NOD32 = No Internet?

  • Thread starter Thread starter Buford T. Justice
  • Start date Start date
B

Buford T. Justice

I have Windows XP Pro with SP1a and Norton AntiVirus 2003 running, well, at
least it was. I decided to try NOD32 so I downloaded, installed, rebooted,
and configured and everything worked well then one day, after a reboot, I
had a message that NOD32 changed my network settings and needed the computer
to be rebooted. I reboot and my Internet and network no longer worked.
After trying several ideas to no avail, I reinstalled Windows XP completely.
I couldn't even go to ADD/REMOVE and uninstall it since it would pop up an
error message about SVCHOST.EXE.

So after I had Windows XP Pro reinstalled, SP1a installed, and my hardware
drivers installed I decided to go ahead and redownload NOD32. And guess
what? It did the same thing again except this time I was able to uninstall
it and my Internet and network would work again. PHEW!

Anyway, what would have caused the problem? I had Norton 2003 installed the
first time, but it still worked with both running. This time, I had NOD32
installed first without Norton 2003 ever being installed. I am on Wireless
Internet using an external antenna which goes to my D-Link Wireless G
network card in my computer. I also have a regular 10/100 NIC which goes to
a D-Link router so I can share my Internet connection with 3 other computers
here at my home. My computer, not the router, does DHCP for my network
which uses TCP/IP. I am running the default Windows XP Firewall.

Any help will be greatly appreciated.

Sincerely,
BTJustice

P.S. - I sent this earlier, but have not seen it posted on the newsgroup yet
so if you see the same thing twice I apologize.
 
Geez! Sounds like maybe a trojan or something might have hosed
it. I've been running Nod32 for years, never had that kind of a
problem. When you reinstalled, did you WIPE the hard drive, and
reinstall, or just reinstall over the top?
 
I have Windows XP Pro with SP1a and Norton AntiVirus 2003 running,
well, at least it was. I decided to try NOD32 so I downloaded,
installed, rebooted, and configured and everything worked well then
one day, after a reboot, I had a message that NOD32 changed my network
settings and needed the computer to be rebooted. I reboot and my
Internet and network no longer worked. After trying several ideas to
no avail, I reinstalled Windows XP completely. I couldn't even go to
ADD/REMOVE and uninstall it since it would pop up an error message
about SVCHOST.EXE.
Click to expand...

I have XP Pro machines running on my network using NOD32 and I have not
encounterd a problem such as you have described. Did you first shutdown
NOD32 before trying to uninstall it? IMON on NOD32 is scanning the
network traffic to the POP3 server so it could be that it was using some
element of SVCHOST.exe. What was the message about with SVCHOST and
NOD32?
Anyway, what would have caused the problem? I had Norton 2003
installed the first time, but it still worked with both running. This
time, I had NOD32 installed first without Norton 2003 ever being
installed. I am on Wireless Internet using an external antenna which
goes to my D-Link Wireless G network card in my computer.
Click to expand...
I also have
a regular 10/100 NIC which goes to a D-Link router so I can share my
Internet connection with 3 other computers here at my home. My
computer, not the router, does DHCP for my network which uses TCP/IP.
I am running the default Windows XP Firewall.
Click to expand...

Are you using the AV as some kind of gateway AV solution for the
netwwork?

So, you got the XP sitting out there as a gateway device using the XP
ICF. You may want to supplement the XP FW with IPsec which is part of the
XP O/S.

http://lists.gpick.com/pages/IP_Security_(IPSec).htm

You may also want to *harden* the XP gateway machine a little bit too, if
you have not already done so.

http://www.uksecurityonline.com/husdg/windowsxp.php

Duane :)
 
Name withheld by request said:
Geez! Sounds like maybe a trojan or something might have hosed
it. I've been running Nod32 for years, never had that kind of a
problem. When you reinstalled, did you WIPE the hard drive, and
reinstall, or just reinstall over the top?
Click to expand...

I formatted the hard drive twice just to be safe.
 
Duane Arnold said:
I have XP Pro machines running on my network using NOD32 and I have not
encounterd a problem such as you have described. Did you first shutdown
NOD32 before trying to uninstall it? IMON on NOD32 is scanning the
network traffic to the POP3 server so it could be that it was using some
element of SVCHOST.exe. What was the message about with SVCHOST and
NOD32?
Click to expand...

