Startup delay NOD32 v3.0.621

Discussion in 'ESET NOD32 Antivirus' started by loekverhees, Jan 14, 2008.

Thread Status:
Not open for further replies.
  1. loekverhees
    Offline

    loekverhees Registered Member

    Hello,

    I've installed a trial of NOD32 Home Edition 32Bit v3.0.621 (on a fresh XP Home SP2). When I boot the PC and the desktop appears, several processes load into systemtray (bottom-right of the screen). Then the hdd-indicator led stops blinking and Windows is finished with startup, only NOD32 still has to startup yet. After about 2-3 minutes, the hdd-indicator led starts blinking again and now NOD32 is loaded. During this 2-3 minutes it's impossible to run Internet Explorer for example. Has someone experienced this too? :doubt:
  2. WilliamP
    Offline

    WilliamP Registered Member

    There has been several posts about this problem. Hopefully ESET is trying to do something about it.
  3. jmc777
    Offline

    jmc777 Registered Member

    Try disabling 'Automatic update after user logon' in NOD's scheduler settings (Tools>Scheduler. If you can't see an option for that, switch the interface to advanced mode by clicking on 'Display: Standard mode' in the bottom left-hand corner of the NOD window, and select 'Toggle advanced mode').
  4. WilliamP
    Offline

    WilliamP Registered Member

    I did that> But it still updates and still hangs the boot.
  5. jmc777
    Offline

    jmc777 Registered Member

    Strange. I haven't experienced any delays since installing the first ESS beta many, many moons ago. I wonder if it's conflicting with another security product at startup - are you guys running anything else, or just EAV/ESS?
  6. freesurfer
    Offline

    freesurfer Registered Member

    Good day,

    I posted something like this in the ESS forum. Unlike yours, mine was able load ESS, only that the antivirus component showed that it was malfunctioning for severals seconds (but could have lasted for atleast a minute).

    As for the IE, have you tried other programs NOT trying to connect externally (LAN/internet)? What I've experienced is that only programs that tries to connect externally are the only ones affected (meaning calculator or notepad, for example, are not).

    This is what I found out: ALG.exe seems to play a major role in this issue (atleast in my situation).

    You could try this: upon login, open Task Manager and see which programs are loading (I suggest you use Process Explorer from sysinternals as the combination of tree-view mode and hiliting of newly-started allows for easy tracking of processes; be sure to click Replace Task Manager under Options menu to allow quicker launch). If I'm right about this, your system won't return to "normal" unless ALG.exe has started execution.

    What happened to me was a component of VMWare, a service (I forgot w/c one), "seemed" to delay loading of ALG.exe (and several other Windows services). When I disabled the (VMWare) service, ALG.exe loaded immediately, clearing the "Malfunction" status of the antivirus component and allowing the immediate use of programs that tries to connect externally (actually, the antivirus component's status will "always" be "Malfunction" during startup unless ALG.exe loads, but hardly anyone would notice this since by the time the Nod32 GUI loads, ALG.exe would already be running ;)).

    You wouldn't happen to be using any VMWare software, would you?

    In any case, please try what I had just suggested and monitor the progress of program execution in your computer upon logon. I believe that it is related to the delayed loading of ALG.exe.

    Regards.
  7. loekverhees
    Offline

    loekverhees Registered Member

    @ JMC777: Just EAV and SpywareBlaster 3.5.1.
  8. loekverhees
    Offline

    loekverhees Registered Member

    I checked the processes with Process Explorer during booting. In the beginning egui.exe is already present (0% CPU) and for about 5 seconds svchost.exe is taking 99% of the CPU. After these 5 seconds, everything is normal (System Iddle Process = 99% CPU). 90% of all processes are loaded yet. (Now I can't run Internet Explorer, but I can run Firefox). This is for about 2-3 minutes.

    Then suddenly after the 2-3 minutes ekrn.exe takes 99% of CPU. This is for about 8 seconds. After this, the NOD32 tray icon appears in Windows Tray (bottom-right), and the remaining 10% of the process is loading (including: alg.exe, nvsvc32.exe, winvnc.exe (2x), wuauclt.exe).

