Jump to content

Smart Security disabled / can't enable?


Recommended Posts

I just noticed that my Eset Smart Security doesn't appear to be working, there was no icon in the system tray and when I checked with Process Explorer the ekrn service was not running. When I checked services.msc I saw that the service was disabled and if I try to set it to automatic and Apply I get a message "Access is denied". I checked msconfig and it seems to indicate that Selective Startup is enabled and in services the Eset service is unchecked (the only service or startup item that's unchecked, I'm using Windows 7 btw) and if I attempt to change the Startup Selection to "Normal Startup" and Apply it gives no error message but changes right back to Selective Startup. If I attempt to go to services and to enabled / check the Eset service and click Apply the same thing happens and Eset goes back to being unchecked.

If I go into Control Panel / Programs and Features and select Eset Smart security and click Change, I get the setup program and if I try to repair it I just get a series of messages: The Installer has insufficient privileges to modify this file: C:\Program Files\ESET\ESET Smart Secuirty\callmsi.exe my only option is Cancel, Retry and Ignore and if I ignore it just goes on with the same message file after file.

 

I kind of figure that I've got some kind of virus that managed to get on the system and disable Eset Smart Security and somehow change permissions on the Eset service or on the file or folder permissions. I'm manually checked the permissions on ESET\Smart Security and the files in that directory but they seem correct with my user account as the folder owner and both the system and administrators accounts have full control of the folder. I've also tried using subinacl and this script:

cd /d "C:\Program Files (x86)\Windows Resource Kits\Tools"
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=system=f

to reset to defaults whatever registry, folder and file permissions are blocking me from starting the Eset service but I have the same problem after as before.

 

I'm trying to run the Eset online scanner to see if it can detect and remove whatever virus is causing the problem but all it found on the C: system drive was 6 instances of Win32/OpenCandy.A; I have two additional hard drives that I use for data storage which are being scanned now. If it locates anything else I'll post back with the results.

 

I've also tried looking at all scheduled tasks and I don't see anything suspicious.

Any ideas? Anything I haven't tried to get Smart Security working again?

Link to comment
Share on other sites

  • Administrators

I'd suggest uninstalling ESS. If it doesn't work, try running the ESET Uninstall tool in safe mode. Run it at least twice and make sure that no ESET product is detected the second time you run it. Then install the latest ESS v9 from scratch which will also fix possible permission issues on ESET's folder or registry keys.

Link to comment
Share on other sites

Hi Marcos:

 

I'll give it a try but I can't seem to locate the box, CD and license key, if I uninstall will I loose my license? Is there a way to backup and restore my license state?

Link to comment
Share on other sites

  • Administrators

Hi Marcos:

I'll give it a try but I can't seem to locate the box, CD and license key, if I uninstall will I loose my license? Is there a way to backup and restore my license state?

 

 

You needn't be concerned about licensing as long as you use it on the number of computers covered by your license. Also a small temporary overuse is "tolerated".

Link to comment
Share on other sites

Hello Norm....Try to retrieve your license details. See hxxp://www.eset.com/us/support/lost-license/

 

Also don't need the CD, just use the live installer hxxp://www.eset.com/us/products/smart-security/or the offline installer (advanced download).

 

Good luck.

Edited by TomFace
Link to comment
Share on other sites

Hello Norm....Try to retrieve your license details. See hxxp://www.eset.com/us/support/lost-license/

 

Also don't need the CD, just use the live installer hxxp://www.eset.com/us/products/smart-security/or the offline installer (advanced download).

 

Good luck.

 

I was able to retrieve the license key, so that worked out great. Thanks Tom!

Link to comment
Share on other sites

I'd suggest uninstalling ESS. If it doesn't work, try running the ESET Uninstall tool in safe mode. Run it at least twice and make sure that no ESET product is detected the second time you run it. Then install the latest ESS v9 from scratch which will also fix possible permission issues on ESET's folder or registry keys.

 

I'm uninstalling but the uninstaller is having problems, I'm getting this message:

Could not delete key \Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe. Verify that you have sufficient access to that key etc

 

I'm checking the permissions for that key in regedit and both the SYSTEM and Administrators accounts / groups have Full Control / Read permissions and Users have Read only. If I ignore I just get message after message that various keys can't be deleted from the registry because of a permissions issue. The thing is that the Subinacl script specifically resets and grants Administrators and the System account access to the keys that the uninstaller is complaining about? 

 

I can only assume that I've got some kind of rootkit or other stealth or hard to detect virus that's causing this problem. I've tried running the TDSKiller root kit detection utility but it didn't locate anything.

 

Does anyone have an idea what I can do to find and remove the problem?

Edited by Norm@Home
Link to comment
Share on other sites

Did you run the Eset Uninstaller in Safe mode as directed Eset KB article?

 

If run in Safe mode, try running it from an admin approved command prompt window.

Link to comment
Share on other sites

I was able to start in safe mode and uninstall using the Eset Uninstaller, then I was able to install using the live installer and everything seems to be good right now.

 

I'm doing an in-depth scan now, I'll see if anything shows up, but I'm just a little concerned about why this happened in the first place. I can't figure out if I do have some kind of virus or not. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...