Yes I had it shut off completely before uninstalling it. I can't remember
the exact message. All I remember is the it would say SVCHOST.EXE
encountered an error and will be shut down. I then get the 60 count.
Are you using the AV as some kind of gateway AV solution for the
netwwork?
Click to expand...

No. Just on this computer. The others have their own AV software.
So, you got the XP sitting out there as a gateway device using the XP
ICF. You may want to supplement the XP FW with IPsec which is part of the
XP O/S.

http://lists.gpick.com/pages/IP_Security_(IPSec).htm
Click to expand...

I'll check into that. Thanks.
You may also want to *harden* the XP gateway machine a little bit too, if
you have not already done so.

http://www.uksecurityonline.com/husdg/windowsxp.php

Duane :)
Click to expand...

And I'll check into that also. Thanks.

BTJustice
 
Did it just stop working all of a sardine?
Suspect active malware if so...

That *NOD32* had changed your network? That's odd, I wasn't aware
NOD32 would care; I thort it was an av only without a firewall.

Mind you, installing multiple ?dualling avs and 3rd-party firewalls is
generally a bad idea - did you uninstall NAV2003 first?

Did you have commercial malware in effect? This can make networking
and Internet brittle to changes, if it patches in to "add value".
Don't expect traditional av such as NOD32 or NAV to tell you about
commercial malware; you need special-focus utilities such as AdAware
or Spybot (or others that I haven't tried) to catch those.

Lamentable loss of detail there :-/

Ah, SVCHOST.EXE - something that figures as prominently in malware
tales as Mr Gates does in tales of software monopolies :-)

The "real" SVCHOST.EXE is a part of XP that acts as a "wrapper" for
other files that run as services. As such, it offers the same sort of
opportunity to malware that RunDLL and RunDLL32 do; a chance to sneak
past an app-aware firewall under the skin of the (permitted) wrapper.

SVCHOST.EXE can have a more direct significance. For starters, it's a
Win32PE and thus succeptable to generic infection by any virus that
infects .exe in general or Win32PE code in particular.

Over and above that, the common and accepted SVCHOST.EXE filename is
specifically used by several malware to appear as if they are part of
the system. Suspect this if you Find several copies of this file; the
ones outside the expected location are probably malware (e.g. Jeefo.A)

Modern malware typically disables a slew of known av apps when it goes
active; a list that often includes both NAV and NOD32. So depending
on a freshly-installed Windows-based av to clean up an existing active
infection is... hopeful, let's put it that way.

If you weren't suckered by the "use NTFS, it's More Secure!" hype, you
can use NOD32 for DOS from a formal diskette boot to check the system,
or F-Prot for DOS, or trialware of Sophos for DOS too.

OTOH if you did use NTFS, well - your problems may have just begun!
I have XP Pro machines running on my network using NOD32 and I have not
encounterd a problem such as you have described. Did you first shutdown
NOD32 before trying to uninstall it? IMON on NOD32 is scanning the
network traffic to the POP3 server so it could be that it was using some
element of SVCHOST.exe. What was the message about with SVCHOST and
NOD32?
Click to expand...

Mileage may vary due to:
- commercial malware on this system not present on Duane's
- traditional malware active on this system not present on Duane's
- NAV still being present when NOD32 was installed
Uh-huh...
Click to expand...

That would be more likely to work :-)
You may want to supplement the XP FW with IPsec which is part of XP
http://lists.gpick.com/pages/IP_Security_(IPSec).htm
Click to expand...

Hm, thanks - I must look that up when online, tho that URL looks
doomed (is it supposed to contain multiple consecutive spaces?)
You may also want to *harden* the XP gateway machine a little bit too, if
you have not already done so.
Click to expand...
http://www.uksecurityonline.com/husdg/windowsxp.php
Click to expand...

So many links, so little time...


------------ ----- --- -- - - - -
Click to expand...
Things should be made as simple as possible,
but no simpler - attrib. Albert Einstein
 
cquirke (MVP Win9x) said:
Did it just stop working all of a sardine?
Suspect active malware if so...
Click to expand...

No not exactly. NOD32 simply popped a message that it had changed my
network setings and needed a computer reboot. After the reboot was when all
hell broke lose.
That *NOD32* had changed your network? That's odd, I wasn't aware
NOD32 would care; I thort it was an av only without a firewall.
Click to expand...

