Solved

BSOD issues Possibly related to Nod32

Posted on 2012-04-03
13
1,981 Views
Last Modified: 2013-11-22
I have been having some issues with some windows 7 machines crashing. The only link I have been able to find between the 4 computers (all running windows 7 professional) is they all had downloaded and installed Windows update :
Definition Update for Windows Defender - KB915597 (Definition 1.123.978.0)
And after the system is restarted, or signed onto, it will either BSOD on start up, or the user will be able to sign on for a short period of time, then it will BSOD and continuously restart and crash.
We have run into a similar issue before but on Windows Server 2008 R2, and we determined the issue was ESET nod32. After Removal, the servers worked fine and quit unexpectedly crashing. The same seems to be True in this case with the windows 7 machines. We have removed nod32 from the machines that were experiencing these issues, and the issue seems to be resolved.
I'm trying to look at the memory.dmp files but and having no luck opening them in windbg because it says i'm not using the correct symbols (which I downloaded and have listed in windbg symbol file path area). I was wondering If someone could possibly help me out with these and help shed some light on what the exact issue(s) is/are on these PC's and if they are all related or if each are having their own problems.
I am attaching a copy of the Memory.DMP file from one of the computer's (file extentions changed to .txt) for anyone that may be able to help.

Thank you for your time
0
Comment
Question by:sobrsu
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 24

Expert Comment

by:smckeown777
ID: 37803828
Maybe its me but I can't see your memory dump file?
Can you attach the minidump files? They are smaller in size, usually located in C:\Windows\Minidump...

Cheers...
0
 

Author Comment

by:sobrsu
ID: 37803880
Oh.. looks like it didn't make it because the file was to large.. I found three files. in the mini dump folder

Thanks
033012-9297-01.txt
033012-9391-01.txt
033012-9360-01.txt
0
 

Author Comment

by:sobrsu
ID: 37803891
and here are 2 more from another computer that experienced the same problem just this morning.
040312-9921-01.txt
040312-11575-01.txt
0
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 333 total points
ID: 37803926
Based on the minidumps these BSOD's are also relating to ESET, the faulting file is listed as 'eamonm.sys' which is a file associated with ESET antivirus

Is ESET up to date with latest version?
0
 
LVL 32

Assisted Solution

by:willcomp
willcomp earned 167 total points
ID: 37803932
The faulting module on both PCs is eamonm.sys which is the NOD32 driver. Copies of the crash dump analyses are attached.
Analysis.log
Analysis1.log
0
 
LVL 32

Expert Comment

by:willcomp
ID: 37803955
@smckeown777 -- didn't mean to steal your thunder. At least we agree.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 24

Expert Comment

by:smckeown777
ID: 37803993
Not a problem sir, all here to help!
0
 

Author Comment

by:sobrsu
ID: 37804003
Wow Thanks for the quick responses. This is the list of Installed components for nod32 :

Virus signature database: 7024 (20120403)
Update module: 1040 (20120313)
Antivirus and antispyware scanner module: 1349 (20120329)
Advanced heuristics module: 1121 (20111208)
Archive support module: 1143 (20120320)
Cleaner module: 1054 (20120323)
Anti-Stealth support module: 1026 (20110628)
ESET SysInspector module: 1216 (20100517)
Self-defense support module: 1018 (20100812)
Real-time file system protection module: 1006 (20110921)

And the Version we are running is : Version 4.2.64.12

To the Best of my knowledge this is the latest (For enterprise). I know personal is at version 5, but it hasn't been released for business use which allows for a Remote Administration and Update server and all that.
Any Advice on how to proceed? Maybe just re installing NOD32?
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 333 total points
ID: 37804088
Might be the only option

Do u have enterprise support?
Might be an option to send them the same u sent here
They may be more able to help

But to get ur machines back on their feet uninstall and reinstall
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 37804105
Also u mentioned windows defender update
Possibly it and nod are in conflict?
Can u disable it maybe an see if it helps?
0
 

Author Comment

by:sobrsu
ID: 37806668
Well, on the system's that were experiencing this issue NOD32 was uninstalled. I reinstalled on one of the computer's last night, and spoke to the user this morning (who's been working on it for about 2 hours now) who said it was working fine. I found this help article on ESET's website
http://kb.eset.com/esetkb/index?page=content&id=SOLN2523&actp=search&viewlocale=en_US&searchid=1333551177321
And it looks like the windows defender updates have caused problems in the past. I had another issue with them after trying to recreate this problem on a test machine. I installed NOD32, before anything else on a brand new Laptop running windows 7 pro x86. After I ran all windows updates and nothing happened, I opened NOD32 and there are no menu items available and a message shows saying error communicating with kernel. Just thought I'd post that to document ESET issues here.
But any way, thank you smckeown777 and willcomp. You helped me out greatly.
Capture2.PNG
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 37806715
Good info to know, glad u got sorted...
0
 

Expert Comment

by:ColinBC
ID: 37825079
I'm glad I'm not the only one that has been experiencing these freezes and crashes.  I have had 3 users at work in the past week all reported the same issues as the original poster.  All PC's effected are running Windows 7 Profession 64-bit and all have ESET NOD32.  My breakdown of the error reports pointed to ESET being a factor.  I temporarily resolved this on the first user to report the issue by completely removing ESET.  They have been 100% stable since the removal of ESET.  I still have to reinstall on that users's PC and see if the issue reappears.

Thanks for the info everyone posted here.  I'm troubleshooting 2 more PC's with this issue as I type this...
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article describes how to set permissions to allow a limited-permissions user to start and stop a particular System Service.   It is always best to give users only the permissions that they need to perform their job, so tweaking particular permi…
The way I use Experts Exchange to assist me in analyzing and diagnosing a problem is I first enter a Verbose Question at Experts Exchange like: Office 2007 will hang when opening and saving files I then launch WordPad (any text editor will do) an…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now