Print

Print


machine hung at 11:25 after 25 minutes of running ok.

Roger Bombardier Jr. wrote:
> test results so far Windows 7:
> 
> Came in to my office at 10:40 to find my Windows 7 system (dell optiplex 
> gx620) locked up, cpu fan running loudly, unusable.
> 
> The problem happened between 10am (machine had been turned off since 
> yesterday at about 4pm) or so when the system was turned on and 10:40
> 
> Booted to safe mode and removed ESET per instructions and rebooted.
> 
> As a test I installed ESET again (installer from UVM Software site) at 
> 11:00am, so far so good.
> 
> -R
> 
> Dean Williams wrote:
>> ETS has opened a case with ESET, but while we're waiting for their 
>> help, there appears to be some hope with new virus definitions.  We're 
>> trying to verify that success with several systems now.
>>
>> -Dean W.
>>
>>
>>
>> On Jul 31, 2009, at 10:55 AM, Scott Danis wrote:
>>
>>> I double-clicked on the red eye to open the ESET dialogue window.  
>>> Clicked on
>>> Update, then clicked on Update Virus Signature database.  After it 
>>> loaded, I
>>> turned protection back on.  That in itself worked, but I rebooted 
>>> just for fun.
>>> The version that seems to work is 4294 (20090731).
>>>
>>>
>>> On Fri, 31 Jul 2009 10:50:13 -0400, Andrew Hendrickson
>>> <[log in to unmask]> wrote:
>>>
>>>> Scott, can you elaborate on "manually updated the virus signature
>>>> database"?  It may be the key to our mess.
>>>>
>>>> On Jul 31, 2009, at 10:34 AM, Scott Danis wrote:
>>>>
>>>>> While ESET was disabled, I manually updated the virus signature
>>>>> database.  I
>>>>> then enabled virus protection.  I rebooted and everything came up
>>>>> normally
>>>>> and am running fine.
>>>>>
>>>>>
>>>>> Microsoft Windows XP Professional (5.1.2600)
>>>>> Dell OPtiplex GX620
>>>>>
>>>>>
>>>>> On Fri, 31 Jul 2009 10:08:38 -0400, Dean Williams
>>> <[log in to unmask]
>>>>>>
>>>>> wrote:
>>>>>
>>>>>> IT Colleagues,
>>>>>>
>>>>>> ETS is opening a support case with ESET, since the one common thread
>>>>>> with every frozen computer seems to be NOD32.  So far, it seems to be
>>>>>> true (correct me if I've got this wrong) that:
>>>>>>
>>>>>> 1. Some systems don't freeze -- not restarting them might be a wise
>>>>>> approach, at least for now
>>>>>>
>>>>>> 2. Some frozen systems are fixed by disabling NOD32, so that might
>>>>>> be a reasonable first approach
>>>>>>
>>>>>> 3. Other frozen systems are fixed by removing NOD32
>>>>>>
>>>>>> 4. Replacing a bad virus definition file may take care of it -- as
>>>>>> noted in Andrew's latest posting
>>>>>>
>>>>>> ETS will post updates here as we get better information from ESET or
>>>>>> elsewhere.  Of course, if anyone has a breakthrough, posting it on
>>>>>> IT-
>>>>>> Discuss is the fastest way to get the information to the UVM IT
>>>>>> community for verification and application.  Already, what's been
>>>>>> posted here has narrowed down the apparent cause, and provided
>>>>>> important information for ETS to share with ESET -- thanks to all for
>>>>>> that.  Client Services has a limited number of people who can help
>>>>>> with the current labor-intensive work-around; we'll allocate those
>>>>>> folks mainly to offices and individuals who have no IT support of
>>>>>> their own, but if you are totally swamped trying to get your clients
>>>>>> back in business, please ask for help via the Help Line.
>>>>>>
>>>>>> Thank you for your collaboration in diagnosing and fixing this
>>>>>> problem, and thanks to all for their patience as a permanent solution
>>>>>> is found.
>>>>>>
>>>>>>
>>>>>> Dean Williams
>>>>>> ETS Director for Client Services
>>>>>> Enterprise Technology Services
>>>>>> [log in to unmask] | 802-656-1174
>>>>>>
>>>>>>   Check the status of UVM networks and servers
>>>>>>   any time at 656-1234.
>>>>>>
>>>>>>
>>>>>> On Jul 31, 2009, at 9:24 AM, Niggel, Patrick wrote:
>>>>>>
>>>>>>> Did you boot into safe mode with Networking?  If the computer
>>>>>>> can�t
>>>>>>> authenticate your credentials off of the CAMPUS domain, then you
>>>>>>> won�t be able to get in.  I don�t believe safe mode uses cached
>>>>>>> credentials, from what I just tried it doesn�t.  By default it
>>>>>>> wants
>>>>>>> to use local only admin logins, but you can tell it to reference a
>>>>>>> specific domain� of course having no networking this won�t work
>>>>>>> (and
>>>>>>> again, it wouldn�t accept my password cached on the machine).
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> From: Technology Discussion at UVM [mailto:IT-
>>> [log in to unmask]]
>>>>>>> On Behalf Of Richard Del Pizzo
>>>>>>> Sent: Friday, July 31, 2009 9:09 AM
>>>>>>> To: [log in to unmask]
>>>>>>> Subject: Re: [Fwd: Re: Recent Windows Vista and XP freezing
>>>>>>> problems]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi Carol,
>>>>>>>
>>>>>>> Some of us in the Office of Sponsored Programs had this problem this
>>>>>>> morning including myself.  Your instructions worked perfectly with
>>>>>>> one caveat.  When I tried to boot in Safe Mode, my ID and password
>>>>>>> were not accepted even though I am an administrator on my machine.
>>>>>>> Luckily I knew the password for the 'Administrator' account which
>>>>>>> let me in so I could uninstall ESET.  Anyone else encounter this?
>>>>>>> Any thoughts if one does not know their 'Administrator' password?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -- 
>>>>>>> Regards,
>>>>>>> Richard Del Pizzo
>>>>>>> Information Technology Professional Senior
>>>>>>> Office of Sponsored Programs
>>>>>>> University of Vermont
>>>>>>> Burlington, VT 05405
>>>>>>>
>>>>>>>
>>>>>>> Carol Caldwell-Edmonds wrote, On 7/31/2009 8:35 AM:
>>>>>>>
>>>>>>> Another student tech just reported this.  It does seem to be ESET.
>>>>>>> To uninstall it completely, boot to safe mode (shut down, boot,
>>>>>>> press F8, go to All Programs, open the ESET folder, use the
>>>>>>> Uninstall in that folder. Removing it any other way will not totally
>>>>>>> uninstall all of the components in ESET and your computer will still
>>>>>>> freeze.  Restart, go back to work.
>>>>>>>
>>>>>>> Yes, I am working without AV on my computer, but  all of my data is
>>>>>>> always on network drives, so I can reimage at will. Also, I stay off
>>>>>>> of AIM, and only visit known safe places online.
>>>>>>>
>>>>>>> If you are using a personal computer, not UVM owned, you could use
>>>>>>> AVG like the student tech here reports:
>>>>>>>
>>>>>>> Carol
>>>>>>>
>>>>>>> -- 
>>>>>>> Carol Caldwell-Edmonds,
>>>>>>> Enterprise Technology Services: Client Services
>>>>>>> Manager, UVM Computing Helpline and the Computer Depot Clinic
>>>>>>> University of Vermont
>>>>>>> [log in to unmask]
>>>>>>> <image001.gif>
>>>>>>> never take yourself TOO seriously...
>>>>>>> artwork by Shannon Edmonds
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Subject:
>>>>>>>
>>>>>>> Re: Recent Windows Vista and XP freezing problems
>>>>>>>
>>>>>>> From:
>>>>>>>
>>>>>>> Alex McConaghy <[log in to unmask]>
>>>>>>>
>>>>>>> Date:
>>>>>>>
>>>>>>> Fri, 31 Jul 2009 08:24:11 -0400
>>>>>>>
>>>>>>> To:
>>>>>>>
>>>>>>> [log in to unmask]
>>>>>>>
>>>>>>> To:
>>>>>>>
>>>>>>> [log in to unmask]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I was having the same problem all day yesterday with ESET causing my
>>>>>>> system to freeze up. Removing ESET in safe mode solved the problem,
>>>>>>> but when you reinstall it and get the new updates the problem starts
>>>>>>> all over again. I ended up removing ESET and put AVG on my system
>>>>>>> and I am back to normal without ESET. I am going to reinstall ESET
>>>>>>> in a few days when hopefully they have fixed the problem.
