Eamon.sys causes BSOD on shutdown

Discussion in 'ESET NOD32 Antivirus' started by Wurlitzer, Nov 10, 2008.

Thread Status:
Not open for further replies.
  1. Wurlitzer

    Wurlitzer Registered Member

    Joined:
    Nov 10, 2008
    Posts:
    1
    I´ve had some strange behavior lately with BSOD when I shutdown the computer. It seems that it´s eamon.sys that causes it. Does anybody have any ideas?

    Versions
    EAV 3.0.672.0
    Intel Wi-Fi 12.0.0.82
    Broadcom NIC 10.100.0.0
    Sonicwall SSL-VPN Virtual Adapter 1.4.0.3

    Windbg report
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
    Kernel base = 0x81e41000 PsLoadedModuleList = 0x81f58c70
    Debug session time: Mon Nov 10 06:40:34.630 2008 (GMT+1)
    System Uptime: 0 days 7:13:00.522
    Loading Kernel Symbols
    ..............................................................................................................................................................................
    Loading User Symbols

    Loading unloaded module list
    ....................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, 110b, 8020011, 886963e0}

    *** ERROR: Symbol file could not be found. Defaulted to export symbols for eamon.sys -
    Probably caused by : eamon.sys ( eamon+2746 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 00000007, Attempt to free pool which was already freed
    Arg2: 0000110b, (reserved)
    Arg3: 08020011, Memory contents of the pool block
    Arg4: 886963e0, Address of the block of pool being deallocated

    Debugging Details:
    ------------------


    POOL_ADDRESS: 886963e0 Nonpaged pool

    FREED_POOL_TAG: None

    BUGCHECK_STR: 0xc2_7_None

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    PROCESS_NAME: System

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from 81f2f00c to 81f0e0e3

    STACK_TEXT:
    902d76ec 81f2f00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
    902d7760 a3eea746 886963e0 00000000 902d778c nt!ExFreePoolWithTag+0x17f
    WARNING: Stack unwind information not available. Following frames may be wrong.
    902d7770 a3ee9b7c 886963e0 865a5008 a8e0bcec eamon+0x2746
    902d778c a3eeb95f a8e0bcec 852c7c08 865a5008 eamon+0x1b7c
    902d77c8 81efcfd3 852c7c08 865a5008 a57c73b4 eamon+0x395f
    902d77e0 82061d11 95c4b6ba 8b061dc4 861cf018 nt!IofCallDriver+0x63
    902d78b0 820873ff 861cf030 00000000 8b061d20 nt!IopParseDevice+0xf61
    902d7940 8205f0f6 00000000 902d7998 00000240 nt!ObpLookupObjectName+0x5a8
    902d79a0 82060bf3 902d7b4c 00000000 00000000 nt!ObOpenObjectByName+0x13c
    902d7a14 82067fea 902d7b44 00100003 902d7b4c nt!IopCreateFile+0x63b
    902d7a60 81e98a1a 902d7b44 00100003 902d7b4c nt!NtCreateFile+0x34
    902d7a60 81e96509 902d7b44 00100003 902d7b4c nt!KiFastCallEntry+0x12a
    902d7b04 82119819 902d7b44 00100003 902d7b4c nt!ZwCreateFile+0x11
    902d7d7c 82016b18 a0114a4c 95c4b3ca 00000000 nt!PopFlushVolumeWorker+0x12a
    902d7dc0 81e6fa2e 821196ef a0114a4c 00000000 nt!PspSystemThreadStartup+0x9d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+2746
    a3eea746 5d pop ebp

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+2746

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 48a95943

    FAILURE_BUCKET_ID: 0xc2_7_None_eamon+2746

    BUCKET_ID: 0xc2_7_None_eamon+2746

    Followup: MachineOwner

    Any help is appreciated!!

    //W
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Could you create a complete or kernel memory dump, upload it to an ftp and send me the link to it? It's quite common that there's a serious problem with the OS and since eamon.sys is the last one in the order it's flagged as the culprit even though it isn't.
     
  3. NeillC

    NeillC Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1
    Hi Marcos,
    I see a number of crashes just like this in the online crash analysis database of Microsoft while reviewing our Vista SP2 data. I would like to work with you get this resolved if possible. I would expect we could get this resolved pretty quickly with driver verifier etc.
     
  4. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    I have exactly the same problem. I use a Vista Ultimate SP2 (RTM) x64.
    I run an ESET 4.0.424.0. Antivirus.
    I do not run any security program beside ESET NOd
    My message is: DRIVER_IRQL_NOT_LESS_OR_EQUAL.
    The problem is the eamon.sys driver, and of course, I have the minidump file.
    There's an other issue which colors the picture however: at random reboots the "real time file protection" does NOT start, leaving the tray-icon red (which is green, when everything works flawlessly).
    I tried to repair the installation via the eav_nt64_enu.msi installation file, but it did not work out. The problem endured.
    I did the process with UAC disabled, of course (to get enough privileges).
    Thanx for any help - I appreciate Your effort!
     
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    I assume you haven't read all the other posts on here regarding Vista SP2 and ESET? There's a fair number of people experiencing problems.

    You'll probably find everything is tickety-boo with SP1.


    Jim
     
  6. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    Thanx. It's just Google come up with the results when searching, and took me here. I got a little bit relaxed now knowing that many fella users have the same problem. First I thought it's a unique problem of my own OS.
    BTW, U meant this thread, didn't U:
    https://www.wilderssecurity.com/showthread.php?t=241025
    Thanx for the headsup, though.
     
  7. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Yep that's the one. Hopefully there will be a resolution soon.


    Jim
     
  8. psyko12

    psyko12 Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    13
    Same problem here... BSOD via eamon.sys, funny thing is I was installing SP2... Then BSOD on phase 3 of 3.
     
  9. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Yes that's where I first had it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.