Jump to content

ESET v4 Fixes


shought

Recommended Posts

@box

Just installed your v4.25A fix on ESS 4.0.314 / WinXP Pro 32-bit and your latest fix has a much improved interface!! well done! :D

I took your advice and see that if you Unlock then Lock again for a second time it does indeed add the full list of servers to the drop-list, with this in mind would there be any benefit to having your fix work in two stages? Also could this help with the x64 U/P issue?

Stage1> On 1st run, it converts retail to trial, along with adding eset/eset to username/password fields.

Puter is then updated to latest sigs...

Stage2> 2nd run, it completes the conversion by adding the servers to the drop-list (along with anything else it may have to do?) and removes the U/P

Not sure if the U/P is the only issue with x64 updating because I run x86. I added eset/eset to my U/P fields before attempting my first update and it worked ok, so having eset/eset in place does not seem to stand in the way of x86 updates.

Cheers

Link to comment
Share on other sites


  • Replies 1.5k
  • Views 141.2k
  • Created
  • Last Reply
To those using the mara- fix: *WARNING*

Because of the way the fix is made it opens a small security hole especially if you turned UAC off !

mare- delays the load of the ESET system driver ehdrv.sys (ALOT) so his service program can avoid the self defense and reset the trial period. The problem is that now a simple service program can also bypass the self defense maybe even (i think) bypass the virus/malware shield. The first one I tested by creating and installing my own service program (VERY easy to write). It worked just fine; It changed some of the, normally protected, registry entries belonging to ESET.

Brian, Denmark

Wow, what a big discovery :lmao:

If you don't like it, don't use it. As shought already said, if you need full/the best protection buy yourself a product and get over with it.

Cheers :D

Link to comment
Share on other sites


I am not sure why people are getting so hot under the collar about @brianwarming comments? :s

Perhaps he could have worded his post as more of a question rather than an accusation? ;) but nevertheless regardless of how his comment was worded, is it fair to discard the central point he was making because of this? If he is correct does this not make it a valid post?

If the mara fix does indeed leave a small security hole in the SD feature, I do not feel anyone could criticise mara's work because of this small issue as it holds up to the best here!

Is it not fair to have full disclosure? so people can make their decisions with eyes fully open and be aware of any problems however small that may occur because of using a fix, and from that point make their mind up if they wish to proceed with the use of a fix or whether to get their hand in the pocket and pay for a licence (heaven forbid! :lmao: LOL)

Do you not feel it is these small differences between how the fixes work that are the very things that help peeps decide which fix to use?

I would certainly not criticise mara's work, as I've already posted here I am using his fix on my main puter, I would not do that if I did not rate his work! ;)

Anyhoo, that's my twopenneth on the subject :D

Link to comment
Share on other sites


brianwarming
To those using the mara- fix: *WARNING*

Because of the way the fix is made it opens a small security hole especially if you turned UAC off !

mare- delays the load of the ESET system driver ehdrv.sys (ALOT) so his service program can avoid the self defense and reset the trial period. The problem is that now a simple service program can also bypass the self defense maybe even (i think) bypass the virus/malware shield. The first one I tested by creating and installing my own service program (VERY easy to write). It worked just fine; It changed some of the, normally protected, registry entries belonging to ESET.

Brian, Denmark

Wow, what a big discovery ;)

If you don't like it, don't use it. As shought already said, if you need full/the best protection buy yourself a product and get over with it.

Cheers :lmao:

:D I'm sorry, I knew I would get into trouble because of my bad english. I should have worded my post so it didn't sound like an accusation. Sorry. BUT as Hoca said "..still very important that users are made fully aware of any deficiency introduced in to SD by a fix!"

Link to comment
Share on other sites


@box

Just installed your v4.25A fix on ESS 4.0.314 / WinXP Pro 32-bit and your latest fix has a much improved interface!! well done! :lmao:

I took your advice and see that if you Unlock then Lock again for a second time it does indeed add the full list of servers to the drop-list, with this in mind would there be any benefit to having your fix work in two stages? Also could this help with the x64 U/P issue?

Stage1> On 1st run, it converts retail to trial, along with adding eset/eset to username/password fields.

Puter is then updated to latest sigs...

Stage2> 2nd run, it completes the conversion by adding the servers to the drop-list (along with anything else it may have to do?) and removes the U/P

Not sure if the U/P is the only issue with x64 updating because I run x86. I added eset/eset to my U/P fields before attempting my first update and it worked ok, so having eset/eset in place does not seem to stand in the way of x86 updates.

