Print

Print


Scott, can you elaborate on "manually updated the virus signature  
database"?  It may be the key to our mess.

On Jul 31, 2009, at 10:34 AM, Scott Danis wrote:

> While ESET was disabled, I manually updated the virus signature  
> database.  I
> then enabled virus protection.  I rebooted and everything came up  
> normally
> and am running fine.
>
>
> Microsoft Windows XP Professional (5.1.2600)
> Dell OPtiplex GX620
>
>
> On Fri, 31 Jul 2009 10:08:38 -0400, Dean Williams <[log in to unmask] 
> >
> wrote:
>
>> IT Colleagues,
>>
>> ETS is opening a support case with ESET, since the one common thread
>> with every frozen computer seems to be NOD32.  So far, it seems to be
>> true (correct me if I've got this wrong) that:
>>
>> 1. Some systems don't freeze -- not restarting them might be a wise
>> approach, at least for now
>>
>> 2. Some frozen systems are fixed by disabling NOD32, so that might
>> be a reasonable first approach
>>
>> 3. Other frozen systems are fixed by removing NOD32
>>
>> 4. Replacing a bad virus definition file may take care of it -- as
>> noted in Andrew's latest posting
>>
>> ETS will post updates here as we get better information from ESET or
>> elsewhere.  Of course, if anyone has a breakthrough, posting it on  
>> IT-
>> Discuss is the fastest way to get the information to the UVM IT
>> community for verification and application.  Already, what's been
>> posted here has narrowed down the apparent cause, and provided
>> important information for ETS to share with ESET -- thanks to all for
>> that.  Client Services has a limited number of people who can help
>> with the current labor-intensive work-around; we'll allocate those
>> folks mainly to offices and individuals who have no IT support of
>> their own, but if you are totally swamped trying to get your clients
>> back in business, please ask for help via the Help Line.
>>
>> Thank you for your collaboration in diagnosing and fixing this
>> problem, and thanks to all for their patience as a permanent solution
>> is found.
>>
>>
>> Dean Williams
>> ETS Director for Client Services
>> Enterprise Technology Services
>> [log in to unmask] | 802-656-1174
>>
>>    Check the status of UVM networks and servers
>>    any time at 656-1234.
>>
>>
>> On Jul 31, 2009, at 9:24 AM, Niggel, Patrick wrote:
>>
>>> Did you boot into safe mode with Networking?  If the computer  
>>> can�t
>>> authenticate your credentials off of the CAMPUS domain, then you
>>> won�t be able to get in.  I don�t believe safe mode uses cached
>>> credentials, from what I just tried it doesn�t.  By default it  
>>> wants
>>> to use local only admin logins, but you can tell it to reference a
>>> specific domain� of course having no networking this won�t work  
>>> (and
>>> again, it wouldn�t accept my password cached on the machine).
>>>
>>>
>>>
>>> From: Technology Discussion at UVM [mailto:[log in to unmask]]
>>> On Behalf Of Richard Del Pizzo
>>> Sent: Friday, July 31, 2009 9:09 AM
>>> To: [log in to unmask]
>>> Subject: Re: [Fwd: Re: Recent Windows Vista and XP freezing  
>>> problems]
>>>
>>>
>>>
>>> Hi Carol,
>>>
>>> Some of us in the Office of Sponsored Programs had this problem this
>>> morning including myself.  Your instructions worked perfectly with
>>> one caveat.  When I tried to boot in Safe Mode, my ID and password
>>> were not accepted even though I am an administrator on my machine.
>>> Luckily I knew the password for the 'Administrator' account which
>>> let me in so I could uninstall ESET.  Anyone else encounter this?
>>> Any thoughts if one does not know their 'Administrator' password?
>>>
>>>
>>>
>>> -- 
>>> Regards,
>>> Richard Del Pizzo
>>> Information Technology Professional Senior
>>> Office of Sponsored Programs
>>> University of Vermont
>>> Burlington, VT 05405
>>>
>>>
>>> Carol Caldwell-Edmonds wrote, On 7/31/2009 8:35 AM:
>>>
>>> Another student tech just reported this.  It does seem to be ESET.
