Hello,

I've installed a trial of NOD32 Home Edition 32Bit v3.0.621 (on a fresh XP Home SP2). When I boot the PC and the desktop appears, several processes load into systemtray (bottom-right of the screen). Then the hdd-indicator led stops blinking and Windows is finished with startup, only NOD32 still has to startup yet. After about 2-3 minutes, the hdd-indicator led starts blinking again and now NOD32 is loaded. During this 2-3 minutes it's impossible to run Internet Explorer for example. Has someone experienced this too? :-\

There has been several posts about this problem. Hopefully ESET is trying to do something about it.

Try disabling 'Automatic update after user logon' in NOD's scheduler settings (Tools>Scheduler. If you can't see an option for that, switch the interface to advanced mode by clicking on 'Display: Standard mode' in the bottom left-hand corner of the NOD window, and select 'Toggle advanced mode').

I did that> But it still updates and still hangs the boot.

Strange. I haven't experienced any delays since installing the first ESS beta many, many moons ago. I wonder if it's conflicting with another security product at startup - are you guys running anything else, or just EAV/ESS?

Good day,

I posted something like this in the ESS forum. Unlike yours, mine was able load ESS, only that the antivirus component showed that it was malfunctioning for severals seconds (but could have lasted for atleast a minute).

As for the IE, have you tried other programs NOT trying to connect externally (LAN/internet)? What I've experienced is that only programs that tries to connect externally are the only ones affected (meaning calculator or notepad, for example, are not).

This is what I found out: ALG.exe seems to play a major role in this issue (atleast in my situation).

You could try this: upon login, open Task Manager and see which programs are loading (I suggest you use Process Explorer from sysinternals as the combination of tree-view mode and hiliting of newly-started allows for easy tracking of processes; be sure to click Replace Task Manager under Options menu to allow quicker launch). If I'm right about this, your system won't return to "normal" unless ALG.exe has started execution.

What happened to me was a component of VMWare, a service (I forgot w/c one), "seemed" to delay loading of ALG.exe (and several other Windows services). When I disabled the (VMWare) service, ALG.exe loaded immediately, clearing the "Malfunction" status of the antivirus component and allowing the immediate use of programs that tries to connect externally (actually, the antivirus component's status will "always" be "Malfunction" during startup unless ALG.exe loads, but hardly anyone would notice this since by the time the Nod32 GUI loads, ALG.exe would already be running ;)).

You wouldn't happen to be using any VMWare software, would you?

In any case, please try what I had just suggested and monitor the progress of program execution in your computer upon logon. I believe that it is related to the delayed loading of ALG.exe.

Regards.

@ JMC777: Just EAV and SpywareBlaster 3.5.1.

I checked the processes with Process Explorer during booting. In the beginning egui.exe is already present (0% CPU) and for about 5 seconds svchost.exe is taking 99% of the CPU. After these 5 seconds, everything is normal (System Iddle Process = 99% CPU). 90% of all processes are loaded yet. (Now I can't run Internet Explorer, but I can run Firefox). This is for about 2-3 minutes.

Then suddenly after the 2-3 minutes ekrn.exe takes 99% of CPU. This is for about 8 seconds. After this, the NOD32 tray icon appears in Windows Tray (bottom-right), and the remaining 10% of the process is loading (including: alg.exe, nvsvc32.exe, winvnc.exe (2x), wuauclt.exe).

During this whole booting-process the 'Update on Logon'-option from NOD32 was disabled. :-\

Right now, I'm still betting on the "delayed ALG.exe" culprit, so let's try to clear this up.

-{ Quote: "Then suddenly after the 2-3 minutes ekrn.exe takes 99% of CPU. This is for about 8 seconds. After this, the NOD32 tray icon appears in Windows Tray (bottom-right), and the remaining 10% of the process is loading (including: alg.exe, nvsvc32.exe, winvnc.exe (2x), wuauclt.exe)." }-
So you're saying that only AFTER 2~3 minutes did ALG.exe loaded? If this is the case then there's something that's causing this delay. In my case, it was a service from a VMWare software, in yours, can you or will be able to identify?