>>>>>>>
>>>>>>> -Alex
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ____________________________
>>>>>>>
>>>>>>> Alex McConaghy
>>>>>>>
>>>>>>> University of Vermont '12
>>>>>>>
>>>>>>> School of Business Administration
>>>>>>>
>>>>>>> [log in to unmask]
>>>>>>>
>>>>>>> Google Voice: (215) 839-9768
>>>>>>>
>>>>>>> Cell: (215) 840-5065
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> From: Helpline Staff [mailto:[log in to unmask]] On Behalf Of
>>>>>>> Carol Caldwell-Edmonds
>>>>>>> Sent: Friday, July 31, 2009 8:12 AM
>>>>>>> To: [log in to unmask]
>>>>>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Mine still froze after removing the update. I am now going into safe
>>>>>>> mode and removing ESET.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Jul 31, 2009, at 8:09 AM, Carol Caldwell-Edmonds wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Helpline--the freezing issue was reported all evening and is back.
>>>>>>> Try going into safe mode, control panel, Programs and Features,
>>>>>>> click the link in the upper left for recent updates, scroll to the
>>>>>>> bottom under windows updates, remove KB972260, restart, let me know
>>>>>>> if it�s better.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Carol
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Begin forwarded message:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> From: "J. Greg Mackinnon" <[log in to unmask]>
>>>>>>>
>>>>>>> Date: July 30, 2009 10:36:39 PM EDT
>>>>>>>
>>>>>>> To: [log in to unmask]
>>>>>>>
>>>>>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>>>>>
>>>>>>> Reply-To: Technology Discussion at UVM <[log in to unmask]>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> So you have three computers from which you removed and reinstalled
>>>>>>> NOD32, but not the KB972260 hotfix?  And these systems all
>>>>>>> manifested the lockup after re-installation?  If so, that is pretty
>>>>>>> strong evidence.
>>>>>>>
>>>>>>> If the Helpline and Client Services systems that were reported as
>>>>>>> fixed this afternoon re-manifest, and removing the KB hotfix
>>>>>>> stabilizes them, we will block re-installation of the KB hotfix on
>>>>>>> domain-joined systems.
>>>>>>>
>>>>>>> We also will need to got the problem resolved at a more basic level
>>>>>>> quickly.  There are expected to be more critical Internet Explorer
>>>>>>> and Operating System updates next week that cannot be left
>>>>>>> unpatched.  Since MS has taken to releasing IE updates as
>>>>>>> "cumulative" updates (combining many previously released updates in
>>>>>>> a single package), we will encounter this issue again if not
>>>>>>> properly addressed.
