AMON causes frequent 1-second-freezes - any NOD32 version

Discussion in 'NOD32 Early v2 Beta' started by Gott, Feb 15, 2003.

Thread Status:
Not open for further replies.
  1. Gott

    Gott Registered Member

    Joined:
    Feb 15, 2003
    Posts:
    15
    I was searching for a reliable and especially fast and resource saving AntiVirus Solution.

    And I was really satisfied with the NOD32 Testversion - until I found out, that AMON caused frequent (about every 1 to 10 minutes) short but very annoying total System halts and freezes.

    I first tried the latest v1.xxx Version and then decided to deinstall it and give NOD32 v2.0 beta a chance - but AMON - in beta 1 and 2 - seems to have the same Problem.

    I cannot reproduce it or figure out, what causes this behaviour - but it more or less frequently freezes the whole system (for about 1 second) including screen, mouse, sound.

    It doesn't matter if I surf the web, play a 3D-Game or play music or video files. Some times there is no freeze for 30 minutes, sometimes I cannot even listen to an mp3 file, because everything stops every minute :S

    I already tried lots of other OnAccess Virus Scanner, and none of them showed this behaviour. and it doesn't appear, when I run the OnDemand Scanner of NOD32 and stops emmidiately, as soon as I deactivate AMON (that's why I'm 100% sure that AMON is at least part of the problem).

    I really hope somebody can help me to figure out what causes this problem since I'm very happy with NOD32 and would even consider buying it, if I could only get rid of this weird bug (which currently makes NOD32 more or less useless on my machine)!


    My System configuration:

    Windows XP professional
    Pentium II 350 Mhz
    320mb RAM
    Logged in with Admin rights

    List of programms running in the Background:

    - Kerio Personal Firewall 3.0 (latest beta)
    - Serv-U 4.1
    - DirectUpdate 3.5.6 (DynDNS Updater)
    - Proxomitron 4.4

    - MSN Messenger 5.0
    - ICQLite
    - TVgenial
    - Klipfolio
    - Task-Manager
    - Babylon Translator
    - Daemon-Tools
    - InCD

    My System is a client in a LAN, I use some network drives and I'm connected to Internet over a gateway on the LAN.


    I would really appreciate any kind of help!
     
  2. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hey Gott,

    more info from you needed :) - I sent you a PM.

    Thx. :)

    jan
     
  3. Fedorov999

    Fedorov999 Registered Member

    Joined:
    Sep 13, 2002
    Posts:
    182
    Jan, this sounds like the UPX issue that I've reported to you - possibly affects Gott even more as he has a much slower processor than myself.

    I notice he also has a lot more background processes running, so if one of those happens to be compressed with UPX and it is doing something at regular intervals this could explain his "regular" freeze of mouse pointer etc...

    Fedorov.
     
  4. Gott

    Gott Registered Member

    Joined:
    Feb 15, 2003
    Posts:
    15
    @jan - since you more or less asked the same question in the PM that Fedorov999 asked here in public I might as well answer it here:

    I'm actually not really sure if this is an UPX Problem - I, for myself, didn't apply UPX-compression to any of the programms I'm using, but of course some of them could be shipping packed by default. I'll just give you a full list of all programms running in the Background and I hope some of you can tell me if some of them are UPX packed by default. I know it's a lot, but it's about all programms I use - and frequently enough to give them constant access to my system ressources:

    List of programms running in the Background:

    - Kerio Personal Firewall 3.0 (beta 5)
    - Serv-U 4.1.0.3
    - DirectUpdate 3.5.6 (DynDNS Updater)
    - Proxomitron 4.4

    - MSN Messenger 5.0.0543
    - Messenger Plus! v2.01.22
    - ICQLite build1068
    - TVgenial v3.0 beta5
    - Klipfolio v2.0
    - Task-Manager (comes with Windows XP :) )
    - Babylon Translator v4.0
    - Daemon-Tools v3.29
    - InCD v3.50.20.0

    - DVD Region Killer 2.7 by Elby
    - WinTV Remote Control Application by Haupauge
    - Versato v1.9 (for the additional Buttons of my Keyboard)

    more or less constantly:

    - latest eMule version


    I know that my CPU is slow, but all of the programms above don't need much CPU-Time ... and I have enough RAM to keep them running in the Background.

    SINCE my CPU is very slow, I decided to give NOD32 a chance, because in every test I found NOD32 is referred to as a reliable and especially VERY FAST AV-Scanner.


    I could minimize the "FREEZE" Problem by excluding some files in the AMON Explude list:

    After excluding the XP Swapfile "Pagefile.sys" the problem seemed to occur way less often! I don't know why, by default, AMON at least tries to scan the Swapfile anyways :s

    Furthermore I excluded the Kerio, Klipfolio and Serv-U Directory from beeing scanned and the files "upnp.dll" and "rpcss.dll" in the system32 dir (which were scanned about 5 times a second). AMON seems to ignore the exclude list for *.ini files - ServUDaemon.ini is in an excluded directory, but scanned anyways ... about every second ...

    All of this seemed to minimize the problem to a nearly acceptable ammount, but it still didn't solce anything.

    Is there any possibility to deactivate the UPX Scanner in AMON?

    I would really appreciate, if somebody could find a solution for this annoying bug - since I'm really satisfied with NOD32 ...
     
  5. Gott

    Gott Registered Member

    Joined:
    Feb 15, 2003
    Posts:
    15
    Oh, nearly forgot that, but maybe it's helpful:

    I use the NTFS compression that comes with Windows XP pro on some parts of my harddrive. But these parts are only used to store media files and documents. The only compressed folders that are accessed frequently are the eMule shared and temp folders and the directory that is shared on the LAN and on the Internet (using Serv-U).


    By the way, here is a list of a few other bugs I discovered using the latest beta:

    http://www.wilderssecurity.com/showthread.php?t=7352
     
  6. Fedorov999

    Fedorov999 Registered Member

    Joined:
    Sep 13, 2002
    Posts:
    182
    Hi Gott, nice info for Jan there.

    You may with to download UPX 1.24 from http://upx.sourceforge.net/

    You then just need open a Dos/Command window in a directory where some of those background programs exist and type "UPX -l *.*"

    Upx will then show you all programs in that folder that are compressed (or not).

    Regards,

    Fedorov.
     
  7. Gott

    Gott Registered Member

    Joined:
    Feb 15, 2003
    Posts:
    15

    I spent some time and did what you recommended.

    That the problem has something to do with UPX-Compression was clear, when i clicked on the "upx.exe" - my system froze immediatly (for 2 Seconds).

    Actually "The Proxomitron" (Local Proxy and Webfilter) was UPX packed ... unpacking it greatly minimized the problem, excluding the swapfile from beeing scanned and my system is nearly as fast as it should be.

    Anyways, I think this is a bug that needs to be fixed. Maybe UPX-Files need to be unpacked on low priority ...
     
  8. Gott

    Gott Registered Member

    Joined:
    Feb 15, 2003
    Posts:
    15
    Klipfolio.exe is packed to, but - since protected - cannot be unpacked. Currently only excluding this file keeps my system form freezing :(
     
Thread Status:
Not open for further replies.