Eset Nod 32 Fix for 3.0?

[Dmt]

if theres some valid server for nod32 3.0.621 please send to me. thanks so much

[shought]

What the... Has this become the NOD32 server request thread? LOL :)

[Guest bmnot1]

The fix by Temdono makes me increasingly suspicious.

I had a look with TCPview from sysinternals.

My ekrn.exe opens many connections to various sites and ip addresses:

www.weissgerbers.com

www.18edu.com

impactglobalmarketing.com

basic-bongo.breakout.dreamhost.com

213.144.186.210

...

As i'm typing here more and more addresses are coming!

Furthermore there are tens of connections opening/closing in localhost(127.0.0.1).

I have noticed also a strange activity for ekrn.exe and svchost.exe(TermService and DcomLaunch).

Looking in Process Explorer they start to have 5-10% of CPU then begin repeated connections to various addresses and ip.

It's very strange.

If I pause ekrn.exe connections end and all its ok. Then on ekrn.exe resume... oleee!! Again tens of connections..

Anyone noticed that?

[KotaXor]

What the... Has this become the NOD32 server request thread? LOL :)

What to do? Try to please everyone!

:)

To all the above members, read your PM!

[Guest bmnot1]

This is from Process Explorer:

[Peymon]

Hello,

I dont seem to be able to update using the Temdono fix... can someone please PM me some update servers?

Thank you

-Peymon

[DaEnigma]

The fix by Temdono makes me increasingly suspicious.

I had a look with TCPview from sysinternals.

My ekrn.exe opens many connections to various sites and ip addresses:

www.weissgerbers.com

www.18edu.com

impactglobalmarketing.com

basic-bongo.breakout.dreamhost.com

213.144.186.210

...

As i'm typing here more and more addresses are coming!

Furthermore there are tens of connections opening/closing in localhost(127.0.0.1).

I have noticed also a strange activity for ekrn.exe and svchost.exe(TermService and DcomLaunch).

Looking in Process Explorer they start to have 5-10% of CPU then begin repeated connections to various addresses and ip.

It's very strange.

If I pause ekrn.exe connections end and all its ok. Then on ekrn.exe resume... oleee!! Again tens of connections..

Anyone noticed that?

I only see connections made to http addresses when I open a browser or another internet app, then I see the active internet monitor watching background connections from that app and scanning them. Seems normal to me, but I do not see any really odd addresses, but lots of advertising/tracking addresses. When was the last time you scanned for attached toolbars and or spyware? I mean it could be that the address you are hitting from your browser is just connecting to these addresses and the monitor is filtering them, but I only checked at nsane, yahoo mail, and google using Firefox.

[jhn195]

Damn my NOD32 using TemDono fix is disabled for some reason. I can no longer update my signature, it gives me a "Undocumented serious error (0x101a)"

[Klockren]

Kotaxor and Jofre thanx for the pm :)

[eBait]

The fix by Temdono makes me increasingly suspicious.

I had a look with TCPview from sysinternals.

My ekrn.exe opens many connections to various sites and ip addresses:

www.weissgerbers.com

www.18edu.com

impactglobalmarketing.com

basic-bongo.breakout.dreamhost.com

213.144.186.210

...

As i'm typing here more and more addresses are coming!

Furthermore there are tens of connections opening/closing in localhost(127.0.0.1).

I have noticed also a strange activity for ekrn.exe and svchost.exe(TermService and DcomLaunch).

Looking in Process Explorer they start to have 5-10% of CPU then begin repeated connections to various addresses and ip.

It's very strange.

If I pause ekrn.exe connections end and all its ok. Then on ekrn.exe resume... oleee!! Again tens of connections..

Anyone noticed that?

I only see connections made to http addresses when I open a browser or another internet app, then I see the active internet monitor watching background connections from that app and scanning them. Seems normal to me, but I do not see any really odd addresses, but lots of advertising/tracking addresses. When was the last time you scanned for attached toolbars and or spyware? I mean it could be that the address you are hitting from your browser is just connecting to these addresses and the monitor is filtering them, but I only checked at nsane, yahoo mail, and google using Firefox.

This might be some spyware or you visiting bad sites, bmnot. What Eset 3.x software does is that it tunnels *all* the data you down or upload through ekrn.exe. I think this is what's happening, you should try to install an VMware box with XP+Eset 3.x+TemDono, and you will see it's all fine.

[phiggs]

I've tried like 10 different servers now and none are working for me :)

Can somebody tell me what update servers you guys are using or PM me it? Thanks.

[Guest bmnot1]

I only see connections made to http addresses when I open a browser or another internet app, then I see the active internet monitor watching background connections from that app and scanning them. Seems normal to me, but I do not see any really odd addresses, but lots of advertising/tracking addresses. When was the last time you scanned for attached toolbars and or spyware? I mean it could be that the address you are hitting from your browser is just connecting to these addresses and the monitor is filtering them, but I only checked at nsane, yahoo mail, and google using Firefox.

I did many checks for toolbars and/or spyware and malware. Not found anything. I think my system is clean. In my screenshots there is firefox.exe but things happens also if it is closed. It's the same. <_<

This might be some spyware or you visiting bad sites, bmnot. What Eset 3.x software does is that it tunnels *all* the data you down or upload through ekrn.exe. I think this is what's happening, you should try to install an VMware box with XP+Eset 3.x+TemDono, and you will see it's all fine.