Try to do these things:
1) you can skip this one, but it's to rule-out Nod32. Uninstall Nod32 and try to restart your PC atleast twice (you can do it more if you want to). Monitor if ALG.exe is still delayed in loading.
2) Temporarily disable all programs/services (those not part of Windows) that automatically loads during startup. Restart your PC atleast twice (again, you can do more is you want to) and see if ALG.exe loads immediately. Please note that before you start w/ this step, make a list of all the services and programs that loads automatically during start-up. To disable the services, change the startup type from Automatic to Disabled. And for programs, use Msconfig.exe as it keeps track of what you have disabled. Again, disable services/programs that is NOT part of windows.
3) If so, one-by-one, enable a program/service, restart and see if it delays the loading of ALG.exe (if you uninstalled Nod32, before you begin this, try to install Nod32 and see if it delays loading of ALG.exe. if it didn't proceed w/ this step).

This will be time-consuming since you could probably have several services/programs that load automatically during start-up, but it's important to identify what is causing this delay.

Regards.

OK, I'll do this, but not now. I think tomorrow I post the results.

Here's something to help speed up the task: after disabling all the service/programs (and confirming that ALG.exe loaded w/o delay), start w/ the services. Only after you have restored all the services and ALG.exe is loading w/o delay, then that's the only time to start w/ the programs. There's almost a definite possibility that the delay is caused by a service than by a normal program.

Also when you start, instead of enabling the services one step at a time, enable half of the services then restart to do the test. This way you can immediately rule out half of the services and continue ruling-out half of what is remaing until all the services are evaluated/tested. So let's say after enabling half of the services ALG.exe is delayed during start-up, you can then disable half of the services you had enabled and continue doing so. Or if ALG.exe wasn't delayed in loading, enable half of the remaining services and continue doing so.

Hope this helps and good luck :)

Regards.

looks like a problem I solved with a windows update

http://www.wilderssecurity.com/showthread.php?t=195980

-{ Quote: "OK, I'll do this, but not now. I think tomorrow I post the results." }-

I uninstalled NOD32 and disabled all the non-windows services. But then alg.exe (second) still loads only after the 2~3 minutes. It's also after the 2~3 minutes that imapi.exe loads (first), and wscntfy.exe (third), saying that I have not intsalled Antivirus Software. And only after 2~3 minutes I'm able to run Internet Explorer (Firefox does work from the beginning).

So since imapi.exe loads first of the three, that process may be the problem, or a windows-service must be the problem.

Ok. I'm pretty much sure that NOD32 is not the problem here. There is something that's interfering w/ the normal start-up of your system. No, it isn't IMAPI.exe (trust me ;)). Worst case is that it could be a driver (Or just a program that's ill-designed >:(). It could also be a malware (not necessarily a rootkit or any malware running as a service or driver) loading during startup (annoying buggers w/c is usually loaded thru winlogon.exe; only way to manually remove them is to boot using Windows CD, thru commandline and delete the files/exes).

Things could get messy from here on (well, tedious but nothing that could permanently damage your system). Ofcourse, you can always format your system :D (just make sure that you install NOD32 first and test it; then continue installing your programs but still continue to test as any of them could cause this problem). I'm sure the forum admins are curious as to what is causing this issue, thus helping lift the undue burden (blame) placed upon NOD32 (or they could just have us post this on a different forum... NOOOOO.. :D).

Let's begin.

First make sure that when you disabled all non-Windows service, you have also disabled non-Windows startup programs. If in this scenario you're still having delayed problems, kindly list the services and startup programs. Just the .exe/filename (path not included). Only when something is out-of-place can we list their full path and description.

Regards.

Then suddenly after the 2-3 minutes ekrn.exe takes 99% of CPU. This is for about 8 seconds.

I have had the same problem.. cause?....>> ekrn.exe :thumbd: .
This exe will eventually cause to slow if you are using another P2P Program for downloading as I was , using Bitcomet or stop you getting out..

Your IE is then frozen and to get out of it, I also used uninstaller 2008.....patched of course;D ..... THEN you have to >>..REBOOT..<<:o .....AND..I went into Safe Mode, and deleted the offending exe this way, .....after uninstalling Eset Nod32...you may use whatever you have...........There is a program called UNHackMe....FREE.......:o ..............to get rid of this.......BUT this is just as quick and neat..

