Down the rabbit hole with NOD32 antivirus

For years now NOD32, an antivirus program from ESET, has been running on the Windows computers of a number of people I know. This will change in the future and here's why.

Recently, one of these people called me complaining of a NOD32 error every time Windows 7 started up. The error, shown below, seems to be more from Windows than from the ESET program egui.exe.


Somehow file mfc110u.dll was corrupted to the point that Windows wanted nothing to do with it.

My first reaction was to un-install the software and then re-install it.

No can do.

NOD32 was no longer listed in the Control Panel, Programs and Features applet. Windows lost track of it, which is strange considering that egui.exe is still running at system startup and the ESET service (ekrn.exe) is also running.

Following the Start -> Programs breadcrumbs leads to a NOD32 uninstaller that did absolutely nothing. By all measures (I watched closely with Process Explorer) it did not even start.

The software won't run and can't be un-installed.

Hoping to install a new fresh copy of the software, I set out to stop the remnants of NOD32 from running automatically at startup time.

The excellent Autoruns program from Microsoft stopped one program from running, and I also disabled the ESET service (it prevents you from stopping it while its running). After rebooting, Process Explorer confirmed that there was no ESET software running.

Still, the installer failed, saying the software was already installed. The registry strikes again. 

In short, I can't go left, I can't go right and I can't stand still. It won't run, it won't un-install and it won't re-install.

Off to technical support.   

You submit problem tickets to ESET through a web page form that doesn't allow for uploading files. So, they never saw the screen shot of the error with mfc110u.dll. The text of the message was given to them but, you know, sometimes a picture is worth a thousand words.

ESET has a System Inspector program that seems to be designed for just this sort of thing. I ran it and saved its report, but it wasn't clear if they got it.

And the report is not impressive. It shows, for example, running processes and rates them as good, bad or unknown. Among the unknown processes were Chrome, Firefox and IrfanView. Really. Makes me wonder if the software has been abandoned.

Tech support responded with just a link to KB article about manually removing the software: How do I manually uninstall my Windows ESET product? 


The good news is that ESET has a dedicated un-installer. There was, however, enough bad news to make me hesitant to run it.

  1. The last update to the un-installer added support for NOD32 antivirus version 7. Not so good if you are trying to remove version 8.
    Update: ESET has confirmed that their un-installer can remove NOD32 version 8.
  2. The video instructions warn that the un-installer may have to be run multiple times to fully un-install the software.
  3. In addition to running the un-installer, you may also have to manually delete a driver:
    How do I delete the ehdrv driver using device manager in Microsoft Windows?
  4. The un-installer needs to be run in Safe Mode, a hard thing to do when remotely controlling someone else's computer.
  5. The un-installer may reset the Windows Network settings (see above for XP, Vista) or remove network card drivers (Windows 7)
  6. The instructions for running the un-installer leave out two steps. If they are sloppy on documentation, maybe the software is sloppy too.
  7. The video instructions for running the un-installer differ (a bit) from the text based instructions.

At this point, we will probably just walk away from the software without running the un-installer.

To that end, I will rename the folders where the software lives to further insure it doesn't execute (no real need to delete anything). It already has been blocked from running at system startup. Hopefully the leftover NOD32 entries in the registry won't prevent the next antivirus program from installing.

Taking a step back, you have to ask if the benefits of Windows are worth the hassle and expense of antivirus programs, not to mention the constant risk of malware.

A couple days ago  Steven J. Vaughan-Nichols blogged about Chromebooks outselling cheap Windows 8 laptops at Part of the Chromebook appeal has to be the lack of viruses and malware. 


Copyright © 2015 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon