LISTSERV mailing list manager LISTSERV 16.5

Help for IT-DISCUSS Archives


IT-DISCUSS Archives

IT-DISCUSS Archives


IT-DISCUSS@LIST.UVM.EDU


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

IT-DISCUSS Home

IT-DISCUSS Home

IT-DISCUSS  July 2009

IT-DISCUSS July 2009

Subject:

Re: [Fwd: Re: Recent Windows Vista and XP freezing problems]

From:

Andrew Hendrickson <[log in to unmask]>

Reply-To:

Technology Discussion at UVM <[log in to unmask]>

Date:

Fri, 31 Jul 2009 11:32:52 -0400

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (578 lines)

We're rapidly coming to the conclusion that other than centering  
around ESET NOD32, there is no rhyme or reason to this at all.

Reinstall sometimes works, most of the time it doesn't

Disabling the service works most of the time, but not all of the time.

There's no hard and fast rule as to which machines are affected and  
which aren't.

At this point I'm not so sure that KB972260 is involved at all, so  
let's drop that from the mix for the moment.

I am a bit surprised that there is absolutely nothing about this on  
ESET's support forums?  What's so special about us?


On Jul 31, 2009, at 10:59 AM, Dean Williams wrote:

> ETS has opened a case with ESET, but while we're waiting for their  
> help, there appears to be some hope with new virus definitions.   
> We're trying to verify that success with several systems now.
>
> -Dean W.
>
>
>
> On Jul 31, 2009, at 10:55 AM, Scott Danis wrote:
>
>> I double-clicked on the red eye to open the ESET dialogue window.   
>> Clicked on
>> Update, then clicked on Update Virus Signature database.  After it  
>> loaded, I
>> turned protection back on.  That in itself worked, but I rebooted  
>> just for fun.
>> The version that seems to work is 4294 (20090731).
>>
>>
>> On Fri, 31 Jul 2009 10:50:13 -0400, Andrew Hendrickson
>> <[log in to unmask]> wrote:
>>
>>> Scott, can you elaborate on "manually updated the virus signature
>>> database"?  It may be the key to our mess.
>>>
>>> On Jul 31, 2009, at 10:34 AM, Scott Danis wrote:
>>>
>>>> While ESET was disabled, I manually updated the virus signature
>>>> database.  I
>>>> then enabled virus protection.  I rebooted and everything came up
>>>> normally
>>>> and am running fine.
>>>>
>>>>
>>>> Microsoft Windows XP Professional (5.1.2600)
>>>> Dell OPtiplex GX620
>>>>
>>>>
>>>> On Fri, 31 Jul 2009 10:08:38 -0400, Dean Williams
>> <[log in to unmask]
>>>>>
>>>> wrote:
>>>>
>>>>> IT Colleagues,
>>>>>
>>>>> ETS is opening a support case with ESET, since the one common  
>>>>> thread
>>>>> with every frozen computer seems to be NOD32.  So far, it seems  
>>>>> to be
>>>>> true (correct me if I've got this wrong) that:
>>>>>
>>>>> 1. Some systems don't freeze -- not restarting them might be a  
>>>>> wise
>>>>> approach, at least for now
>>>>>
>>>>> 2. Some frozen systems are fixed by disabling NOD32, so that might
>>>>> be a reasonable first approach
>>>>>
>>>>> 3. Other frozen systems are fixed by removing NOD32
>>>>>
>>>>> 4. Replacing a bad virus definition file may take care of it -- as
>>>>> noted in Andrew's latest posting
>>>>>
>>>>> ETS will post updates here as we get better information from  
>>>>> ESET or
>>>>> elsewhere.  Of course, if anyone has a breakthrough, posting it on
>>>>> IT-
>>>>> Discuss is the fastest way to get the information to the UVM IT
>>>>> community for verification and application.  Already, what's been
>>>>> posted here has narrowed down the apparent cause, and provided
>>>>> important information for ETS to share with ESET -- thanks to  
>>>>> all for
>>>>> that.  Client Services has a limited number of people who can help
>>>>> with the current labor-intensive work-around; we'll allocate those
>>>>> folks mainly to offices and individuals who have no IT support of
>>>>> their own, but if you are totally swamped trying to get your  
>>>>> clients
>>>>> back in business, please ask for help via the Help Line.
>>>>>
>>>>> Thank you for your collaboration in diagnosing and fixing this
>>>>> problem, and thanks to all for their patience as a permanent  
>>>>> solution
>>>>> is found.
>>>>>
>>>>>
>>>>> Dean Williams
>>>>> ETS Director for Client Services
>>>>> Enterprise Technology Services
>>>>> [log in to unmask] | 802-656-1174
>>>>>
>>>>>  Check the status of UVM networks and servers
>>>>>  any time at 656-1234.
>>>>>
>>>>>
>>>>> On Jul 31, 2009, at 9:24 AM, Niggel, Patrick wrote:
>>>>>
>>>>>> Did you boot into safe mode with Networking?  If the computer
>>>>>> can�t
>>>>>> authenticate your credentials off of the CAMPUS domain, then you
>>>>>> won�t be able to get in.  I don�t believe safe mode uses  
>>>>>> cached
>>>>>> credentials, from what I just tried it doesn�t.  By default it
>>>>>> wants
>>>>>> to use local only admin logins, but you can tell it to  
>>>>>> reference a
>>>>>> specific domain� of course having no networking this won�t  
>>>>>> work
>>>>>> (and
>>>>>> again, it wouldn�t accept my password cached on the machine).
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: Technology Discussion at UVM [mailto:IT-
>> [log in to unmask]]
>>>>>> On Behalf Of Richard Del Pizzo
>>>>>> Sent: Friday, July 31, 2009 9:09 AM
>>>>>> To: [log in to unmask]