I hope this helps you in getting rid of the SHITTE!

PS..Virus is the the exe....ekrn.exe

Clarification:
-{ Quote: "...kindly list the services and startup programs..." }-
The list should not include disabled services and startup programs.

Regards.

-{ Quote: "PS..Virus is the the exe....ekrn.exe" }-Let's do be a little more realistic when offering Nod32 Support Please. You are aware what ekrn.exe is and very aware it's not a virus. There are issues that are being worked on but offering that folks should delete ekrn is not the answer.

Bubba

This are the windows-services and programms still enabled:

services:

http://img142.imageshack.us/my.php?image=servicesan5.jpg

processes:

http://img523.imageshack.us/my.php?image=processesab4.jpg

With this settings, alg.exe is still delayed.

I'd actually download Regsupreme & run that.Even a freshly installed OS has errors in the registry. If that still hangs try System Mechanic & run the part the looks at start ups,

What happens if you temporaly disable Application Layer Gateway. (alg.exe)


Note: It is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall.

@ De Hollander: When I disable alg.exe, nothing special happens, imapi.exe and wuauclt.exe still load after 2~3 minutes and alg.exe doesn't start at all of course.

So if I understand you correct, COM-service voor IMAPI cd-branders (imapi.exe) start first, then alg.exe and then automatic updates for Microsoft Windows (wuauclt.exe). What happens If you disable imapi or wuaclt.

I was actually hoping for an .exe list (but since I can't recall any decent utility to list active services as .exe, I can't be picky ;D) or atleast an english view but since I can recognize most of them, it's little problem.

Hhhmmm... I'm a bit at a loss here... but here's something to try. It's somewhat a guess but could you try disabling all ethernet/local area connections, Automatic Update and System Restore (w/ regards to the last two, aside from disabling them from System Properties, make sure that they are also stopped and disabled from Computer Management -> Services)? Then restart your PC and check if there's an improvement.

Also, before you restart, make sure to remove any peripherals except for the the essentials (display, keyboard, mouse).

Regards.

To display a list of services that are running, start \ run \ cmd \

at the prompt: net start

-{ Quote: " To display a list of services that are running, start \ run \ cmd \

at the prompt: net start" }-
Thanks, but I was hoping more for a list of .exe. Also, if it were in a different language, aside from english and my native language (secret :D), I'd have a hard time figuring-out what some/most of them are. Also, it's important to see w/c services are set to start automatically as some will need to do so but won't stay active for long and terminates. Then there are the those set to manual and could be invoked to run by other services and then terminate immediately (even if these kind of services terminately immediately, that doesn't mean they couldn't affect the system the same way loekverhees is experiencing w/ his system).

Nonetheless, thanks :)

Regards.

-{ Quote: "Hhhmmm... I'm a bit at a loss here... but here's something to try. It's somewhat a guess but could you try disabling all ethernet/local area connections, Automatic Update and System Restore (w/ regards to the last two, aside from disabling them from System Properties, make sure that they are also stopped and disabled from Computer Management -> Services)? Then restart your PC and check if there's an improvement.

Also, before you restart, make sure to remove any peripherals except for the the essentials (display, keyboard, mouse).

Regards." }-

I followed the instructions, but imapi.exe, alg.exe and wscntfy.exe still load after 2~3 minutes. I tried the Microsoft Bootvis program, but that isn't working neither. Internet Explorer still loads the page (I can run the program itself right in the beginning, but then he can't load the homepage until suddenly after 2~3 minutes www.google.nl loads. In this case where I disabled all network-connections, google wasn't loading at all of course). So it wasn't NOD32 that delayed IE.

@ De Hollander: When I disable imapi.exe or wuauclt.exe, unfortunately the problem keeps existing.

