Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

something blocking virus scanner install


  • Please log in to reply
1 reply to this topic

#1 bicycle.minden

bicycle.minden

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 27 February 2010 - 10:18 AM

I am an experienced computer tech trying to install a virus scanner on a client's 32-bit Windows Home premium 7 computer. I downloaded and ran RKILL before using any other software. I have already run comboFix and Malwarebytes in safe mode and they found stuff but nothing really serious besides Security Antivirus, which Spybot 1.62 removed. I also used an elevated-privileged notepad and cleaned out all the malicious entries in the HOSTS file.

One note on combofix: I think the Gmer module may have failed to run because i got an error during that part of the process. it was a long night so I didn't record the error.

When I try to install either AVG 9 paid version or NOD32 the install fails when it gets to the "starting services" area and an error box appears saying that the service failed to start. I disabled UAC and ran the installs as an administrator but the installs still proceed. After each failure I have used uninstall tools to scour the system for traces of the failed install. [I have NOD32 running well on my personal Windows 7 pro system and it installed without a hitch, so I know it's compatible.]

I have been a NOD32 reseller for about 8 years but have never observed anything like this. I'm thinking something is still there, like a rootkit but am unsure how to proceed. My thought was a boot CD or perhaps scanning the drive with an external computer. After that, my only option is backing up and using factory restore. Thanks in advance for helpful suggestions!

Edited by bicycle.minden, 27 February 2010 - 10:19 AM.


BC AdBot (Login to Remove)

 


#2 bicycle.minden

bicycle.minden
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:09 AM

Posted 27 February 2010 - 07:07 PM

I hate to answer my own question but I solved the problem while using an ESET tool meant to remove a BOT infestation.
In HKLM\software\microsoft\windowsnt\currentversion\ImageFileExecution Options there were entries for all security programs [McAfee, AVG, NOD32, Symantec, etc.] When these were removed and the computer rebooted I was able to install NOD32 without any problems.

Apparently this key which can be used to prevent malware from installing also was used by malware to keep legitimate software from being installed.

PROBLEM SOLVED




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users