Right, here's the deal. Yesterday I installed NOD32 v3 and updated it until it was up to date. I ran a virus scan but it froze at 67% while scanning a Firefox plugins folder.

I attempted to scan again today but it froze again at 67% while scanning a different folder (can't remember which one).

When it freezes, my computer speed drops dramatically so I am unable to use it. I have to turn it off my the power button which obviously shouldn't be done.

Why is the virus scan freezing and how can I stop it?

Any help would be appreciated,
Cheers.

The freezing issue has been noticed by a few people on the forums. I'm sure ESET are aware of it and are working on a fix.

Does disabling advanced heuristics make a difference?

-{ Quote: "Does disabling advanced heuristics make a difference?" }-

I'm a bit of an idiot when it comes to Antivirus'. Could you elaborate?

-{ Quote: "Does disabling advanced heuristics make a difference?" }-
Same issue here, only way the scan will complete is with both heuristics and advanced heuristics disabled.

SlapnutSkits instead of powering down, open task manager (ctrl alt del) end the application then go in and kill the ekrnl process, the process will automatically start again, but you will have to restart the gui through start menu. Then you have to delete the 1.6gig temp file in windows/temp.

-{ Quote: "Same issue here, only way the scan will complete is with both heuristics and advanced heuristics disabled.

SlapnutSkits instead of powering down, open task manager (ctrl alt del) end the application then go in and kill the ekrnl process, the process will automatically start again, but you will have to restart the gui through start menu. Then you have to delete the 1.6gig temp file in windows/temp." }-

Thanks for the reply. However, I have no idea what this ekrnl process or the gui you are talking about is ???

GUI means graphical user interface. Put it simple open up NOD32. Press ctrl-alt-del at the same time and that brings up your task manager. Find the ekrnl process and high light it. Then click end process.

-{ Quote: "GUI means graphical user interface. Put it simple open up NOD32. Press ctrl-alt-del at the same time and that brings up your task manager. Find the ekrnl process and high light it. Then click end process." }-

Right OK. Does this solve the problem of the scan freezing then?

I have a similar problem with scans freezing on the Firefox plug ins folder.

NOD32 v3.0.621.0
Virus signature database: 2791 [200880114
Update module: 1019 [20071030]
Antivirus and antispyware scanner module: 1102 [20080103]
Advanced heuristic module: 1068 [20071119]
Archive support module: 1069 [20080113]
Cleaner module: 1024 [20071217]

Firefox 2.0.0.11

Firefox Extensions:

AI Roboform Toolbar for Firefox 6.9.85
British English Dictionary 1.19
Copernic Desktop Search 2 Toolbar 2.0.0.2280
CustomizeGoogle 0.69
NoScript 1.2.9
Orbit Downloader Firefox Integration 1.05
RefControl .0.8.9
Yahoo! Mail Notifier 1.0.0.3

Firefox Themes:

Default
Noia 2.0[eXtreme] 3.371............in use

Windows XP Home SP2 fully updated, 1GB memory, Athlon 2800+

As soon as a manual scan gets to the Firefox pluggin folder the scan appears to stall according to the GUI, with no progress being made. CPU for ekrn.exe is 9% at the most and for egui.exe 15.15% at the most.

I find that if I click on the button to 'Stop' the scan the Target info changes from:

C:\Program Files\Mozilla Firefox\plugins

to:

C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

After clicking the Stop as above I am waiting for the scan to complete for many minutes, with both the Stop and Pause buttons greyed out. 3-4 minutes went by before the was finally given as 'Scan interrupted by user'

If I navigate a Custom Scan directly to C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll I don't get any scan progress being shown. CPU usage CPU for ekrn.exe is 9% at the most and for egui.exe 15.15% at the most. The scan doesn't progress at all. Clicking on the Stop button to stop the scan and scan termination took 10 minutes.

The MD5 for npdivx32.dll is: 56E18C09654020009012A53FD332D397

I have DivX for Windows, DivX Pro, DivX Converter, DivX MPEG-2 Plugin showing as 'registered on the system'. These were installed by the latest DivX 6.8.0.30 bundle.