I don't want to "leave you hanging", but I'm really at a loss right now :(. Again, I was expecting a third-party software to be the culprit but now it seems highly unlikely (though I still won't rule it out since we just skimmed on what is loaded during startup). I'll return after a few hours (can't tell for how long, maybe 6 or even >24 hrs) but here are some things to be considered culprit:

- malware (rootkit) that is stealth and is loaded as service or driver (ill-designed/-implemented as to actually cause noticable effect).
- malware (non-rootkit) that is loaded much earlier during bootup (usually, but not limited to, thru WINLOGON.exe, replacing system exes, image hijacking, etc; again, ill-designed/-implemented as to actually cause noticable effect).
- driver/hardware issues (might have worked properly at first, but maybe thru an update, undelying issues surfaced).
- un-updated Windows (just in case you aren't into updating your Windows, even after weeks/months of update release ;)).

As for mentioned Windows services (imapi.exe, wuauclt.exe, etc), it's highly unlikely that they are the cause so I suggest leaving them for the moment if there are other things to try/consider.

Should you be the "adventurous" type of persone ;D and decide to format your system, kindly post first so we can give some recommendations and detect early on this problem should it re-occur.

Regards.

I think I'll format my system (last format was last week, so it's not that terrible ;) ). I'll intall NOD32 in the first place and check if it's delayed. Then I install the remaining applications (step by step) such as Office and drivers etc. Hope this way I can determine what program is causing this problem (if it occurs after the format too :-\).

Good thing I checked-back for one last time.

Not afraid of a format, are we ;D. I suggest you do this:

- Download all updates for your drivers before you reformat your system.
- After a reinstall, restart your system (after Windows has finished it's own requests/requirements for a restart) one or two more time to make sure that as-is, it's working fine.
- Install the drivers. After installing all of them, restart your system one or two more times, again to make sure that it's working as-is.
- Then install NOD32 (EAV/ESS) and restart (this besides the restart NOD32 could request) one or two more times (again same reason).
- Unless you're in a hurry, update your Windows first and restart it one or two more times.
- Only then do you install the rest of your software.

Good luck :)

Regards.

Succes

I just formatted my system :D . The first time after Windows Setup (when I saw the desktop for the first time), I opened Task Manager and: alg.exe was in the list, from the beginning! But then I rebooted the system, and when I saw the desktop again, I opened Task Manager again and: NO alg.exe :-\ . After 2~3 minutes, alg.exe suddenly loaded (together with wuauclt.exe and the wscntf.exe). Seems like the problem is back :( .

Just to confirm, when you rebooted your system and the problem reared it's ugly head :blink:, you haven't yet installed your drivers (much less updated Windows and installed the rest of your applications)?

Since your last post up to now, how many times have you tried rebooting? Have you tried temporarily disabling Automatic Update? Also rebooting w/ all unecessary peripherals (except VGA/keyboard/mouse) and all ethernet disconnected (plus remove and CD/DVD from the reader, just incase ;))?

Regards.

When I faced the problem again, it was the first (real) manual reboot of the system. No drivers or windows-updates were installed yet. I rebooted 2 more times, but again with delay. Then I installed two drivers (for my on-board audio and for my videocard). Then I rebooted 2 times. After this, I installed EAV and rebooted 2x. Then I run the Windows Update and installed all available updates (and rebooted 2x). (Still delay at this moment)

Since my last post up to this post, I booted 3 times. Then I disabled AU and System Restore (via Control Panel and via services.msc) and disabled all ethernet-connections. Then I shutted down the PC, removed the DVD-Writer (both IDE-cable and Molex-connector), all usb-devices and all network-cables and booted the PC. Still the problem :-\. Booted two times more, but without luck.

PS: I'm maybe a little late with saying this, but all problems started when I installed Windows on a new HDD (formatted) and a new DVD-Writer.

When you installed Windows, did you choose to format it? If so, what filesystem did you choose? FAT32 or NTFS? Also, did you choose Quick Format or not?

Regards.

Yes, I did format: Quick Format and NTFS. Should have been Full Format I guess :-\ ?

-{ Quote: "Should have been Full Format I guess ?" }-
If you still have the time (and patience) why not ;D.

I would've also had you checked if your HD (and also maybe your DVD drive) is operating in DMA mode, but since you didn't mention of any slow bootup/response I guess that's not needed (unless ofcourse you thought that it's normal for your CPU to jump everytime your HD is being accessed). Also it won't be an issue if all your drives are using SATA.