As I said, I think my system is clean. Anyway thank you DaEnigma and eBait for your hints.

I'll continue to check and try to resolve. ;)

[KotaXor]

I've tried like 10 different servers now and none are working for me <_<

Can somebody tell me what update servers you guys are using or PM me it? Thanks.

Hi phiggs and Peymon,

Look at your PM.

I have been updating just fine, mine was updated to 2810 automatically. I have been using the same list of servers for the past one week.

[KotaXor]

I only see connections made to http addresses when I open a browser or another internet app, then I see the active internet monitor watching background connections from that app and scanning them. Seems normal to me, but I do not see any really odd addresses, but lots of advertising/tracking addresses. When was the last time you scanned for attached toolbars and or spyware? I mean it could be that the address you are hitting from your browser is just connecting to these addresses and the monitor is filtering them, but I only checked at nsane, yahoo mail, and google using Firefox.

I did many checks for toolbars and/or spyware and malware. Not found anything. I think my system is clean. In my screenshots there is firefox.exe but things happens also if it is closed. It's the same. <_<

This might be some spyware or you visiting bad sites, bmnot. What Eset 3.x software does is that it tunnels *all* the data you down or upload through ekrn.exe. I think this is what's happening, you should try to install an VMware box with XP+Eset 3.x+TemDono, and you will see it's all fine.

As I said, I think my system is clean. Anyway thank you DaEnigma and eBait for your hints.

I'll continue to check and try to resolve. ;)

I am using firefox too, and my firewall is Agitum outpost, when I close my browser, outpost show no outgoing or incoming data. While I am writing this, ekrn.exe is totally inactive, my firewall only show firefox.exe.

[maxima2k53]

I only see connections made to http addresses when I open a browser or another internet app, then I see the active internet monitor watching background connections from that app and scanning them. Seems normal to me, but I do not see any really odd addresses, but lots of advertising/tracking addresses. When was the last time you scanned for attached toolbars and or spyware? I mean it could be that the address you are hitting from your browser is just connecting to these addresses and the monitor is filtering them, but I only checked at nsane, yahoo mail, and google using Firefox.

I did many checks for toolbars and/or spyware and malware. Not found anything. I think my system is clean. In my screenshots there is firefox.exe but things happens also if it is closed. It's the same. <_<

This might be some spyware or you visiting bad sites, bmnot. What Eset 3.x software does is that it tunnels *all* the data you down or upload through ekrn.exe. I think this is what's happening, you should try to install an VMware box with XP+Eset 3.x+TemDono, and you will see it's all fine.

As I said, I think my system is clean. Anyway thank you DaEnigma and eBait for your hints.

I'll continue to check and try to resolve. ;)

y dont u try and download spybot search and destroy...for me thats the best antispyware program ever

[Guest bmnot1]

Thank you for replies kotaxor and maxima! <_<

I tried:

AVG antispyware 7 --> nothing

AdAware Pro 2007 --> nothing

Kaspersky 7 --> nothing

Hijackthis --> nothing

BHODemon --> nothing

;)

I will try SystemScan (from SuspectFile.com) and then Spybot..

[irefay]

If someone is looking for a way to use nod for a very LONG time:

google4life!

This is the search engine I have my nod subscribed to. (lol ?)

[bearoninternet]

As i mentioned before, as soon as the trialperiod has ended, i just uninstall, clean my reg with jv16 and ccleaner, and reinstall with a fresh new trial.

This has worked out for me about 4 times so far...

The Temdono fix does seem to work, but i dont trust it as i mentioned here.

Also read Toyo's reaction.

DaEnigma seems to be an early victim. <_<

[xicoescuro]

Hello everybody!

After all that was written here about TemDono fix for Nod32 v3, I have (and I'm sure that I'm the lonely one) a simple but very important question:

Can anyone (one of those who knows much better than I about all this stuff - programming, and so on...)tell me is this fix is safe or not?

It just fixes AV and ESS versions or it opens something that it was not supposed to?

Thanks in advance!

All my best!

[Jman123]

I have Outpost Firewall and NOD smart security, would it be better for me to use NOD or outpost?

[shought]

I have Outpost Firewall and NOD smart security, would it be better for me to use NOD or outpost?

That's up to you but i sure wouldn't use both!

[Jman123]

Yeah I know,lol I was just wondering since I don't really know how good the firewall in smart security is.

[maxima2k53]

Yeah I know,lol I was just wondering since I don't really know how good the firewall in smart security is.

the firewall is very good trust me

[shought]

Yeah I know,lol I was just wondering since I don't really know how good the firewall in smart security is.

the firewall is very good trust me

I've had no problems with it, it works just fine for me. But if you're behind a router(like me) you don't have to care at all, then even windows firewall will do the job... I guess that says enough.

[DaEnigma]

As i mentioned before, as soon as the trialperiod has ended, i just uninstall, clean my reg with jv16 and ccleaner, and reinstall with a fresh new trial.

This has worked out for me about 4 times so far...

The fix does seem to work, but i dont trust it as i mentioned here.

Also read Toyo's reaction.

DaEnigma seems to be an early victim. <_<

I do not have any trouble... I just updated to 2811 using the Temdono fix, but I am also worried it may stop working at some point.