>>> To uninstall it completely, boot to safe mode (shut down, boot,
>>> press F8, go to All Programs, open the ESET folder, use the
>>> Uninstall in that folder. Removing it any other way will not totally
>>> uninstall all of the components in ESET and your computer will still
>>> freeze.  Restart, go back to work.
>>>
>>> Yes, I am working without AV on my computer, but  all of my data is
>>> always on network drives, so I can reimage at will. Also, I stay off
>>> of AIM, and only visit known safe places online.
>>>
>>> If you are using a personal computer, not UVM owned, you could use
>>> AVG like the student tech here reports:
>>>
>>> Carol
>>>
>>> -- 
>>> Carol Caldwell-Edmonds,
>>> Enterprise Technology Services: Client Services
>>> Manager, UVM Computing Helpline and the Computer Depot Clinic
>>> University of Vermont
>>> [log in to unmask]
>>> <image001.gif>
>>> never take yourself TOO seriously...
>>> artwork by Shannon Edmonds
>>>
>>>
>>>
>>>
>>>
>>> Subject:
>>>
>>> Re: Recent Windows Vista and XP freezing problems
>>>
>>> From:
>>>
>>> Alex McConaghy <[log in to unmask]>
>>>
>>> Date:
>>>
>>> Fri, 31 Jul 2009 08:24:11 -0400
>>>
>>> To:
>>>
>>> [log in to unmask]
>>>
>>> To:
>>>
>>> [log in to unmask]
>>>
>>>
>>>
>>>
>>> I was having the same problem all day yesterday with ESET causing my
>>> system to freeze up. Removing ESET in safe mode solved the problem,
>>> but when you reinstall it and get the new updates the problem starts
>>> all over again. I ended up removing ESET and put AVG on my system
>>> and I am back to normal without ESET. I am going to reinstall ESET
>>> in a few days when hopefully they have fixed the problem.
>>>
>>> -Alex
>>>
>>>
>>>
>>> ____________________________
>>>
>>> Alex McConaghy
>>>
>>> University of Vermont '12
>>>
>>> School of Business Administration
>>>
>>> [log in to unmask]
>>>
>>> Google Voice: (215) 839-9768
>>>
>>> Cell: (215) 840-5065
>>>
>>>
>>>
>>> From: Helpline Staff [mailto:[log in to unmask]] On Behalf Of
>>> Carol Caldwell-Edmonds
>>> Sent: Friday, July 31, 2009 8:12 AM
>>> To: [log in to unmask]
>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>
>>>
>>>
>>> Mine still froze after removing the update. I am now going into safe
>>> mode and removing ESET.
>>>
>>>
>>>
>>> On Jul 31, 2009, at 8:09 AM, Carol Caldwell-Edmonds wrote:
>>>
>>>
>>>
>>>
>>>
>>> Helpline--the freezing issue was reported all evening and is back.
>>> Try going into safe mode, control panel, Programs and Features,
>>> click the link in the upper left for recent updates, scroll to the
>>> bottom under windows updates, remove KB972260, restart, let me know
>>> if it�s better.
>>>
>>>
>>>
>>> Carol
>>>
>>>
>>>
>>> Begin forwarded message:
>>>
>>>
>>>
>>>
>>>
>>> From: "J. Greg Mackinnon" <[log in to unmask]>
>>>
>>> Date: July 30, 2009 10:36:39 PM EDT
>>>
>>> To: [log in to unmask]
>>>
>>> Subject: Re: Recent Windows Vista and XP freezing problems
>>>
>>> Reply-To: Technology Discussion at UVM <[log in to unmask]>
>>>
>>>
>>>
>>> So you have three computers from which you removed and reinstalled
>>> NOD32, but not the KB972260 hotfix?  And these systems all
>>> manifested the lockup after re-installation?  If so, that is pretty
>>> strong evidence.
>>>
>>> If the Helpline and Client Services systems that were reported as
>>> fixed this afternoon re-manifest, and removing the KB hotfix
>>> stabilizes them, we will block re-installation of the KB hotfix on
>>> domain-joined systems.
>>>
>>> We also will need to got the problem resolved at a more basic level
>>> quickly.  There are expected to be more critical Internet Explorer
>>> and Operating System updates next week that cannot be left
>>> unpatched.  Since MS has taken to releasing IE updates as
>>> "cumulative" updates (combining many previously released updates in
>>> a single package), we will encounter this issue again if not
>>> properly addressed.