>>>>>>>
>>>>>>> -Greg
>>>>>>>
>>>>>>> Andrew Hendrickson wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I'd say that those who reported such things didn't wait long
>>>>>>> enough.  In every case thus far (and I've seen three), reinstalling
>>>>>>> NOD32 eventually brought about the same symptoms if the KB was left
>>>>>>> in place.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Quoting "J. Greg Mackinnon" <[log in to unmask]> Thu, 30 Jul 2009:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>    Andrew:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> We have had reports that simply removing/reinstalling NOD32 made the
>>>>>>>
>>>>>>> problem "go away", at least for the time being.  This information
>>>>>>>
>>>>>>> suggests that the problem is being caused by NOD32 on its own, not
>>>>>>> by
>>>>>>>
>>>>>>> the KB hotfix list.  Did you try simply reinstalling NOD32 on any of
>>>>>>>
>>>>>>> the systems you visited?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> If KB972260 is responsible, then we can block its distribution for
>>>>>>>
>>>>>>> domain-joined systems.  However, this is a patch for a remote code
>>>>>>>
>>>>>>> execution vulnerability.  Microsoft security felt it was urgent
>>>>>>>
>>>>>>> enough that this patch needed to be released out-of-band (i.e. not
>>>>>>> on
>>>>>>>
>>>>>>> "patch Tuesday").  Left unpatched, this vulnerability likely /will/
>>>>>>>
>>>>>>> be exploited.  Thus, I would prefer to avoid blocking this update
>>>>>>>
>>>>>>> until we have a bit more evidence that it is responsible for system
>>>>>>>
>>>>>>> lockups.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> -Greg
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Andrew Hendrickson wrote: Okay, tomorrow may just be a really really
>>>>>>>
>>>>>>> bad day for everyone.  Just fair warning.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I've had two reports of machines freezing up with a busy cursor, one
>>>>>>>
>>>>>>> Vista SP2, ESET NOD32 version 4 and one Windows XP SP2, ESET NOD32
>>>>>>>
>>>>>>> version 3.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On the Vista machine a "failure - security options: Login process
>>>>>>> has
>>>>>>>
>>>>>>> failed to create the security options dialog" would appear.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On the XP machine, Windows Explorer simply freezes and no keystrokes
>>>>>>>
>>>>>>> get a response, including the venerable control-alt-del.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On the Vista machine I discovered that KB972260 had just been
>>>>>>>
>>>>>>> installed.  When I removed that KB AND removed ESET NOD32, the
>>>>>>>
>>>>>>> problem went away.  If I tried to run the machine after just
>>>>>>> removing
>>>>>>>
>>>>>>> the KB, the problem remained.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I confirmed that this was also the case on the Windows XP machine as
>>>>>>>
>>>>>>> well.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> KB97260 appears to be a critical out of band update released to
>>>>>>>
>>>>>>> rectify some serious security flaws in Internet Explorer and is an
>>>>>>>
>>>>>>> update for all flavors of Windows currently supported and all
>>>>>>> flavors
>>>>>>>
>>>>>>> of IE.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> And, just to set my evening to "extra crispy" when I returned to my
>>>>>>>
>>>>>>> office my own Vista desktop was waving it's "Failure - Security
>>>>>>>
>>>>>>> Options" freaky flag.  ;-)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> So far the only thing that appears to work is to either remove the
>>>>>>> KB
>>>>>>>
>>>>>>> and ESET, or remove both, block the KB in Windows Update and
>>>>>>>
>>>>>>> reinstall ESET.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Perhaps we could block this particular KB at the update server until
>>>>>>>
>>>>>>> ESET gets this cleared up?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I don't think that this is just a bad ESET definition file, because
>>>>>>>
>>>>>>> the machine runs fine with the KB removed and blocked but ESET
>>>>>>>
>>>>>>> installed.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Andrew Hendrickson
>>>>>>>
>>>>>>> CAS, IT Administrator
>>>>>>>
>>>>>>> UVM, College of Arts & Sciences
>>>>>>>
>>>>>>> 438 College Street #402
>>>>>>>
>>>>>>> Burlington, VT
>>>>>>>
>>>>>>> 05405
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> 802-656-7971
>>>>>>>
>>>>>>> 802-656-4529 (fax)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> [log in to unmask]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> To submit a request for service please use:
>>>>>>>
>>>>>>> http://footprints.uvm.edu/ashelp.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>
>>>> Andrew Hendrickson
>>>> CAS, IT Administrator
>>>> UVM, College of Arts & Sciences
>>>> 438 College Street #402
>>>> Burlington, VT
>>>> 05405
>>>>
>>>> 802-656-7971
>>>> 802-656-4529 (fax)
>>>>
>>>> [log in to unmask]
>>>>
>>>> To submit a request for service please use:
>>>> http://footprints.uvm.edu/ashelp.html
> 

-- 
Roger Bombardier Jr.
Enterprise Information Technology Professional
University of Vermont – ETS – Client Services
[log in to unmask]
Office (802) 656-7744
For pressing issues: Cell (802) 922-0444
Hours: 08:00 – 16:30 M-F

"In times of universal deceit, telling the truth will be a revolutionary 
act." -George Orwell