My turn.  I've been dealing with this with my users all morning. 

I had a handful of probably 8 or so users who had the complete freeze-up issue. Five or so XPSP3 machines, and three Vista SP2 machines.  With the XP computers, an uninstallation of NOD32 (I had versions all over the place from 3 to all builds of 4) and reinstalling the .424 build worked.  Pretty much uninstalling the client and installing the version which had the April definition in it gave me enough time to update to the 20090731 def file.  ALL XP machines after they successfully were running the newest def have been running with absolutely no problems.

The Vista machines are all a different story.  I have 1 Vista x64 and 2 Vista 32bit machines.  Doing the above on the Vista computers DOES NOT fix the issues.  I can successfully get the newest build of NOD32 installed, I can successfully get the newest definition file installed.. and then the computer will run OK for anywhere from 5 to 25 minutes.  Then it freezes completely back up again.  This happens with both 32 and 64 bit versions of the client.

I cannot help to think that the issue we're experiencing is nothing that I have any power to solve.  That the only thing I can think of to do next is sit around and hurry up and wait for the issue to resolve itself on the NOD32 end....

Yeah, happy SysAdminDay to me.

Dean Williams wrote:
[log in to unmask]" type="cite">ETS has opened a case with ESET, but while we're waiting for their help, there appears to be some hope with new virus definitions.  We're trying to verify that success with several systems now.

-Dean W.



On Jul 31, 2009, at 10:55 AM, Scott Danis wrote:

I double-clicked on the red eye to open the ESET dialogue window.  Clicked on
Update, then clicked on Update Virus Signature database.  After it loaded, I
turned protection back on.  That in itself worked, but I rebooted just for fun.
The version that seems to work is 4294 (20090731).


On Fri, 31 Jul 2009 10:50:13 -0400, Andrew Hendrickson
<[log in to unmask]> wrote:

Scott, can you elaborate on "manually updated the virus signature
database"?  It may be the key to our mess.

On Jul 31, 2009, at 10:34 AM, Scott Danis wrote:

While ESET was disabled, I manually updated the virus signature
database.  I
then enabled virus protection.  I rebooted and everything came up
normally
and am running fine.


Microsoft Windows XP Professional (5.1.2600)
Dell OPtiplex GX620


On Fri, 31 Jul 2009 10:08:38 -0400, Dean Williams
<[log in to unmask]

wrote:

IT Colleagues,

ETS is opening a support case with ESET, since the one common thread
with every frozen computer seems to be NOD32.  So far, it seems to be
true (correct me if I've got this wrong) that:

1. Some systems don't freeze -- not restarting them might be a wise
approach, at least for now

2. Some frozen systems are fixed by disabling NOD32, so that might
be a reasonable first approach

3. Other frozen systems are fixed by removing NOD32

4. Replacing a bad virus definition file may take care of it -- as
noted in Andrew's latest posting

ETS will post updates here as we get better information from ESET or
elsewhere.  Of course, if anyone has a breakthrough, posting it on
IT-
Discuss is the fastest way to get the information to the UVM IT
community for verification and application.  Already, what's been
posted here has narrowed down the apparent cause, and provided
important information for ETS to share with ESET -- thanks to all for
that.  Client Services has a limited number of people who can help
with the current labor-intensive work-around; we'll allocate those
folks mainly to offices and individuals who have no IT support of
their own, but if you are totally swamped trying to get your clients
back in business, please ask for help via the Help Line.

Thank you for your collaboration in diagnosing and fixing this
problem, and thanks to all for their patience as a permanent solution
is found.


Dean Williams
ETS Director for Client Services
Enterprise Technology Services
[log in to unmask] | 802-656-1174

  Check the status of UVM networks and servers
  any time at 656-1234.


