• Unable to install ESET products
• ESET is not functioning or is giving error messages
• Error communicating with EKRN
• Analysis of application protocols (POP3, HTTP) will not function
• Your ESET product detects the threat Win32/TrojanDownloader.Necurs.A

The Win32/Necurs infection is designed to deny read access to malicious files and is able to run at the kernel level. As a result, this particular malware can sometimes go undetected on a computer running ESET products.

I. Run the ESETNecursCleaner tool

1. Download and save the .exe file to your Desktop (or your default "Downloads" directory) by clicking the following link:
   
   Download ESET Necurs Cleaner
    
2. Double-click ESETNecursCleaner.exe to run the tool. You must click Agree to agree to the End User License Agreement the first time that you use the tool.

3. If you receive the message "Threat not found—You don't have Win/32Necurs in your system" your computer is not infected with Necurs malware.
   
   If you receive the message "Win32/Necurs found in your system", press Y to confirm that you want to remove the rootkit.

Figure 1-1
Click the image to view larger in new window

4. Bookmark this article once cleaning is complete, and then press Y to restart your computer. Use the bookmark to re-open this article after your computer restarts.

Figure 1-2
Click the image to view larger in new window

5. Follow the instructions from Part II below to perform a scan that will remove any remaining malicious files.

II. Perform a computer scan

1. Open the main program window of your Windows ESET product.
    
2. Click Computer Scan → Custom scan...  and select In-depth scan from the Scan profile drop-down menu.

Figure 2-1

3. Select the check box next to Computer and click Scan. The scan will remove any remnants of the malware still left on your system.
   
   Windows XP users: Select the check box next to My Computer and then click Scan.

Figure 2-2