Eset is hanging Truecrypt AGAIN!

Discussion in 'ESET NOD32 Antivirus' started by sag, Feb 20, 2012.

Thread Status:
Not open for further replies.
  1. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    I've seen this problem discussed in the past, on this site and followed the instructions on Truecrypt to upgrade Eset NOD32 to ver 5.0.95 which fixed the issue. Unfortunately the freezing problem is back!
    Here is what is happening.
    I have a encrypted file on my computer, that I use Truecrypt to decrypt. Everything on my system works just fine except when I enter the password to decrypt the encrypted file. Once I click Mount, my whole system freezes. Nothing I can do but to do a hard shut down and reboot.
    This was happening when I was running an earlier version 5 of NOD32, but after reading the Truecrypt forum, they pointed out that it was Eset that was causing the problem and to upgrade to 5.0.95 which I did. Problem solved or so I thought.
    I just had to do a Windows XP repair and once done, Eset was freezing my system once again when I tried to decrypt my file. I uninstalled Eset and found that I could, once again, open my Truecrypt file with no problems.
    Figuring that somehow, Truecrypt and Eset got broken in the Repair, I uninstalled Truecrypt then reinstalled Eset and Truecrypt. This didn't help. Once again Eset is freezing my system if I try to decrypt my truecrypt file.
    Is there a fix for this? Has a newer version of Eset NOD32 come out that address this issue?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    is the file kept on a usb drive? In any case maybe exclude the file/folder from scanning?
     
  3. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    no the file is on my computer and is actually a hidden drive (drive Z) that once the truecrypt file is decrypted, it opens in this drive.
    I tried adding it as exclusions in Eset, also to allow with HIPS but nothing short of uninstalling Eset NOD32 seems to fix the issue.
    Maybe there is some other area in Eset NOD32 that needs tweaking that I am not aware of so if you have any other ideas that would be helpful.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please generate a complete memory dump at the point the issue occurs as per the instructions here. When done, let me know so that I can provide you with further instructions.
     
  5. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    Marcos:
    I downloaded and ran Sysinspector yesterday. Would that be helpful?
    I can send that now instead of the dump or do you need the dump first?
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'm afraid that only a memory dump can shed more light in cases like this.
     
  7. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    Marcos:
    I followed the instructions...and had to edit the registry since there was no option for a complete dump on the XP Pro system.
    Once done, I opened the Advanced tab and saw and selected the Complete dump option. The dump file was to be placed in the Winnt directory as Memory.dmp.
    Closed Control Panel and launched TrueCrypt to decrypt the file and immediately the computer froze, like before. I gave it 5 minutes then did a hard reboot.
    When completely rebooted I looked for the memory.dmp file but found NOTHING!
    No dump file is being produced. I even did a system search for any dmp file but found no Memory.dmp. I'm afraid the system is freezing before it can produce this file.
    Now what?
     
  8. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    It's pretty amazing this problem is back .
    One would think that the NOD-developers actually TESTED the software
    before release ??

    IF you manage to create a memory-dump :
    It contains your decrypted encryption-key !!
     
  9. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    Engim:
    Yikes! That can't be good for security reasons.

    Marcos:
    I have an additional piece of information that hopefully will help to solve this.
    I forgot to mention that from time to time...maybe daily...maybe a couple of times a week, I will get a pop up box that says:

    ESET GUI
    ESET GUI has encountered a problem and needs to close.
    We are sorry for the inconvenience.


    When you click on the Close button, the ESET icon in the task bar disappears.

    In Event viewer the following is shown:

    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 2/23/2012
    Time: 12:08:15 PM
    User: N/A
    Computer: My Computer
    Description:
    Faulting application egui.exe, version 5.0.94.0, faulting module ole32.dll, version 5.1.2600.6168, fault address 0x0002e682.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 65 67 75 ure egu
    0018: 69 2e 65 78 65 20 35 2e i.exe 5.
    0020: 30 2e 39 34 2e 30 20 69 0.94.0 i
    0028: 6e 20 6f 6c 65 33 32 2e n ole32.
    0030: 64 6c 6c 20 35 2e 31 2e dll 5.1.
    0038: 32 36 30 30 2e 36 31 36 2600.616
    0040: 38 20 61 74 20 6f 66 66 8 at off
    0048: 73 65 74 20 30 30 30 32 set 0002
    0050: 65 36 38 32 0d 0a e682..


    I don't know if this has anything to do with the Truecrypt issue or not, but it is annoying.
     
  10. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    What other errors or warnings are there in event viewer logs?
     
  11. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    Cudni:
    That is pretty much the only error in the Application section
     
  12. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    What about system section?
     
  13. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    There were some errors but they were either 3 hours before the eset error or 2 hours after. Nothing around the same time.
     
  14. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    What are the errors though? Eset shouldn't be stopping in such manner. So checking in case there are hardware issues. I'm assuming there is no reason to suspect malware.
     
  15. sag

    sag Registered Member

    Joined:
    Dec 12, 2010
    Posts:
    29
    one error was because of a usb stick not shutting down properly when it was pulled.
    The other one had something to do with a cache flush error...that one was around 3:00PM. No where near the 12:00 eset error.

    Neither should have had anything to do with eset.

    I doubt it is malware...I use Webroot SecureAnywhere Complete and it scans on a daily basis around 7:00pm. I also have ZoneAlarm Pro in addition to Eset.
    I also have Malwarebytes installed, but it is not active till I start it.
     
Thread Status:
Not open for further replies.