Cheers

@Hoca,

Two stages when converting from a retail to a trial. This is a strong possibility.

Also, did you see the green, red, and yellow.

@brianwarming

Don't worry about it. I often want to know why a crack works. Hence the word "crack". Once used, something will not function as designed. This is a story of my life, too. :D

@To All,

Never mind!

Link to comment
Share on other sites


If the above mentioned issues are a concern, one could always use Nodlogin or Nodenabler instead of a trial fix. :D Iow, it is still not necessary to buy a license, unless you want to. :lmao:

Link to comment
Share on other sites


;) I'm sorry, I knew I would get into trouble because of my bad english. I should have worded my post so it didn't sound like an accusation. Sorry. BUT as Hoca said "..still very important that users are made fully aware of any deficiency introduced in to SD by a fix!"

Hey, you did the right thing. Don't be sorry! :hug:

We need constructive query in order to improved. Well done!

If the above mentioned issues are a concern, one could always use Nodlogin or Nodenabler instead of a trial fix. ;) Iow, it is still not necessary to buy a license, unless you want to. :s

LOL, I might buy it...If everyone uses the fix or Nodlogin/Nodenabler, Eset might go bust.

In that case, nothing to crack anymore. :D

So boring :lmao:

Link to comment
Share on other sites


@brianwarming

I almost pointed out that you had signed off as Brian, Denmark, so English may not be your first language? but I did not want to cause any offence in case I was incorrect :D

One thing is for sure, your English is better than my Danish! ;)

Aside from any possible misinterpretation of your post, it sounds like you have done some fine detective work to prove your point! ;)

I am sure your knowledge will be a useful edition to the forum :lmao:

Link to comment
Share on other sites


brianwarming
shought : Look at it like this: if the mara-fix is able to bypass Self-defense, then so will any custom written virus to take advantage of that be. As I have told many times before the Self-defense function in fact is useless. For if ESET would need Self-defense that would mean a virus already infected your computer, which is first of all highly unlikely and second if it did infect your computer, you're too late anyway, with, or without Self-defense.

(@Hoca, sorry about reply hiijacking :D)

To quote myself

...IF you have installed the mara fix AND turned UAC off THEN a new virus/malware (still unknown to NOD32) COULD install a service program without you knowing that tampers with ESET files or registry entries. Without the mara fix installed this would be 100% impossible.

I know i'm a bad worded noob in here :lmao: BUT the point is ;

There are two parts of the mara fix 1) An installer program 2) a trial reset program. The mara installer can only install the trial reset service program and bypass Self-Defense because it tells you to MANUALLY disable it. After you MANUALLY disable Self-Defense in order to install the mara fix, the mara installer then makes registry entries that delays the loading of the ESET main driver. This creates a small security hole in the protection at boot start where the drivers/service programs are loaded. A hole is a hole (not talking about sex ;) ). It dosn't matter if you MANUALLY enable the Self-defense again or let the mara installer do it. To exploit this hole is not a matter of timing or seconds. Its about installing a service program that comes before the ESET driver ehdrv. Checkout HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services in the registry. The whole idea behind the mara fix is to open this hole. The Box fix uses a different approach ; it changes the permissions for a ESET registry entry, preventing NOD32 itself from changing important trial settings. Right ;) ?

I think the Self-Defense in ESET is a good idea and usefull and it works. An unknown virus/malware can't change the ESET driver/program registry entries.

From the ESET webpage "Self Defense — ESET NOD32 Antivirus has built-in technology to prevent malicious software from corrupting or disabling it, so you can rest assured your system is always protected".

Ok, I'll stop now :s I'm not looking for a fight :hug:

Link to comment
Share on other sites


There are two parts of the mara fix 1) An installer program 2) a trial reset program. The mara installer can only install the trial reset service program and bypass Self-Defense because it tells you to MANUALLY disable it. After you MANUALLY disable Self-Defense in order to install the mara fix, the mara installer then makes registry entries that delays the loading of the ESET main driver. This creates a small security hole in the protection at boot start where the drivers/service programs are loaded. A hole is a hole (not talking about sex :D ). It dosn't matter if you MANUALLY enable the Self-defense again or let the mara installer do it. To exploit this hole is not a matter of timing or seconds. Its about installing a service program that comes before the ESET driver ehdrv. Checkout HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services in the registry. The whole idea behind the mara fix is to open this hole. The Box fix uses a different approach ; it changes the permissions for a ESET registry entry, preventing NOD32 itself from changing important trial settings. Right :lmao: ?