    During this whole booting-process the 'Update on Logon'-option from NOD32 was disabled. :doubt:
  9. freesurfer
    Offline

    freesurfer Registered Member

    Right now, I'm still betting on the "delayed ALG.exe" culprit, so let's try to clear this up.

    So you're saying that only AFTER 2~3 minutes did ALG.exe loaded? If this is the case then there's something that's causing this delay. In my case, it was a service from a VMWare software, in yours, can you or will be able to identify?

    Try to do these things:
    1) you can skip this one, but it's to rule-out Nod32. Uninstall Nod32 and try to restart your PC atleast twice (you can do it more if you want to). Monitor if ALG.exe is still delayed in loading.
    2) Temporarily disable all programs/services (those not part of Windows) that automatically loads during startup. Restart your PC atleast twice (again, you can do more is you want to) and see if ALG.exe loads immediately. Please note that before you start w/ this step, make a list of all the services and programs that loads automatically during start-up. To disable the services, change the startup type from Automatic to Disabled. And for programs, use Msconfig.exe as it keeps track of what you have disabled. Again, disable services/programs that is NOT part of windows.
    3) If so, one-by-one, enable a program/service, restart and see if it delays the loading of ALG.exe (if you uninstalled Nod32, before you begin this, try to install Nod32 and see if it delays loading of ALG.exe. if it didn't proceed w/ this step).

    This will be time-consuming since you could probably have several services/programs that load automatically during start-up, but it's important to identify what is causing this delay.

    Regards.
  10. loekverhees
    Offline

    loekverhees Registered Member

    OK, I'll do this, but not now. I think tomorrow I post the results.
  11. freesurfer
    Offline

    freesurfer Registered Member

    Here's something to help speed up the task: after disabling all the service/programs (and confirming that ALG.exe loaded w/o delay), start w/ the services. Only after you have restored all the services and ALG.exe is loading w/o delay, then that's the only time to start w/ the programs. There's almost a definite possibility that the delay is caused by a service than by a normal program.

    Also when you start, instead of enabling the services one step at a time, enable half of the services then restart to do the test. This way you can immediately rule out half of the services and continue ruling-out half of what is remaing until all the services are evaluated/tested. So let's say after enabling half of the services ALG.exe is delayed during start-up, you can then disable half of the services you had enabled and continue doing so. Or if ALG.exe wasn't delayed in loading, enable half of the remaining services and continue doing so.

    Hope this helps and good luck :)

    Regards.
  12. piranha
    Offline

    piranha Registered Member

  13. loekverhees
    Offline

    loekverhees Registered Member

    I uninstalled NOD32 and disabled all the non-windows services. But then alg.exe (second) still loads only after the 2~3 minutes. It's also after the 2~3 minutes that imapi.exe loads (first), and wscntfy.exe (third), saying that I have not intsalled Antivirus Software. And only after 2~3 minutes I'm able to run Internet Explorer (Firefox does work from the beginning).

    So since imapi.exe loads first of the three, that process may be the problem, or a windows-service must be the problem.
    Last edited: Jan 15, 2008
  14. freesurfer
    Offline

    freesurfer Registered Member

    Ok. I'm pretty much sure that NOD32 is not the problem here. There is something that's interfering w/ the normal start-up of your system. No, it isn't IMAPI.exe (trust me ;)). Worst case is that it could be a driver (Or just a program that's ill-designed :mad:). It could also be a malware (not necessarily a rootkit or any malware running as a service or driver) loading during startup (annoying buggers w/c is usually loaded thru winlogon.exe; only way to manually remove them is to boot using Windows CD, thru commandline and delete the files/exes).

    Things could get messy from here on (well, tedious but nothing that could permanently damage your system). Ofcourse, you can always format your system :D (just make sure that you install NOD32 first and test it; then continue installing your programs but still continue to test as any of them could cause this problem). I'm sure the forum admins are curious as to what is causing this issue, thus helping lift the undue burden (blame) placed upon NOD32 (or they could just have us post this on a different forum... NOOOOO.. :D).

    Let's begin.