No firewall in NOD32. It's Internet Monitor, IMON, must have did it as
there is an option there for it to 'repair' network settings.
Mind you, installing multiple ?dualling avs and 3rd-party firewalls is
generally a bad idea - did you uninstall NAV2003 first?
Click to expand...

Yes the first time and everythign worked fine. I know this is a bad idea,
but I doubt it would result in messing up my network settings as I had both
running for about 4 weeks.
Did you have commercial malware in effect? This can make networking
and Internet brittle to changes, if it patches in to "add value".
Don't expect traditional av such as NOD32 or NAV to tell you about
commercial malware; you need special-focus utilities such as AdAware
or Spybot (or others that I haven't tried) to catch those.
Click to expand...

I am a religious AdAware user. Since hte reinstall, the only thing it found
was MSIE's "Alexa" service.
Lamentable loss of detail there :-/
What???


Ah, SVCHOST.EXE - something that figures as prominently in malware
tales as Mr Gates does in tales of software monopolies :-)

The "real" SVCHOST.EXE is a part of XP that acts as a "wrapper" for
other files that run as services. As such, it offers the same sort of
opportunity to malware that RunDLL and RunDLL32 do; a chance to sneak
past an app-aware firewall under the skin of the (permitted) wrapper.

SVCHOST.EXE can have a more direct significance. For starters, it's a
Win32PE and thus succeptable to generic infection by any virus that
infects .exe in general or Win32PE code in particular.

Over and above that, the common and accepted SVCHOST.EXE filename is
specifically used by several malware to appear as if they are part of
the system. Suspect this if you Find several copies of this file; the
ones outside the expected location are probably malware (e.g. Jeefo.A)

Modern malware typically disables a slew of known av apps when it goes
active; a list that often includes both NAV and NOD32. So depending
on a freshly-installed Windows-based av to clean up an existing active
infection is... hopeful, let's put it that way.

If you weren't suckered by the "use NTFS, it's More Secure!" hype, you
can use NOD32 for DOS from a formal diskette boot to check the system,
or F-Prot for DOS, or trialware of Sophos for DOS too.

OTOH if you did use NTFS, well - your problems may have just begun!
Click to expand...

I think SVCHOST.EXE is the "Generic Host Services" right? That means it is
essential that it is there for the Interent to even work. NTFS is better
that FAT32. Better handling of data clusters, more security, etc.
 
Yes I had it shut off completely before uninstalling it. I can't
remember the exact message. All I remember is the it would say
SVCHOST.EXE encountered an error and will be shut down. I then get
the 60 count.


No. Just on this computer. The others have their own AV software.


I'll check into that. Thanks.


And I'll check into that also. Thanks.

BTJustice
Click to expand...

Sometime late in 2004, SP2 will be released for XP which will be geared
towards improvments of ICF. You can seach Google on XP's SP2 for info on
upcoming improvments.

Duane :)
 
No firewall in NOD32. It's Internet Monitor, IMON, must have did it as
there is an option there for it to 'repair' network settings.
Click to expand...

That's a bit scary. What does NOD32's documetation say about it does
when it "repairs" settings?
Yes the first time and everythign worked fine. I know this is a bad idea,
but I doubt it would result in messing up my network settings as I had both
running for about 4 weeks.
Click to expand...

IKWYM. Sounds odd, in that if NOD32 was always going to bite, it
would have done so the first time you tried it too...
I am a religious AdAware user. Since hte reinstall, the only thing it found
was MSIE's "Alexa" service.
Click to expand...

OK - and that's something of a false positive / "cry wolf"
I think SVCHOST.EXE is the "Generic Host Services" right? That means it is
essential that it is there for the Interent to even work.
Click to expand...

That's the "real" SVCHOST.EXE - but read all of the above, again...

1) Not everything that is called SVCHOSTS.EXE is the "real thing"
2) The "real thing" can be used as a wrapper for malware
NTFS is better that FAT32. Better handling of data clusters,
more security, etc.
Click to expand...

