AV Definition update caused error

Nevermind, I already see the issue.
Normally I don't run the virusscanner on an ERA server, but in this case, NOD32 is actually blocking ERA to download the updates.
Quite ironic...

 

But keeping a busted server online is? Give me a break.

I really feel for the guys who have hundreds or thousands of servers, but your blatant refusal to just reboot the server to resolve the problem is pure stupidity, so I have no empathy for you.

Luckily, we don't run Exchange, and I'm still running 2.7 on our DC, which remained unaffected, so only our workstations had problems.

the first workstation this happened on I was luckily able to pull up the Task Manager and saw that ekrn.exe was consuming 98% CPU, so a quick google revealed the problem (and solution).

So, we the impact on us was minor - reboot all of the workstations twice, no worries.

Yes, this was bad... really bad for some. But I was very glad to read Marcos' email that a detailed explanation of what went wrong and what will be done to prevent it happening again is in the works.

 

If there's somebody having issues on a production system that cannot be restarted and running the Update Fix tool didn't help either, let me know. We probably have a solution for cases when ekrn is completely unresponsive, causing the fix tool to not work.

 

You might need an restart your NOD blocked connection...

Mine 5 is not. Other XP SP3 (200) is and 15 servers also are.

 

Thanks for your insightful input.

 

Yes please.

The Update fix worked on all of our servers except one.

 

It has affected both of my Windows 7 64-bit machines, both running NOD32 v4.2.58.3. Both machines required a reboot to get updated to 5419, and one required a second reboot after 5419.

 

Anybody else changing their their ESET server's interval update to more than 60 minutes? After yesterday's fiasco I rather live with an infection on a computer than an entire network down. At least for the next while anyways.

 

I already did that when heard McAfee fckup. I changed to 24hs intervals, and guess what, I got burned.

 

OK most of the issues we had have been resolved. ESET I am still very upset but thank you for trying to resolve it fast.

Just a little advice to everyone and I am sure some of you already did this but if not here it is.

1.Make new install packages that update at whatever time you feel will be good only once a day at 11 am for me.

2.Send a config file to all servers and PC's to make the changes company wide.

3.Put a few people about 5 machines on auto update repeating this will be proactive and you will know way ahead of time atleast a few hours if this ever happens again and you could turn off update until a new one is released. I put myself and 2 managers on auto update. If our machine fail we will know and be able to stop it from spreading.

 

Yes there is read my pos on last page it will tell you what I did to be proactive.
You can change the update to daily.

 

Yes, we have this on quite a few...
The eset_update_fix.exe runs and runs and runs... any ideas?

Cheers

 

The ESET Update Fix was updated a couple of minutes ago. Please re-download it and run it again. We have confirmed that it works in cases where the previous fix didn't.

 

Many thanks...

 

Confirming that the updated .exe file works, thanks Marcos and co.

 

Hello,

In regards to all this situation that has happened to many here I've got to say that I didn't experience this problem [KNOCK ON WOOD]. Perhaps, because I use my laptops mainly at home and I shut them down once I finish whatever I'm doing and the update [5417 or 5418] was not downloaded at that time but the 5419. However, the thing is that this is NOT the first time ESET has messed things up with a virus definitions update [ go and search old threads here at Wilders referring to this].
They have done this several times in the past. Fortunately, they react promptly to address the issues they cause.

Other AV vendors also have had problems with virus definitions updates and even patches [McAfee, anyone?].

Bottom line: no matter what, I still trust ESET so I'm keeping NOD32 4.2 on all my PCs at home for the time being but I'll keep fingers crossed so they try to not mess up again.

Kind regards,

Carlos

 

It's different for home use.. I think most of the freaking out was the business users.. My last place of employment had their File System get wiped out, and corrupted.. The Quarum somehow got messed up, and they had to use tapes to restore it entirely.

 

5420 seems stable.

 

The official statement regarding the problematic updates has been released and is available here.

 

Am I the only one that is still having residual issues? I've been dealing with issues on a Windows 2003 server since yesterday. I've rebooted, applied definitions 5419 and up, uninstalled, reinstalled. No matter what I do, about once every hour I'm getting errors and the rpc connection drops and no one can access the server. The real treat is this is the server that hosts our financial application..the one my boss uses..she's really happy right now. Anyone else getting errors in the event log of 2019 or 333? here's what I'm getting:


Event Type: Error
Event Source: Application Popup
Event Category: None
Event ID: 333
Date: 9/3/2010
Time: 5:56:30 PM
User: N/A
Computer: CON2
Description:
An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system's image of the Registry.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 6c 00 ......l.
0008: 00 00 00 00 4d 01 00 c0 ....M..À
0010: 00 00 00 00 4d 01 00 c0 ....M..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

And

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Date: 9/3/2010
Time: 5:48:39 PM
User: N/A
Computer: CON2
Description:
The server was unable to allocate from the system nonpaged pool because the pool was empty.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 04 00 01 00 54 00 ......T.
0008: 00 00 00 00 e3 07 00 c0 ....ã..À
0010: 00 00 00 00 9a 00 00 c0 ....š..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 04 00 00 00 ....

Any suggestions? I have a sinking feeling that I'm in for a rebuild/restore.

 

Hello gkurcon,

Have you contacted support for assistance?

For any customers who continue to have trouble from this issue, please contact your local support for assistance. Our support engineers are here to help.

Thank you,
Richard

 

For the time being if you can't get it fix. Just uninstall the NOD32 completely and try to firgure this out during non business hour.

 

This is the following step I took to resolve the issues.

1. Shutdown the nod32 services so workstation cannot update.
2. Turn on nod32 services and login to the management console and update to the latest database.
3. Select all the computer in the management console and click on UPDATE NOW

this update all the computer with the latest patch. Some people still froze because they are using the older database 5418. After a reboot it went to the latest and greatest one 5421.

Hope this help others who are having this issues.

 

I have nod32 antivurus (4.2.64.12) (version signature: 5421) (private user)

I tried to restarting my pc (also in hard mode),
I tried to uninstall and reinstall nod32


But ekrn.exe continues to take high cpu usage (100)!!! :-(

 

I tamed ekrn.exe! xD

just remove the tick as shown in the point 3 here:
http://kb.eset.com/esetkb/index?page=content&id=SOLN2144

I can not explain how, but unchecked "Scan all files" ekrn.exe don't take CPU (without cancel any extension!!!)

Probably I'm a rare case, but has worked with me incredibly!