>>>>>> Subject: Re: [Fwd: Re: Recent Windows Vista and XP freezing
>>>>>> problems]
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi Carol,
>>>>>>
>>>>>> Some of us in the Office of Sponsored Programs had this problem  
>>>>>> this
>>>>>> morning including myself.  Your instructions worked perfectly  
>>>>>> with
>>>>>> one caveat.  When I tried to boot in Safe Mode, my ID and  
>>>>>> password
>>>>>> were not accepted even though I am an administrator on my  
>>>>>> machine.
>>>>>> Luckily I knew the password for the 'Administrator' account which
>>>>>> let me in so I could uninstall ESET.  Anyone else encounter this?
>>>>>> Any thoughts if one does not know their 'Administrator' password?
>>>>>>
>>>>>>
>>>>>>
>>>>>> -- 
>>>>>> Regards,
>>>>>> Richard Del Pizzo
>>>>>> Information Technology Professional Senior
>>>>>> Office of Sponsored Programs
>>>>>> University of Vermont
>>>>>> Burlington, VT 05405
>>>>>>
>>>>>>
>>>>>> Carol Caldwell-Edmonds wrote, On 7/31/2009 8:35 AM:
>>>>>>
>>>>>> Another student tech just reported this.  It does seem to be  
>>>>>> ESET.
>>>>>> To uninstall it completely, boot to safe mode (shut down, boot,
>>>>>> press F8, go to All Programs, open the ESET folder, use the
>>>>>> Uninstall in that folder. Removing it any other way will not  
>>>>>> totally
>>>>>> uninstall all of the components in ESET and your computer will  
>>>>>> still
>>>>>> freeze.  Restart, go back to work.
>>>>>>
>>>>>> Yes, I am working without AV on my computer, but  all of my  
>>>>>> data is
>>>>>> always on network drives, so I can reimage at will. Also, I  
>>>>>> stay off
>>>>>> of AIM, and only visit known safe places online.
>>>>>>
>>>>>> If you are using a personal computer, not UVM owned, you could  
>>>>>> use
>>>>>> AVG like the student tech here reports:
>>>>>>
>>>>>> Carol
>>>>>>
>>>>>> -- 
>>>>>> Carol Caldwell-Edmonds,
>>>>>> Enterprise Technology Services: Client Services
>>>>>> Manager, UVM Computing Helpline and the Computer Depot Clinic
>>>>>> University of Vermont
>>>>>> [log in to unmask]
>>>>>> <image001.gif>
>>>>>> never take yourself TOO seriously...
>>>>>> artwork by Shannon Edmonds
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Subject:
>>>>>>
>>>>>> Re: Recent Windows Vista and XP freezing problems
>>>>>>
>>>>>> From:
>>>>>>
>>>>>> Alex McConaghy <[log in to unmask]>
>>>>>>
>>>>>> Date:
>>>>>>
>>>>>> Fri, 31 Jul 2009 08:24:11 -0400
>>>>>>
>>>>>> To:
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>> To:
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I was having the same problem all day yesterday with ESET  
>>>>>> causing my
>>>>>> system to freeze up. Removing ESET in safe mode solved the  
>>>>>> problem,
>>>>>> but when you reinstall it and get the new updates the problem  
>>>>>> starts
>>>>>> all over again. I ended up removing ESET and put AVG on my system
>>>>>> and I am back to normal without ESET. I am going to reinstall  
>>>>>> ESET
>>>>>> in a few days when hopefully they have fixed the problem.
>>>>>>
>>>>>> -Alex
>>>>>>
>>>>>>
>>>>>>
>>>>>> ____________________________
>>>>>>
>>>>>> Alex McConaghy
>>>>>>
>>>>>> University of Vermont '12
>>>>>>
>>>>>> School of Business Administration
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>> Google Voice: (215) 839-9768
>>>>>>
>>>>>> Cell: (215) 840-5065
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: Helpline Staff [mailto:[log in to unmask]] On Behalf Of
>>>>>> Carol Caldwell-Edmonds
>>>>>> Sent: Friday, July 31, 2009 8:12 AM
>>>>>> To: [log in to unmask]
>>>>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>>>>
>>>>>>
>>>>>>
>>>>>> Mine still froze after removing the update. I am now going into  
>>>>>> safe
>>>>>> mode and removing ESET.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Jul 31, 2009, at 8:09 AM, Carol Caldwell-Edmonds wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Helpline--the freezing issue was reported all evening and is  
>>>>>> back.
>>>>>> Try going into safe mode, control panel, Programs and Features,
>>>>>> click the link in the upper left for recent updates, scroll to  
>>>>>> the
>>>>>> bottom under windows updates, remove KB972260, restart, let me  
>>>>>> know
>>>>>> if it�s better.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Carol
>>>>>>
>>>>>>
>>>>>>
>>>>>> Begin forwarded message:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> From: "J. Greg Mackinnon" <[log in to unmask]>
>>>>>>
>>>>>> Date: July 30, 2009 10:36:39 PM EDT
>>>>>>
>>>>>> To: [log in to unmask]
>>>>>>
>>>>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>>>>
>>>>>> Reply-To: Technology Discussion at UVM <[log in to unmask]>
>>>>>>
>>>>>>
>>>>>>
>>>>>> So you have three computers from which you removed and  
>>>>>> reinstalled
>>>>>> NOD32, but not the KB972260 hotfix?  And these systems all
>>>>>> manifested the lockup after re-installation?  If so, that is  
>>>>>> pretty
>>>>>> strong evidence.
>>>>>>
>>>>>> If the Helpline and Client Services systems that were reported as
>>>>>> fixed this afternoon re-manifest, and removing the KB hotfix
>>>>>> stabilizes them, we will block re-installation of the KB hotfix  
>>>>>> on
>>>>>> domain-joined systems.
>>>>>>
>>>>>> We also will need to got the problem resolved at a more basic  
>>>>>> level
