Eamon.sys causes BSOD on shutdown

Discussion in 'ESET NOD32 Antivirus' started by Wurlitzer, Nov 10, 2008.

Thread Status:
Not open for further replies.
  1. Wurlitzer

    Wurlitzer Registered Member

    Joined:
    Nov 10, 2008
    Posts:
    1
    I´ve had some strange behavior lately with BSOD when I shutdown the computer. It seems that it´s eamon.sys that causes it. Does anybody have any ideas?

    Versions
    EAV 3.0.672.0
    Intel Wi-Fi 12.0.0.82
    Broadcom NIC 10.100.0.0
    Sonicwall SSL-VPN Virtual Adapter 1.4.0.3

    Windbg report
    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\MEMORY.DMP]
    Kernel Summary Dump File: Only kernel address space is available

    Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is:
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
    Kernel base = 0x81e41000 PsLoadedModuleList = 0x81f58c70
    Debug session time: Mon Nov 10 06:40:34.630 2008 (GMT+1)
    System Uptime: 0 days 7:13:00.522
    Loading Kernel Symbols
    ..............................................................................................................................................................................
    Loading User Symbols

    Loading unloaded module list
    ....................
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck C2, {7, 110b, 8020011, 886963e0}

    *** ERROR: Symbol file could not be found. Defaulted to export symbols for eamon.sys -
    Probably caused by : eamon.sys ( eamon+2746 )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    BAD_POOL_CALLER (c2)
    The current thread is making a bad pool request. Typically this is at a bad IRQL level or double freeing the same allocation, etc.
    Arguments:
    Arg1: 00000007, Attempt to free pool which was already freed
    Arg2: 0000110b, (reserved)
    Arg3: 08020011, Memory contents of the pool block
    Arg4: 886963e0, Address of the block of pool being deallocated

    Debugging Details:
    ------------------


    POOL_ADDRESS: 886963e0 Nonpaged pool

    FREED_POOL_TAG: None

    BUGCHECK_STR: 0xc2_7_None

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    PROCESS_NAME: System

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from 81f2f00c to 81f0e0e3

    STACK_TEXT:
    902d76ec 81f2f00c 000000c2 00000007 0000110b nt!KeBugCheckEx+0x1e
    902d7760 a3eea746 886963e0 00000000 902d778c nt!ExFreePoolWithTag+0x17f
    WARNING: Stack unwind information not available. Following frames may be wrong.
    902d7770 a3ee9b7c 886963e0 865a5008 a8e0bcec eamon+0x2746
    902d778c a3eeb95f a8e0bcec 852c7c08 865a5008 eamon+0x1b7c
    902d77c8 81efcfd3 852c7c08 865a5008 a57c73b4 eamon+0x395f
    902d77e0 82061d11 95c4b6ba 8b061dc4 861cf018 nt!IofCallDriver+0x63
    902d78b0 820873ff 861cf030 00000000 8b061d20 nt!IopParseDevice+0xf61
    902d7940 8205f0f6 00000000 902d7998 00000240 nt!ObpLookupObjectName+0x5a8
    902d79a0 82060bf3 902d7b4c 00000000 00000000 nt!ObOpenObjectByName+0x13c
    902d7a14 82067fea 902d7b44 00100003 902d7b4c nt!IopCreateFile+0x63b
    902d7a60 81e98a1a 902d7b44 00100003 902d7b4c nt!NtCreateFile+0x34
    902d7a60 81e96509 902d7b44 00100003 902d7b4c nt!KiFastCallEntry+0x12a
    902d7b04 82119819 902d7b44 00100003 902d7b4c nt!ZwCreateFile+0x11
    902d7d7c 82016b18 a0114a4c 95c4b3ca 00000000 nt!PopFlushVolumeWorker+0x12a
    902d7dc0 81e6fa2e 821196ef a0114a4c 00000000 nt!PspSystemThreadStartup+0x9d
    00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    eamon+2746
    a3eea746 5d pop ebp

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: eamon+2746

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: eamon

    IMAGE_NAME: eamon.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 48a95943

    FAILURE_BUCKET_ID: 0xc2_7_None_eamon+2746

    BUCKET_ID: 0xc2_7_None_eamon+2746

    Followup: MachineOwner

    Any help is appreciated!!

    //W
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you create a complete or kernel memory dump, upload it to an ftp and send me the link to it? It's quite common that there's a serious problem with the OS and since eamon.sys is the last one in the order it's flagged as the culprit even though it isn't.
     
  3. NeillC

    NeillC Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1
    Hi Marcos,
    I see a number of crashes just like this in the online crash analysis database of Microsoft while reviewing our Vista SP2 data. I would like to work with you get this resolved if possible. I would expect we could get this resolved pretty quickly with driver verifier etc.
     
  4. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    I have exactly the same problem. I use a Vista Ultimate SP2 (RTM) x64.
    I run an ESET 4.0.424.0. Antivirus.
    I do not run any security program beside ESET NOd
    My message is: DRIVER_IRQL_NOT_LESS_OR_EQUAL.
    The problem is the eamon.sys driver, and of course, I have the minidump file.
    There's an other issue which colors the picture however: at random reboots the "real time file protection" does NOT start, leaving the tray-icon red (which is green, when everything works flawlessly).
    I tried to repair the installation via the eav_nt64_enu.msi installation file, but it did not work out. The problem endured.
    I did the process with UAC disabled, of course (to get enough privileges).
    Thanx for any help - I appreciate Your effort!
     
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    I assume you haven't read all the other posts on here regarding Vista SP2 and ESET? There's a fair number of people experiencing problems.

    You'll probably find everything is tickety-boo with SP1.


    Jim
     
  6. racketeer66

    racketeer66 Registered Member

    Joined:
    Mar 19, 2006
    Posts:
    84
    Location:
    Hungary
    Thanx. It's just Google come up with the results when searching, and took me here. I got a little bit relaxed now knowing that many fella users have the same problem. First I thought it's a unique problem of my own OS.
    BTW, U meant this thread, didn't U:
    https://www.wilderssecurity.com/showthread.php?t=241025
    Thanx for the headsup, though.
     
  7. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Yep that's the one. Hopefully there will be a resolution soon.


    Jim
     
  8. psyko12

    psyko12 Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    13
    Same problem here... BSOD via eamon.sys, funny thing is I was installing SP2... Then BSOD on phase 3 of 3.
     
  9. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Yes that's where I first had it.
     
Thread Status:
Not open for further replies.