On Jul 31, 2009, at 9:24 AM, Niggel, Patrick wrote:

Did you boot into safe mode with Networking?  If the computer
can�t
authenticate your credentials off of the CAMPUS domain, then you
won�t be able to get in.  I don�t believe safe mode uses cached
credentials, from what I just tried it doesn�t.  By default it
wants
to use local only admin logins, but you can tell it to reference a
specific domain� of course having no networking this won�t work
(and
again, it wouldn�t accept my password cached on the machine).



From: Technology Discussion at UVM [mailto:IT-
[log in to unmask]]
On Behalf Of Richard Del Pizzo
Sent: Friday, July 31, 2009 9:09 AM
To: [log in to unmask]
Subject: Re: [Fwd: Re: Recent Windows Vista and XP freezing
problems]



Hi Carol,

Some of us in the Office of Sponsored Programs had this problem this
morning including myself.  Your instructions worked perfectly with
one caveat.  When I tried to boot in Safe Mode, my ID and password
were not accepted even though I am an administrator on my machine.
Luckily I knew the password for the 'Administrator' account which
let me in so I could uninstall ESET.  Anyone else encounter this?
Any thoughts if one does not know their 'Administrator' password?



-- 
Regards,
Richard Del Pizzo
Information Technology Professional Senior
Office of Sponsored Programs
University of Vermont
Burlington, VT 05405


Carol Caldwell-Edmonds wrote, On 7/31/2009 8:35 AM:

Another student tech just reported this.  It does seem to be ESET.
To uninstall it completely, boot to safe mode (shut down, boot,
press F8, go to All Programs, open the ESET folder, use the
Uninstall in that folder. Removing it any other way will not totally
uninstall all of the components in ESET and your computer will still
freeze.  Restart, go back to work.

Yes, I am working without AV on my computer, but  all of my data is
always on network drives, so I can reimage at will. Also, I stay off
of AIM, and only visit known safe places online.

If you are using a personal computer, not UVM owned, you could use
AVG like the student tech here reports:

Carol

-- 
Carol Caldwell-Edmonds,
Enterprise Technology Services: Client Services
Manager, UVM Computing Helpline and the Computer Depot Clinic
University of Vermont
[log in to unmask]
<image001.gif>
never take yourself TOO seriously...
artwork by Shannon Edmonds





Subject:

Re: Recent Windows Vista and XP freezing problems

From:

Alex McConaghy <[log in to unmask]>

Date:

Fri, 31 Jul 2009 08:24:11 -0400

To:

[log in to unmask]

To:

[log in to unmask]




I was having the same problem all day yesterday with ESET causing my
system to freeze up. Removing ESET in safe mode solved the problem,
but when you reinstall it and get the new updates the problem starts
all over again. I ended up removing ESET and put AVG on my system
and I am back to normal without ESET. I am going to reinstall ESET
in a few days when hopefully they have fixed the problem.

-Alex



____________________________

Alex McConaghy

University of Vermont '12

School of Business Administration

[log in to unmask]

Google Voice: (215) 839-9768

Cell: (215) 840-5065



From: Helpline Staff [mailto:[log in to unmask]] On Behalf Of
Carol Caldwell-Edmonds
Sent: Friday, July 31, 2009 8:12 AM
To: [log in to unmask]
Subject: Re: Recent Windows Vista and XP freezing problems



Mine still froze after removing the update. I am now going into safe
mode and removing ESET.



On Jul 31, 2009, at 8:09 AM, Carol Caldwell-Edmonds wrote:





Helpline--the freezing issue was reported all evening and is back.
Try going into safe mode, control panel, Programs and Features,
click the link in the upper left for recent updates, scroll to the
bottom under windows updates, remove KB972260, restart, let me know
if it�s better.



Carol



Begin forwarded message:





From: "J. Greg Mackinnon" <[log in to unmask]>

Date: July 30, 2009 10:36:39 PM EDT

To: [log in to unmask]

Subject: Re: Recent Windows Vista and XP freezing problems

Reply-To: Technology Discussion at UVM <[log in to unmask]>



So you have three computers from which you removed and reinstalled
NOD32, but not the KB972260 hotfix?  And these systems all
manifested the lockup after re-installation?  If so, that is pretty
strong evidence.

