the matter again. thank u all.

Link to comment
Share on other sites
john_White24778

john_White24778 0

Posted
  • Author
Posted (edited)

Thank you Podrska2NORT,

 

We find that some of our systems is infected with Necurs. But we can not clean it from safe mode . Permision for necurs file is denied us to remove the rootkit from even safe mode. i think the only way is bootable disk. is there any way to remove necurs without bootable disk via safe mod ? we have over 20 infected system and it is very hard to clean them via bootable while many of them have not CD-Drive.

 

So how can we clean this rootkit from safe mode ? we use manual deletion but we recive permision error in syshost.exe file and a driver in sys32\drivers that is related to this virus and also we want to know if we remove this virus files , roll back problem will be solved ?

Edited by john_White24778
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...