That is correct. My Box4EVER just changes the permissions of the ESET registry key and some other registry values but it doesn't touch the ehdrv settings.

I just want to point out to everyone that I was the first to published the trial reset that allows you to use ESET with full SD. So, I discovered how to load the fix before SD starts. This is why I have removed my Trial Reset from mediafire. Currently, I believe that any trial reset that uses this method is inferior to my Box4EVER.

Link to comment
Share on other sites


To those using the mara- fix: *WARNING*

Because of the way the fix is made it opens a small security hole especially if you turned UAC off !

mara- delays the load of the ESET system driver ehdrv.sys (ALOT) so his service program can avoid the self defense and reset the trial period. The problem is that now a simple service program can also bypass the self defense maybe even (i think) bypass the virus/malware shield. The first one I tested by creating and installing my own service program (VERY easy to write). It worked just fine; It changed some of the, normally protected, registry entries belonging to ESET.

Brian, Denmark

Wow, what a big discovery :blink:

If you don't like it, don't use it. As shought already said, if you need full/the best protection buy yourself a product and get over with it.

Cheers ;)

:( I'm sorry, I knew I would get into trouble because of my bad english. I should have worded my post so it didn't sound like an accusation. Sorry. BUT as Hoca said "..still very important that users are made fully aware of any deficiency introduced in to SD by a fix!"

You're not in trouble mate :) We're all just sharing our thoughts and there's nothing wrong with that, also I understand your concern but I clarified why you shouldn't be concerned about this issue ;) For if mara-fix can disable Self-defense, so can any virus.

I'm looking forward to seeing more of your informative posts ;)

shought : Look at it like this: if the mara-fix is able to bypass Self-defense, then so will any custom written virus to take advantage of that be. As I have told many times before the Self-defense function in fact is useless. For if ESET would need Self-defense that would mean a virus already infected your computer, which is first of all highly unlikely and second if it did infect your computer, you're too late anyway, with, or without Self-defense.

(@Hoca, sorry about reply hiijacking :))

To quote myself

...IF you have installed the mara fix AND turned UAC off THEN a new virus/malware (still unknown to NOD32) COULD install a service program without you knowing that tampers with ESET files or registry entries. Without the mara fix installed this would be 100% impossible.

I know i'm a bad worded noob in here :) BUT the point is ;

There are two parts of the mara fix 1) An installer program 2) a trial reset program. The mara installer can only install the trial reset service program and bypass Self-Defense because it tells you to MANUALLY disable it. After you MANUALLY disable Self-Defense in order to install the mara fix, the mara installer then makes registry entries that delays the loading of the ESET main driver. This creates a small security hole in the protection at boot start where the drivers/service programs are loaded. A hole is a hole (not talking about sex :) ). It dosn't matter if you MANUALLY enable the Self-defense again or let the mara installer do it. To exploit this hole is not a matter of timing or seconds. Its about installing a service program that comes before the ESET driver ehdrv. Checkout HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services in the registry. The whole idea behind the mara fix is to open this hole. The Box fix uses a different approach ; it changes the permissions for a ESET registry entry, preventing NOD32 itself from changing important trial settings. Right :) ?

I think the Self-Defense in ESET is a good idea and usefull and it works. An unknown virus/malware can't change the ESET driver/program registry entries.

From the ESET webpage "Self Defense — ESET NOD32 Antivirus has built-in technology to prevent malicious software from corrupting or disabling it, so you can rest assured your system is always protected".

Ok, I'll stop now :) I'm not looking for a fight :)

Ok, I see what you mean now!

I believe what you just said is 100% true... Can't believe I missed that :P Good thinking :)

Good to have you aboard ;)

@box

I've sent you a PM about a problem I got using your fix. The ESET GUI closed right after launching at the first boot after I installed your fix(it hasn't occurred anymore), with the error some data was lost. Might this be a problem?

Link to comment
Share on other sites


Hey there, and thanks for all the information.

I previously had ESET NOD32 v3 installed with TemDono's patch, and then I discovered v4. I uninstalled my v3 and got v4 set up, and then I use the mara 1.5 fix. For some reason, my "trial period" doesn't show up. Updating doesn't work either, but I know that's an ongoing issue.

Thanks in advance!

Link to comment
Share on other sites


Hey there, and thanks for all the information.

I previously had ESET NOD32 v3 installed with TemDono's patch, and then I discovered v4. I uninstalled my v3 and got v4 set up, and then I use the mara 1.5 fix. For some reason, my "trial period" doesn't show up. Updating doesn't work either, but I know that's an ongoing issue.