>>>>>> quickly.  There are expected to be more critical Internet  
>>>>>> Explorer
>>>>>> and Operating System updates next week that cannot be left
>>>>>> unpatched.  Since MS has taken to releasing IE updates as
>>>>>> "cumulative" updates (combining many previously released  
>>>>>> updates in
>>>>>> a single package), we will encounter this issue again if not
>>>>>> properly addressed.
>>>>>>
>>>>>> -Greg
>>>>>>
>>>>>> Andrew Hendrickson wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'd say that those who reported such things didn't wait long
>>>>>> enough.  In every case thus far (and I've seen three),  
>>>>>> reinstalling
>>>>>> NOD32 eventually brought about the same symptoms if the KB was  
>>>>>> left
>>>>>> in place.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Quoting "J. Greg Mackinnon" <[log in to unmask]> Thu, 30 Jul 2009:
>>>>>>
>>>>>>
>>>>>>
>>>>>>   Andrew:
>>>>>>
>>>>>>
>>>>>>
>>>>>> We have had reports that simply removing/reinstalling NOD32  
>>>>>> made the
>>>>>>
>>>>>> problem "go away", at least for the time being.  This information
>>>>>>
>>>>>> suggests that the problem is being caused by NOD32 on its own,  
>>>>>> not
>>>>>> by
>>>>>>
>>>>>> the KB hotfix list.  Did you try simply reinstalling NOD32 on  
>>>>>> any of
>>>>>>
>>>>>> the systems you visited?
>>>>>>
>>>>>>
>>>>>>
>>>>>> If KB972260 is responsible, then we can block its distribution  
>>>>>> for
>>>>>>
>>>>>> domain-joined systems.  However, this is a patch for a remote  
>>>>>> code
>>>>>>
>>>>>> execution vulnerability.  Microsoft security felt it was urgent
>>>>>>
>>>>>> enough that this patch needed to be released out-of-band (i.e.  
>>>>>> not
>>>>>> on
>>>>>>
>>>>>> "patch Tuesday").  Left unpatched, this vulnerability likely / 
>>>>>> will/
>>>>>>
>>>>>> be exploited.  Thus, I would prefer to avoid blocking this update
>>>>>>
>>>>>> until we have a bit more evidence that it is responsible for  
>>>>>> system
>>>>>>
>>>>>> lockups.
>>>>>>
>>>>>>
>>>>>>
>>>>>> -Greg
>>>>>>
>>>>>>
>>>>>>
>>>>>> Andrew Hendrickson wrote: Okay, tomorrow may just be a really  
>>>>>> really
>>>>>>
>>>>>> bad day for everyone.  Just fair warning.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I've had two reports of machines freezing up with a busy  
>>>>>> cursor, one
>>>>>>
>>>>>> Vista SP2, ESET NOD32 version 4 and one Windows XP SP2, ESET  
>>>>>> NOD32
>>>>>>
>>>>>> version 3.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On the Vista machine a "failure - security options: Login process
>>>>>> has
>>>>>>
>>>>>> failed to create the security options dialog" would appear.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On the XP machine, Windows Explorer simply freezes and no  
>>>>>> keystrokes
>>>>>>
>>>>>> get a response, including the venerable control-alt-del.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On the Vista machine I discovered that KB972260 had just been
>>>>>>
>>>>>> installed.  When I removed that KB AND removed ESET NOD32, the
>>>>>>
>>>>>> problem went away.  If I tried to run the machine after just
>>>>>> removing
>>>>>>
>>>>>> the KB, the problem remained.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I confirmed that this was also the case on the Windows XP  
>>>>>> machine as
>>>>>>
>>>>>> well.
>>>>>>
>>>>>>
>>>>>>
>>>>>> KB97260 appears to be a critical out of band update released to
>>>>>>
>>>>>> rectify some serious security flaws in Internet Explorer and is  
>>>>>> an
>>>>>>
>>>>>> update for all flavors of Windows currently supported and all
>>>>>> flavors
>>>>>>
>>>>>> of IE.
>>>>>>
>>>>>>
>>>>>>
>>>>>> And, just to set my evening to "extra crispy" when I returned  
>>>>>> to my
>>>>>>
>>>>>> office my own Vista desktop was waving it's "Failure - Security
>>>>>>
>>>>>> Options" freaky flag.  ;-)
>>>>>>
>>>>>>
>>>>>>
>>>>>> So far the only thing that appears to work is to either remove  
>>>>>> the
>>>>>> KB
>>>>>>
>>>>>> and ESET, or remove both, block the KB in Windows Update and
>>>>>>
>>>>>> reinstall ESET.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Perhaps we could block this particular KB at the update server  
>>>>>> until
>>>>>>
>>>>>> ESET gets this cleared up?
>>>>>>
>>>>>>
>>>>>>
>>>>>> I don't think that this is just a bad ESET definition file,  
>>>>>> because
>>>>>>
>>>>>> the machine runs fine with the KB removed and blocked but ESET
>>>>>>
>>>>>> installed.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Andrew Hendrickson
>>>>>>
>>>>>> CAS, IT Administrator
>>>>>>
>>>>>> UVM, College of Arts & Sciences
>>>>>>
>>>>>> 438 College Street #402
>>>>>>
>>>>>> Burlington, VT
>>>>>>
>>>>>> 05405
>>>>>>
>>>>>>
>>>>>>
>>>>>> 802-656-7971
>>>>>>
>>>>>> 802-656-4529 (fax)
>>>>>>
>>>>>>
>>>>>>
>>>>>> [log in to unmask]
>>>>>>
>>>>>>
>>>>>>
>>>>>> To submit a request for service please use:
>>>>>>
>>>>>> http://footprints.uvm.edu/ashelp.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>
>>> Andrew Hendrickson
>>> CAS, IT Administrator
>>> UVM, College of Arts & Sciences
>>> 438 College Street #402
>>> Burlington, VT
>>> 05405
>>>
>>> 802-656-7971
>>> 802-656-4529 (fax)
>>>
>>> [log in to unmask]
>>>
>>> To submit a request for service please use:
>>> http://footprints.uvm.edu/ashelp.html

