Jump to content

Eset GUI not showing up anymore, egui.exe shows suspended


FuelRO

Recommended Posts

Hi guys!

 

I have been reading through the forum and general internet about an issue I started to have all of the sudden last week. I was using NOD32 Antivirus version 8.something updated with the latest virus definitions. One day I noticed that the Eset icon is no longer in my tray and I thought that maybe I made a change and the antivirus was not at startup. So I attempted to manually start it. Of course nothing happened. I tried few more things, adding a shortcut in shel:startup, uninstalling and reinstalling and nothing changed.

 

To give you some context, I am living in Germany and last week one of my colleagues managed to get infected with the infamous Petya ransomware (the irony is that this happened on the world's backup day :) ...pretty funny but painful for my colleague who lost everything and had to replace the hdd). His mishap opened my eyes that I should ensure I am well protected. I am normally using Eset Nod32 as antivirus (and I am very happy with it since 5-6 years already), Malwarebytes and ADW cleaner so until now I did not have any issues. However because of this ransomware being very new and very dangerous, I decided to find an anti-ransomware software and installed one called WinAntiRansom which seemed ok. 

 

A couple of days after installing this new software I started having issues with Eset AV. So not sure if they are connected but they could be..Anyway, sorry for the long bracket...basically since last week I upgraded Nod32 to version 9. uninstalled it and reinstalled it a few times ad finally yesterday I had my nice GUI back Today however it is gone again. This is not a huge issue because I see that ekrn.exe is running in the background so I am protected but it is annoying not to be able to use the interface in case you want to run spot checks or enable gamer mode :).

 

I also tried to install the log collector but I have to say I lost my patience after 40 minutes as the software seemed to not move past a specific step and it made me a bit crazy. Also I should mention that briefly when restarting my laptop after a fresh install of Eset I saw an error message stating that egui.exe cannot start because a dll was missing. The DLL in question is sciter-x.dll so I tried also downloading from some place and placing it in the system32 folder but to no avail.

 

So i am coming back to you asking for your help please. I have raised also a ticket with the Eset support team last week but no response until now (they did say it may take up to 7 working days to reply so we're still in the timeframe but I would like to ask for your help as you may have been in the same situation and perhaps already have an idea of what to do next).

 

Some quick specs: Windows 10 Pro, Nod32 v 9 (latest version). Currently if I check the status of the 2 services related to Eset I can see that ekrn.exe is running while egui.exe is suspended.

 

Any advice you may have is much appreciated! Thank you!
Fuel

Link to comment
Share on other sites

  • Administrators

Are there any egui dumps in the C:\ProgramData\ESET\ESET NOD32 Antivirus\Diagnostics folder? As for collecting logs using ELC, you could uncheck SysInspector log and see if other logs are collected then, run SysInspector.exe in the ESET install folder and create a log manually.

Link to comment
Share on other sites

 I decided to find an anti-ransomware software and installed one called WinAntiRansom which seemed ok. 

 

This software installs a kernel mode driver among other things and could very well be in conflict with NOD32.

 

Suggest you at least set exclusions for it in NOD32 and likewise, set exclusions in WAR for NOD32.

Link to comment
Share on other sites

Hi guys! Thank you for your swift replies :)

 

So to answer your questions:

- no dump file in the Diagnostics location

- i tried to run the sysinspector...for whatever reason this also takes forever to load..and I had to stop it after more than 1 hour loading...

- I have whitelisted nod32 in the other software configuration (I cannot whitelist the anti-ransomware in Nod32 because I cannot open the interface) and I will now restart my system to see if any change has been done

 

Will keep you posted!

Link to comment
Share on other sites

OK, good news after restart the GUI is accessible. I believe whitelisting egui.exe in the anti-ransomware software may have done the trick (although it is not clear why yesterday egui worked even though the program was not whitelisted). I will keep an eye on this and will come back in case the issue resurfaces.

 

Thank you once again guys and keep up the great work!

Fuel

Link to comment
Share on other sites

OK....somehow my intuition was correct. The issue is back again after a restart. Again the egui.exe is suspended. Do you guys have any other idea?

Both ELC and Sysinspector take forever to load and I cannot use them. But if you think I should try again with one of them, I will.

 

The drivers are all updated so I guess this is not causing the problem.  Will try also to stop the antiransomware and restart and see if that is causing an issue. Will keep you posted.

Link to comment
Share on other sites

  • ESET Staff

Hi,

 

I gues you have a conflict between software because SysInspector take very long.

(usually keeps a 99% for a few minutes and is done).

 

Also ESET Log Collector takes long because he try to generate a SysInspector log.

Try to generate 1 log of ESET Log collector with SysInspector unmarked.

 

Try to disable those anti-malware you have and try a new SysInspector from inside

of the installed ESET. Upload to a cloud-host and share the link by private message.

 

Just in case those 2 (ESET tools) are unable to sucess, can you capture your

list of current process on Windows (task manager) and paste the screenshot here?

Edited by Gonzalo Alvarez
Link to comment
Share on other sites

So after restart there was no change: disabling the antiransomware from startup had no impact on egui.exe. This started suspended.

What did the trick albeit temporary I guess was to use Proces Explorer, a microsoft program designed to analyze in details all the running apps, services, processes. With this I was able to identify the suspended egui.exe, go to its Properties and click on Resume. This has started the user interface and after a restart it seems to not disappear anymore. 

 

Of course this cannot be the solution..but right now I am ok with using this workaround until a fix is in place. Hope this thread will help someone else facing the same.

Link to comment
Share on other sites

So after restart there was no change: disabling the antiransomware from startup had no impact on egui.exe. This started suspended.

What did the trick albeit temporary I guess was to use Proces Explorer, a microsoft program designed to analyze in details all the running apps, services, processes. With this I was able to identify the suspended egui.exe, go to its Properties and click on Resume. This has started the user interface and after a restart it seems to not disappear anymore. 

 

Of course this cannot be the solution..but right now I am ok with using this workaround until a fix is in place. Hope this thread will help someone else facing the same.

Using Autoruns which is also produced by the same outfit that developed Process Explorer, I noted that equi.exe has a startup parameter - /waitservice. I assume that refers to the startup of ekrn.exe which is indeed a Windows service.

 

I would suggest that you also exclude ekrn.exe from any WAR monitoring and see if that resolves your equi.exe issue. Actually, you should exclude the entire Eset folder located in C:\Program files for x64 OS if WAR allows for folder exclusions.

Link to comment
Share on other sites

Hi ITMan,

 

Thank you for your suggestion! This morning the egui is running smoothly but I have whitelisted all ESET folders just in case.

 

If anything changes will let you guys know! Thank you all for your help so far!

Link to comment
Share on other sites

  • 2 weeks later...

I also had the ESET icon disappear after installing WinAntiRansom. After uninstalling WAR the icon reappeared.

I'll try the suggestions mentioned to see if I can get the two programs to work together.

 

Update: Issue fixed in latest WAR update.

Edited by LittleDude
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...