Thanks in advance!

Wait for a day or two, or click the Update button many times to get your first update. After this first update your Trial days will show and the other updates will come in faster.

Link to comment
Share on other sites


Hey there, and thanks for all the information.

I previously had ESET NOD32 v3 installed with TemDono's patch, and then I discovered v4. I uninstalled my v3 and got v4 set up, and then I use the mara 1.5 fix. For some reason, my "trial period" doesn't show up. Updating doesn't work either, but I know that's an ongoing issue.

Thanks in advance!

Wait for a day or two, or click the Update button many times to get your first update. After this first update your Trial days will show and the other updates will come in faster.

I decided to reinstall and go for Box4EVER. Not only was it much more simple, but I can enable self-defense. The update downloaded almost immediately after I got it working.

Thanks again to both of you.

Link to comment
Share on other sites


@box

I've sent you a PM about a problem I got using your fix. The ESET GUI closed right after launching at the first boot after I installed your fix(it hasn't occurred anymore), with the error some data was lost. Might this be a problem?

I think that it was random and had nothing to do with Box4EVER. I have yet to encounter [any] problem with the fix. I didn't really expect any since the fix is so focused at its target. Also, sadly to say the the eset u/p in x64 did not work. It started updating and when it was almost done, it asked for a u/p. I even typed it in again and a no go. You guy have to see the improved GUI for the Box4EVER. It is just cosmetic. Also, I have added the suggestion for the 2 steps when you have the retail version installed. And lastly, I changed one code to make it work in many languages and not just English. And so I was told.

Link to comment
Share on other sites


ESET4 Box4EVER 4.30A :)

Pending serious problems, I believe that this is the final version. People, just remember that updating using the trial eval servers are an on going issue with ESET. There is no getting around it. I have learned many new things making this fix, especially the gui.

Link to comment
Share on other sites


Will be frontpaged :) Have been using 4.25 for the past days.

mara- and box should still work at a combined installer though :) I think mara- is already putting something together.

Advantages of a combined installer: people are shown which fixes they can install and what it will do/require. You just have to download one file and are not in doubt before downloading(for our users with a little less knowledge on the subject).

Link to comment
Share on other sites


@shought:

I think they should have both combined and separate fix.

Why? To inspire more ideas :)

Link to comment
Share on other sites


My idea was not to combine their fixes, but just to combine them in one installer. So you launch the installer and then you can pick which fix you want to install.

This way people don't have to download two files, they can pick after they downloaded(otherwise we'd have to provide all sorts of information on both fixes at the download page, which isn't practical).

Link to comment
Share on other sites


Any news about Nodenabler for Nod32 V4 or ESS 4 ? :D

---------------------------------

Nothing yet !

Link to comment
Share on other sites


ESET4 Box4EVER 4.30A :D

Pending serious problems, I believe that this is the final version. People, just remember that updating using the trial eval servers are an on going issue with ESET. There is no getting around it. I have learned many new things making this fix, especially the gui.

In case you make another fix, what will have to do someone that has used a previous version?

Link to comment
Share on other sites


brianwarming

Because of how the Box fix works the normal ESET tray icon can't display the current virus signature version. I made this little tray application as a addon to the Box fix. It takes 1 MB of memory and no CPU time.

screenshot1vow.jpg

screenshot2zlr.jpg

It displays the current virus signature version in the tray icon. I know, an extra icon for so little, but I don't mind an extra icon myself.

Just copy the ESET4 Box4EVER Addon.exe file where ever you want it and start it.

To autostart with Windows : Right click the tray icon and select Start with Windows. If you move the ESET4 Box4EVER Addon.exe to a different folder then deselect Start with Windows AND select it again.

If you want to test it, get it here :

mediafire.com

sharecode : /?sharekey=7f6372adbf5eb864d1014a7a667fa2b4e04e75f6e8ebb871

Tested with ESET NOD32 Antivirus 4 under Windows Vista SP1 (32bit and 64 bit), Windows XP SP3 (32 bit), Windows 7 (32bit). UAC was activated on Vista and Windows 7.

BTW just a tip : in Windows (XP, Vista, 7) you can select how your icons should be shown (Always, Never, Hide when inactive). This way the "ESET4 Box4EVER Addon" icon can always be visible.

Update : new version (1.0.1) It now works on 64 bit Windows

Update 2 : new version (1.0.2). The addon now detects if you use EAV or ESS and selects the tray icon accordingly. Now the colors match the genuine ESET tray icon :D

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...