Andrew Hendrickson
CAS, IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
Burlington, VT
05405

802-656-7971
802-656-4529 (fax)

[log in to unmask]

To submit a request for service please use:
http://footprints.uvm.edu/ashelp.html

Top of Message | Previous Page | Permalink

Advanced Options


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Subscribe or Unsubscribe

Subscribe or Unsubscribe


Archives

May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003, Week 1
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
February 2002
January 2002
December 2001
November 2001
October 2001
September 2001
August 2001
July 2001
June 2001
May 2001
April 2001
March 2001
February 2001
January 2001
December 2000
November 2000
October 2000
September 2000
August 2000
July 2000
June 2000
May 2000
April 2000
March 2000
February 2000
January 2000
December 1999
November 1999
October 1999
September 1999
August 1999
July 1999
June 1999
May 1999
April 1999
March 1999
February 1999
January 1999
December 1998
November 1998
October 1998
September 1998
August 1998
July 1998
June 1998
May 1998
April 1998
March 1998
February 1998
January 1998
December 1997
November 1997
October 1997
August 1997
July 1997
May 1997
April 1997
March 1997
February 1997
January 1997
December 1996
November 1996
October 1996
September 1996
August 1996
July 1996
May 1996
December 1995
November 1995
September 1995
August 1995
March 1995

ATOM RSS1 RSS2



LIST.UVM.EDU

CataList Email List Search Powered by the LISTSERV Email List Manager