Yes, I've heard the party line too - but it also means:

1) NO formal virus scanning whatsoever (as nothing other than
NT can read it, and NT only runs off HD)

2) Few if any data recovery tools, and NO maintenance OS

3) No interactive file system checker - stone-age ChkDsk
has to be trusted to automatically fix errors

NTFS's security is meaningless if malware gets under the OS's layer of
abstraction, or if other things go wrong below that layer of
abstraction. If flaky hardware causes arbitrary sectors to be
trashed, or failing HD that does the same, then all of NTFS's "only
allowed to paint between the lines" rules aren't worth a damn.

Until there's a decent maintenance OS (with data recovery and formal
virus scanning tools) for NTFS, I consider it unfit for general
consumer use, much as the old disk compression widowmakers.

Let's say you have malware embedded within the OS's code, so that
every NT boot inevitably runs the malware, which has also patched
itself into the registry at a level that Safe Mode won't miss. How
would you intend to clean that up, in NTFS?


-------------------- ----- ---- --- -- - - - -
Click to expand...
Hmmm... what was the *other* idea?
 
NTFS's security is meaningless if malware gets under the OS's layer of
abstraction, or if other things go wrong below that layer of
abstraction. If flaky hardware causes arbitrary sectors to be
trashed, or failing HD that does the same, then all of NTFS's "only
allowed to paint between the lines" rules aren't worth a damn.

Until there's a decent maintenance OS (with data recovery and formal
virus scanning tools) for NTFS, I consider it unfit for general
consumer use, much as the old disk compression widowmakers.

Let's say you have malware embedded within the OS's code, so that
every NT boot inevitably runs the malware, which has also patched
itself into the registry at a level that Safe Mode won't miss. How
would you intend to clean that up, in NTFS?
Click to expand...

Home electronics has grown to be pretty much
throw-it-away-if-it's-broke-because-it's-too-expensive-to-fix-it.
Seems like M$ is doing the same thing with their operating systems.
Many people will practically give away late model PCs they have
problems with. That's fine with me. I can purchase one of these steals
every couple of years and fix it up the way I want it. It's amazing
how little I have to spend now on computers and peripherals compared
to the 286 - 386 - 486 days.


Art
http://www.epix.net/~artnpeg
 
I can install NOD32 and my Internet and network will not work. No DHCP
assigning IPs to network, etc. I uninstall it and my Internet and network
both work. Weird. It adds 2 processes to the task manager when installed
giving me 31 processes running. After uninstalling it, I am down to 29. I
take that to mean there is nothing extra running when NOD32 is installed
except for the 2 processes it has.

BTJustice
 
I can install NOD32 and my Internet and network will not work. No
DHCP assigning IPs to network, etc. I uninstall it and my Internet
and network both work. Weird. It adds 2 processes to the task
manager when installed giving me 31 processes running. After
uninstalling it, I am down to 29. I take that to mean there is
nothing extra running when NOD32 is installed except for the 2
processes it has.

BTJustice
Click to expand...

Maybe, it's the fact that you're using NOD32 and the machine is configured
to be a gateway machine that's the issue here.

Duane :)
 
http://www.cexx.org/lspfix.htm

I ran the above program. It removed "imon.dll" and now NOD32 Trial 2.000.6
works, but IMON appears to be non-existant unless I start the service in
which case I am back to the same problem all over again. Does the IMON part
of NOD32 Trial 2.000.6 not play well with Windows XP Pro SP1a? If that is
the case, is there a newer trial version available?

BTJustice
 
http://www.cexx.org/lspfix.htm

I ran the above program. It removed "imon.dll" and now NOD32 Trial
2.000.6 works, but IMON appears to be non-existant unless I start the
service in which case I am back to the same problem all over again.
Does the IMON part of NOD32 Trial 2.000.6 not play well with Windows
XP Pro SP1a? If that is the case, is there a newer trial version
available?
Click to expand...

You can ask at the Nod32 forum.

http://www.wilderssecurity.com/

Duane :)
 
Already did.
Click to expand...

The current version of NOD32 is 2.000.8, which was upgraded not too long
ago. I don't know of any issues with NOD32 and XP SP1a, which I am
currently using. It seems to me that it's the config of your machine as a
gateway that IMON may not be geared towards.

If you like, you can put the issues in a reply post and I'll send it into
NOD's Tech Support for you. Maybe, there is some kind of workaround.

Duane :)



Duane :)
 
The only workaround is in a previous post of mine in this thread. The trial
version is still 2.000.6.

BTJustice
 
Back
Top