>>>
>>> -Greg
>>>
>>> Andrew Hendrickson wrote:
>>>
>>>
>>>
>>> I'd say that those who reported such things didn't wait long
>>> enough.  In every case thus far (and I've seen three), reinstalling
>>> NOD32 eventually brought about the same symptoms if the KB was left
>>> in place.
>>>
>>>
>>>
>>>
>>>
>>> Quoting "J. Greg Mackinnon" <[log in to unmask]> Thu, 30 Jul 2009:
>>>
>>>
>>>
>>>     Andrew:
>>>
>>>
>>>
>>> We have had reports that simply removing/reinstalling NOD32 made the
>>>
>>> problem "go away", at least for the time being.  This information
>>>
>>> suggests that the problem is being caused by NOD32 on its own, not  
>>> by
>>>
>>> the KB hotfix list.  Did you try simply reinstalling NOD32 on any of
>>>
>>> the systems you visited?
>>>
>>>
>>>
>>> If KB972260 is responsible, then we can block its distribution for
>>>
>>> domain-joined systems.  However, this is a patch for a remote code
>>>
>>> execution vulnerability.  Microsoft security felt it was urgent
>>>
>>> enough that this patch needed to be released out-of-band (i.e. not  
>>> on
>>>
>>> "patch Tuesday").  Left unpatched, this vulnerability likely /will/
>>>
>>> be exploited.  Thus, I would prefer to avoid blocking this update
>>>
>>> until we have a bit more evidence that it is responsible for system
>>>
>>> lockups.
>>>
>>>
>>>
>>> -Greg
>>>
>>>
>>>
>>> Andrew Hendrickson wrote: Okay, tomorrow may just be a really really
>>>
>>> bad day for everyone.  Just fair warning.
>>>
>>>
>>>
>>> I've had two reports of machines freezing up with a busy cursor, one
>>>
>>> Vista SP2, ESET NOD32 version 4 and one Windows XP SP2, ESET NOD32
>>>
>>> version 3.
>>>
>>>
>>>
>>> On the Vista machine a "failure - security options: Login process  
>>> has
>>>
>>> failed to create the security options dialog" would appear.
>>>
>>>
>>>
>>> On the XP machine, Windows Explorer simply freezes and no keystrokes
>>>
>>> get a response, including the venerable control-alt-del.
>>>
>>>
>>>
>>> On the Vista machine I discovered that KB972260 had just been
>>>
>>> installed.  When I removed that KB AND removed ESET NOD32, the
>>>
>>> problem went away.  If I tried to run the machine after just  
>>> removing
>>>
>>> the KB, the problem remained.
>>>
>>>
>>>
>>> I confirmed that this was also the case on the Windows XP machine as
>>>
>>> well.
>>>
>>>
>>>
>>> KB97260 appears to be a critical out of band update released to
>>>
>>> rectify some serious security flaws in Internet Explorer and is an
>>>
>>> update for all flavors of Windows currently supported and all  
>>> flavors
>>>
>>> of IE.
>>>
>>>
>>>
>>> And, just to set my evening to "extra crispy" when I returned to my
>>>
>>> office my own Vista desktop was waving it's "Failure - Security
>>>
>>> Options" freaky flag.  ;-)
>>>
>>>
>>>
>>> So far the only thing that appears to work is to either remove the  
>>> KB
>>>
>>> and ESET, or remove both, block the KB in Windows Update and
>>>
>>> reinstall ESET.
>>>
>>>
>>>
>>> Perhaps we could block this particular KB at the update server until
>>>
>>> ESET gets this cleared up?
>>>
>>>
>>>
>>> I don't think that this is just a bad ESET definition file, because
>>>
>>> the machine runs fine with the KB removed and blocked but ESET
>>>
>>> installed.
>>>
>>>
>>>
>>> Andrew Hendrickson
>>>
>>> CAS, IT Administrator
>>>
>>> UVM, College of Arts & Sciences
>>>
>>> 438 College Street #402
>>>
>>> Burlington, VT
>>>
>>> 05405
>>>
>>>
>>>
>>> 802-656-7971
>>>
>>> 802-656-4529 (fax)
>>>
>>>
>>>
>>> [log in to unmask]
>>>
>>>
>>>
>>> To submit a request for service please use:
>>>
>>> http://footprints.uvm.edu/ashelp.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>

Andrew Hendrickson
CAS, IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
Burlington, VT
05405

802-656-7971
802-656-4529 (fax)

[log in to unmask]

To submit a request for service please use:
http://footprints.uvm.edu/ashelp.html