If I run a custom scan of the C:\Program Files\Mozilla Firefox\plugins\ but exclude npdivx32.dll I can get the scan to run and complete in a couple of minutes. I however don't get any scan progress showing in the GUI

Here is a copy of the scan log file when npdivx32.dll was excluded:

15/01/2008 6:23:22 PM Operating memory;C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\;C:\Program Files\Mozilla Firefox\plugins\npdivx32.xpt;C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll;C:\Program Files\Mozilla Firefox\plugins\npnul32.dll;C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL;C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU;C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll;C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA;C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll;C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll;C:\Program Files\Mozilla Firefox\plugins\npUpload.xpt;C:\Program Files\Mozilla Firefox\plugins\nsIDivxPlayerPlugin.xp 492 0 0 Completed

These scans were completed with advanced heuristics turned on.

With advanced heuristics turned off I can not get a scan of npdivx32.dll to complete. The scan doesn't progress at all. Clicking on the Stop button to stop the scan and scan termination didn't happen at until 19 minutes and 9 seconds.

Opening the \Windows\Temp folder shows two .tmp files belonging to NODDBD4.tmp and NODDBD7.tmp at 1.69GB and 885MB respectively.

Hope this information helps

I'd be interested in reading any feedback.

Thanks in advance for your time...I really value it.

Chalawah...

This ..>>ekrn.exe is the problem<< ....well for me it was.. this exe..slowed to stopped PC from functioning?..ONCE I uninstalled it and then deleted all files and folder, using uninstaller 2008......

Then as a precaution you have to delete WHATEVER you have in temp file in C:\Documents and Settings\Administrator\Local Settings\Temp...or Windows/temp........If you can..use Historykill 2006-7 IF you can get your hands on it..THIS is an excellent program to use to delete Temp files in your PC....:)

I rebooted... in safe mode...... and deleted ekrn.exe ....
NOW I am able to surf and download and surf with multiply windows open..previously...NO WAY!

I hope this works for you as it did for me...otherwise, keep looking in forum for clues;D

-{ Quote: "Chalawah...

This ..>>ekrn.exe is the problem<< ....well for me it was.. this exe..slowed to stopped PC from functioning?..ONCE I uninstalled it and then deleted all files and folder, using uninstaller 2008......

I rebooted... in safe mode...... and deleted ekrn.exe ....

NOW I am able to surf and download and surf with multiply windows open..previously...NO WAY!

I hope this works for you as it did for me...otherwise, keep looking in forum for clues;D" }-

ekrn.exe is part of NOD32...
So I guess you changed to another AV?

I'm experiencing big delays on some folders and files too. Especially on folders with big zipped self-extracting archives, or setup.exe/.cab files, or older .exe files (like old games). Just right after I go into a directory with such files erkln.exe process starts to use 60-99% of CPU and hangs all other processes for couple of minutes. All .exe icons at that moment is blue/white window. After NOD32 finished the scan normal icons begin to appear.

Disabling NOD32 resident scanner completely solves the problem.

I'm using 3.0.621. I _think_ this was not an issue in earlier versions.

-{ Quote: "I'm experiencing big delays on some folders and files too. Especially on folders with big zipped self-extracting archives, or setup.exe/.cab files, or older .exe files (like old games). Just right after I go into a directory with such files erkln.exe process starts to use 60-99% of CPU and hangs all other processes for couple of minutes. All .exe icons at that moment is blue/white window. After NOD32 finished the scan normal icons begin to appear.

Disabling NOD32 resident scanner completely solves the problem.

I'm using 3.0.621. I _think_ this was not an issue in earlier versions." }-

Do you use default program settings?

Dear Marcos

I have the same problems ... it was never like this untill update 2786 popped up in the middle of watching a divx movie online....

http://www.wilderssecurity.com/showthread.php?t=197357

Before that update I never had any problems with the program ( V2.7 )

Ciao !
Gribus

I'm a bit of an idiot, so could somebody please talk me step by step on how to stop my problem?

Cheers.

-{ Quote: "I'm a bit of an idiot, so could somebody please talk me step by step on how to stop my problem?

Cheers." }-
The archive support module was updated today. Check to see if this fixes your problem. If not, remove the check for 'Advanced Heuristics' for the 'On-demand computer scan' as follows:

1. Click on 'Computer Scan' on the left margin.
2. Click on 'Scan setup'
3. Click on 'Setup' button to the right of 'Threatsense engine parameter setup'
4. Click on 'Options' and remove the check for 'Advanced heuristics'

-{ Quote: "I have a similar problem with scans freezing on the Firefox plug ins folder.