If the Helpline and Client Services systems that were reported as
fixed this afternoon re-manifest, and removing the KB hotfix
stabilizes them, we will block re-installation of the KB hotfix on
domain-joined systems.

We also will need to got the problem resolved at a more basic level
quickly.  There are expected to be more critical Internet Explorer
and Operating System updates next week that cannot be left
unpatched.  Since MS has taken to releasing IE updates as
"cumulative" updates (combining many previously released updates in
a single package), we will encounter this issue again if not
properly addressed.

-Greg

Andrew Hendrickson wrote:



I'd say that those who reported such things didn't wait long
enough.  In every case thus far (and I've seen three), reinstalling
NOD32 eventually brought about the same symptoms if the KB was left
in place.





Quoting "J. Greg Mackinnon" <[log in to unmask]> Thu, 30 Jul 2009:



   Andrew:



We have had reports that simply removing/reinstalling NOD32 made the

problem "go away", at least for the time being.  This information

suggests that the problem is being caused by NOD32 on its own, not
by

the KB hotfix list.  Did you try simply reinstalling NOD32 on any of

the systems you visited?



If KB972260 is responsible, then we can block its distribution for

domain-joined systems.  However, this is a patch for a remote code

execution vulnerability.  Microsoft security felt it was urgent

enough that this patch needed to be released out-of-band (i.e. not
on

"patch Tuesday").  Left unpatched, this vulnerability likely /will/

be exploited.  Thus, I would prefer to avoid blocking this update

until we have a bit more evidence that it is responsible for system

lockups.



-Greg



Andrew Hendrickson wrote: Okay, tomorrow may just be a really really

bad day for everyone.  Just fair warning.



I've had two reports of machines freezing up with a busy cursor, one

Vista SP2, ESET NOD32 version 4 and one Windows XP SP2, ESET NOD32

version 3.



On the Vista machine a "failure - security options: Login process
has

failed to create the security options dialog" would appear.



On the XP machine, Windows Explorer simply freezes and no keystrokes

get a response, including the venerable control-alt-del.



On the Vista machine I discovered that KB972260 had just been

installed.  When I removed that KB AND removed ESET NOD32, the

problem went away.  If I tried to run the machine after just
removing

the KB, the problem remained.



I confirmed that this was also the case on the Windows XP machine as

well.



KB97260 appears to be a critical out of band update released to

rectify some serious security flaws in Internet Explorer and is an

update for all flavors of Windows currently supported and all
flavors

of IE.



And, just to set my evening to "extra crispy" when I returned to my

office my own Vista desktop was waving it's "Failure - Security

Options" freaky flag.  ;-)



So far the only thing that appears to work is to either remove the
KB

and ESET, or remove both, block the KB in Windows Update and

reinstall ESET.



Perhaps we could block this particular KB at the update server until

ESET gets this cleared up?



I don't think that this is just a bad ESET definition file, because

the machine runs fine with the KB removed and blocked but ESET

installed.



Andrew Hendrickson

CAS, IT Administrator

UVM, College of Arts & Sciences

438 College Street #402

Burlington, VT

05405



802-656-7971

802-656-4529 (fax)



[log in to unmask]



To submit a request for service please use:

http://footprints.uvm.edu/ashelp.html





















Andrew Hendrickson
CAS, IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
Burlington, VT
05405

802-656-7971
802-656-4529 (fax)

[log in to unmask]

To submit a request for service please use:
http://footprints.uvm.edu/ashelp.html

--

Mickey Mossey

System Administrator / Programmer

University of Vermont

Development and Alumni Relations Information Systems

Personal Line: 802-656-4133 DARIS Main Line: 802-656-8310

 

UVM's Alumni Website:      http://alumni.uvm.edu/