    First make sure that when you disabled all non-Windows service, you have also disabled non-Windows startup programs. If in this scenario you're still having delayed problems, kindly list the services and startup programs. Just the .exe/filename (path not included). Only when something is out-of-place can we list their full path and description.

    Regards.
  15. heyman
    Offline

    heyman Registered Member

    Then suddenly after the 2-3 minutes ekrn.exe takes 99% of CPU. This is for about 8 seconds.

    I have had the same problem.. cause?....>> ekrn.exe :thumbd: .
    This exe will eventually cause to slow if you are using another P2P Program for downloading as I was , using Bitcomet or stop you getting out..

    Your IE is then frozen and to get out of it, I also used uninstaller 2008.....patched of course:D ..... THEN you have to >>..REBOOT..<<:eek: .....AND..I went into Safe Mode, and deleted the offending exe this way, .....after uninstalling Eset Nod32...you may use whatever you have...........There is a program called UNHackMe....FREE.......:eek: ..............to get rid of this.......BUT this is just as quick and neat..

    I hope this helps you in getting rid of the SHITTE!

    PS..Virus is the the exe....ekrn.exe
    Last edited: Jan 15, 2008
  16. freesurfer
    Offline

    freesurfer Registered Member

    Clarification:
    The list should not include disabled services and startup programs.

    Regards.
  17. Bubba
    Offline

    Bubba Updates Team

    Let's do be a little more realistic when offering Nod32 Support Please. You are aware what ekrn.exe is and very aware it's not a virus. There are issues that are being worked on but offering that folks should delete ekrn is not the answer.

    Bubba
  18. loekverhees
    Offline

    loekverhees Registered Member

  19. larryb52
    Offline

    larryb52 Registered Member

    I'd actually download Regsupreme & run that.Even a freshly installed OS has errors in the registry. If that still hangs try System Mechanic & run the part the looks at start ups,
  20. De Hollander
    Offline

    De Hollander Registered Member

    What happens if you temporaly disable Application Layer Gateway. (alg.exe)


    Note: It is a core process for Microsoft Windows Internet Connection sharing and Internet connection firewall.
  21. loekverhees
    Offline

    loekverhees Registered Member

    @ De Hollander: When I disable alg.exe, nothing special happens, imapi.exe and wuauclt.exe still load after 2~3 minutes and alg.exe doesn't start at all of course.
  22. De Hollander
    Offline

    De Hollander Registered Member

    So if I understand you correct, COM-service voor IMAPI cd-branders (imapi.exe) start first, then alg.exe and then automatic updates for Microsoft Windows (wuauclt.exe). What happens If you disable imapi or wuaclt.
  23. freesurfer
    Offline

    freesurfer Registered Member

    I was actually hoping for an .exe list (but since I can't recall any decent utility to list active services as .exe, I can't be picky :D) or atleast an english view but since I can recognize most of them, it's little problem.

    Hhhmmm... I'm a bit at a loss here... but here's something to try. It's somewhat a guess but could you try disabling all ethernet/local area connections, Automatic Update and System Restore (w/ regards to the last two, aside from disabling them from System Properties, make sure that they are also stopped and disabled from Computer Management -> Services)? Then restart your PC and check if there's an improvement.

    Also, before you restart, make sure to remove any peripherals except for the the essentials (display, keyboard, mouse).

    Regards.
  24. De Hollander
    Offline

    De Hollander Registered Member

    To display a list of services that are running, start \ run \ cmd \

    at the prompt: net start
  25. freesurfer
    Offline

    freesurfer Registered Member

    Thanks, but I was hoping more for a list of .exe. Also, if it were in a different language, aside from english and my native language (secret :D), I'd have a hard time figuring-out what some/most of them are. Also, it's important to see w/c services are set to start automatically as some will need to do so but won't stay active for long and terminates. Then there are the those set to manual and could be invoked to run by other services and then terminate immediately (even if these kind of services terminately immediately, that doesn't mean they couldn't affect the system the same way loekverhees is experiencing w/ his system).

    Nonetheless, thanks :)

    Regards.
Thread Status:
Not open for further replies.