-{ Quote: "I just formatted my system :D" }-Just making sure but at this moment in time Nod32 is not installed ?

@ freesurfer: I know my HDD is operating in DMA-Ultra (5) Mode, but I don't know about the DVD-Writer, how can I check this? Both HDD and DVD-Writer are IDE, not SATA. I'll reformat my system, but I think I'll do that in a few days, as I'm busy with University now.

@ Bubba: As I write this, EAV IS installed :-\

-{ Quote: "Both HDD and DVD-Writer are IDE" }-

Question, what's the jumper settings of the devices and how are they connected.(IDE-cable)

Both devices are set as master. The HDD is connected to IDE-0 on the motherboard and the DVD-Writer to IDE-1 (so both devices are attached to different IDE-cables).

You say that you have two HDD and one DVD-writer.

On your IDE-0 -> 2 HDD, and both with the jumper setting "master" ?
On your IDE-1 -> 1 DVD-writer with the jumper setting master.

No, one HDD at IDE-0 set as master, and one DVD at IDE-1, set as master too

ok, just a misunderstanding :)

-{ Quote: "I know my HDD is operating in DMA-Ultra (5) Mode, but I don't know about the DVD-Writer, how can I check this?" }-

Right click on “My Computer”.
Choose “Properties”.
Click the “Hardware” tab
Hit the “Device Manager” button
Find your HD and DVD-Writer. These are normally under “IDE ATA/ATAPI Controllers”.

Primary IDE Channel (HD):
Secondary IDE Channel (DVD)

Hit the advanced settings tab, and there's your info. ;)

yup, what he said ;D.

And if isn't UDMA even though you set it to DMA, just reset the CRC in the registry and reboot (again ???, ;D).

I checked the HDD and DVD-writer again, via De Hollanders's way: The HDD is operating in UDMA Mode 2 and the DVD-writer in UDMA Mode 2 too. I looked in the Microsoft Logs, and this is what I got (if I scroll down further, it's from yesterday):

http://img297.imageshack.us/my.php?image=logkj0.png

Look at the timings! The details of the first error (in time) are:

"The WebClient-service has reported an invalid status 87."

The second error:

"The WebClient-server has crashed at startup"

I thought maybe this information is useful.

Disable the WebClient Service, reboot and see how it's go.
This might speed up network browsing, but it will prevent access to web-resident network places, such as free disk storage from your ISP.

Yeah, disabling WebClient-service did the trick :D ! But is this a temporary solution, or can I leave it disabled forever?

I'm still puzzled about the delay. But for the time been, it's a workaround. Normaly there suite not be any problems with webclient.


Quote from: http://support.microsoft.com/kb/832161/en-us

-{ Quote: "Disabling the WebClient does not affect Internet browsing. The WebClient is used only for Web Distributed Authoring and Versioning (WebDAV) connections. " }-

-{ Quote: "Turning off WebClient service stops the WebDAV redirector. You will not be able to use command-line commands such as net use, dir, copy, and rename to a Web server. You cannot use Add Network Place to add a Web DAV location. You cannot use Publishing Wizard to publish to MSN Communities. However, you can still continue to use servers that support the Server Message Block (SMB) protocol." }-

About a week has passed now, and I'm not discovering any problems till now. So I think I leave the WebClient disabled. ;)

Hey!! loekverhees, De Hollander and everyone else! I've got it! it was the simplest thing ever. This has nothing to do with all those processes and thigns you've all tried. THis is simply the time period in which IE and Windoes check for AUTOMATICALLY DETECTING SETTINGS on your Internet /Lan Connection.

ALL YOU HAVE TO DO is simply go to Internet EXPLORER tOOLS (OR ON THE CONTROL PANEL go to Internet options, and from connections, click on LAN, and UNCHECK the option that says "automatically detect settings". Restart your computer,. and that will definitely do the trick.

THis was happening to me forever, but because I have like 5 PCs at hoime, at compared with the others (which didn't have the problem and I realized that little setting made all the difference. Once you do this, go back and enabloe the alg.exe again, since you don't want to lose th eFIrewall protection I believe it isd associated with.

ALl the best!!

Leo.