----------snip

NOD32 v3.0.621.0
Virus signature database: 2791 [200880114
Update module: 1019 [20071030]
Antivirus and antispyware scanner module: 1102 [20080103]
Advanced heuristic module: 1068 [20071119]
Archive support module: 1069 [20080113]
Cleaner module: 1024 [20071217]

------snip

I'd be interested in reading any feedback.

Thanks in advance for your time...I really value it." }-

Latest NOD32 Installed Components have resolved this issue for me. Thank you Eset team for your time and energy on this matter:

NOD32 v3.0.621.0
Virus signature database: 2794 [200880115]
Update module: 1019 [20071030]
Antivirus and antispyware scanner module: 1102 [20080103]
Advanced heuristic module: 1068 [20071119]
Archive support module: 1067 [20080115]
Cleaner module: 1024 [20071217]

Sadly, the new archive module haven't helped.

-{ Quote: "Do you use default program settings?" }-

I'm using non-default settings. Can I upload configuration XML here or send you personaly?

You can send a customer care query using the integrated form and enclose this thread's url in the description field. Your configuration will be attached to the email we will receive. Before you submit a query, please make sure that advanced heuristics and runtime packers are disabled in the real-time protection setup (leave them enabled only for newly created/modified files).

-{ Quote: "You can send a customer care query using the integrated form and enclose this thread's url in the description field. Your configuration will be attached to the email we will receive. Before you submit a query, please make sure that advanced heuristics and runtime packers are disabled in the real-time protection setup (leave them enabled only for newly created/modified files)." }-

Disabling AH and runtime packers in real-time protection helped. But why I can't use the feature that exist ???

Enabling AH and runtime packers on access will siginificantly slow down the performance, hence it's enabled only for newly created/modified files by default.

Well I can expect performance slow down. But should it take 30-40 minutes to scan one .exe file on 2ghz core 2 duo, 1gb of ram and gigabit network machine? This is unacceptable in my opinion.

-{ Quote: "Well I can expect performance slow down. But should it take 30-40 minutes to scan one .exe file on 2ghz core 2 duo, 1gb of ram and gigabit network machine? This is unacceptable in my opinion." }-

Well, it's likely if it's an installer or sfx archive with tons of embedded executables or dll's. Is the file in question downloadable from the web or could you send it by email?

But it worked well in version 2.7. I had AH and runtime packers on run-time scan enabled there too.

V2 doesn't have an option for using AH and runtime packers upon file access.

In 2.7.39 Amon enabled all options even not that slow down happens as V3 with default settings, ekrn just sometimes use high cpu when using windows normally which 2.7.39 doesn't, using V3 will sometimes feel lag.

I used Nod32 3.0 for about a month, and I had to get rid of it. City of Heroes started to act up, the sound effects/music skipping and looping like a broken record. I thought it had to do with my new graphics drivers, since I had upgraded from nVidia to ATI, but I noticed that my computer was sluggish, even when not doing anything but browsing folders. I checked the task manager and egui.exe was using 100% of one of my cores and it wasn't even doing a on-demand scan. To see if it was because of my browsing, I walked away from the machine for 15 minutes and came back and saw that egui.exe was still using 100% of one of the cores.

It made me mad to get rid of it because I paid for it, but since going back to a free AV, all the problems stopped.

-{ Quote: "I used Nod32 3.0 for about a month, and I had to get rid of it. City of Heroes started to act up, the sound effects/music skipping and looping like a broken record. I thought it had to do with my new graphics drivers, since I had upgraded from nVidia to ATI, but I noticed that my computer was sluggish, even when not doing anything but browsing folders. I checked the task manager and egui.exe was using 100% of one of my cores and it wasn't even doing a on-demand scan. To see if it was because of my browsing, I walked away from the machine for 15 minutes and came back and saw that egui.exe was still using 100% of one of the cores.

It made me mad to get rid of it because I paid for it, but since going back to a free AV, all the problems stopped." }-

You can still use V2.7 as your license covers it.