eamon.sys error 0x

Discussion in 'ESET NOD32 Antivirus' started by Nordic, Oct 1, 2009.

Thread Status:
Not open for further replies.
  1. Nordic

    Nordic Registered Member

    Joined:
    Oct 1, 2009
    Posts:
    2
    I got the below BSOD message on a computer that just had Windows XP Home installed on it two days ago and then downloaded ESET NOD 32 Version: 4.0.467

    Problem caused by eamon.sys
    PAGE_FAULT_IN_NONPAGED_AREA
    STOP: 0x00000050 (0x9AC73A7C, 0x00000000, 0xA9E29616, 0x00000000)
    eamon.sys address A9E29616 base at A9E25000, DATESTAMP 4aa9dc2f

    I'm not sure if I should uninstall ESET, update it or what. I just spent $400 getting it fixed and less than two days out, it's BSODing again. :eek:
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    did you have a previous build (4.0.437 or older) installed before? Does disabling Self-defense and (or) Anti-stealth followed by a computer restart make a difference? When exactly does BSOD occur (upon a computer startup or when running certain applications or performing operations on files)?

    The best would be if you could configure Windows to create complete memory dumps and convey a dump creating during BSOD to ESET for perusal.
     
  3. Nordic

    Nordic Registered Member

    Joined:
    Oct 1, 2009
    Posts:
    2
    Thanks for the questions. I don't have all the answers yet but do have more questions.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    To disable Self-defence or Anti-Stealth (for testing purposes), go to the main setup (F5) -> Antivirus and antispyware, disable the appropriate options and restart the computer.

    I'll try installing Carbonite to see if it iterferes with v4 somehow. Just for testing purposes, you could try setting real-time protection to scan only files with default extensions instead of all files to see if it makes a difference (Setup(F5) -> Antivirus and antispyware -> Real-time file system protection -> Setup -> Extensions -> untick Scan all files)

    See this KB article for detailed instructions. Skip the instructions for generating a dump manually, it will be created automatically when BSOD occurs. The dump should reveal the root cause of the problem. Let me know if you manage to create one so that I can provide you with further instructions.
     
  5. i4u1

    i4u1 Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    7
    Location:
    Out there
    I have the same BSODding!

    PAGE_FAULT_IN_NONPAGED_AREA
    eamon.sys - 0xA9F57616 base at 0xA9F53000
    Stop: 0x50 ( 0xA9EF2A7C, 0, 0xA9F57616, 0)

    i.e. the same RVA 0x4616.
    I have Asus P5Q on Atheros LAN controller, XP SP3+ Pro, latest drivers, Daemon tools, PunkBuster and their drivers installed, no other drivers/stealth tech. installed.

    Ethernet drivers:
    http://partner.atheros.com/Drivers.aspx
    AR81FamilyWinSetup_1.0.0.45_WHQL.rar
    All other are the latest non-beta drivers.

    Mostly reproduced by using uTorrent just at the very start of uTorrent app ( 1.8.4.16688 ).
    Maybe it's "brand new packes processing system" in 4.0.467?

    Potantial KMDs that can affect: eamon, sptd (hooks a lot of IRP handlers) by daemon tools, PunkBuster, ProcExp by Russinovich. No other present in the system (i hope at least).
    Also tcpip.sys patched to 0x100 half-open limit and previously 0xFFFF also BSOD - didn't help the reducing to 0x100 from 0xFFFF thought out-of pool problem but not.

    *fixed BSOD values
     
    Last edited: Oct 23, 2009
  6. ccomputertek

    ccomputertek Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    371
    Do you have utorrent selected for HTTP checking ?
     
  7. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    If you're hitting pagefault errors the first thing you should be doing is running some kind of memory test to make sure you are operating on good hardware.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In the case of BSOD, it's necessary to create a complete memory dump and convey it to ESET for perusal. The dump should reveal the cause of BSOD.
     
  9. i4u1

    i4u1 Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    7
    Location:
    Out there
    >Do you have utorrent selected for HTTP checking ?
    It was empty box for the 1st BSOD, then i denied checking (red cross)

    >If you're hitting pagefault errors the first thing you should be doing is running some kind of memory test to make sure you are operating on good hardware.

    And the lightning strikes the same place on different PCs. Don't you think it's strange anyway?


    XP SP3+ has all public and tech. updates installed.
     
  10. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Strange, yes, but far from unheard of. If you are running identical model systems it is completely possible that a large number of them are suffering from similar hardware failures because they are all using components out of the same defective batch. We have had many such situations with Dell Optiplexes between power supplies, cap blight, bad ram, and bad hard drives on various batches of systems.
     
  11. i4u1

    i4u1 Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    7
    Location:
    Out there
    Where to upload ~50MB zipped dump file? Submit file thru gui doesnt work, eset site doesn't allow submitting of smth.
     
  12. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Please upload to ftp://ftp.nod.sk/support. Be sure to include a descriptive text file in your archive with a link to this message thread and your contact information.

    Regards,

    Aryeh Goretsky
     
  13. i4u1

    i4u1 Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    7
    Location:
    Out there
    I already uploaded a couple of BSOD dumps with nickname in RARed filename. But FileZilla cannot get ftp server directory listing to check success upload status and haven't received ack of success from someone on your side(
     
  14. Nasenmann

    Nasenmann Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    7
    Hello,

    I've got the same behaveiour here!

    NOD V4.0.467 on 50 computers since 2 weeks now.
    On 3 of them I get bluescreens on startup now (2 Lenovo Notebooks and one noname workstation).

    Deinstalled NOD v4 and installed v3 and the bluescreens are gone.
     
  15. i4u1

    i4u1 Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    7
    Location:
    Out there
    So any progress regarding that cases? Fixed? Need me to resend dump to you again?
    Public progress appreciated.
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  17. Nasenmann

    Nasenmann Registered Member

    Joined:
    Oct 28, 2009
    Posts:
    7
    So I uninstalled the V4 withe the Eset-Tool.
    After a restart and a fresh install of V4 it was O.K.
    But after the next restart the bluescreen comes again...
     
  18. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I am sorry to hear of this, it may be unrelated to your AV installation.
    I leave you in the most capable hands of the Moderators and other experts here. Good luck.
     
Thread Status:
Not open for further replies.