My entire OS freezes for about 10 minutes.

Discussion in 'NOD32 version 2 Forum' started by rotem, Nov 20, 2006.

Thread Status:
Not open for further replies.
  1. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    My Windows XP SP2 freezes for a few minutes after starting up. It started happening right after installing NOD32 2.7 trial. I think it may have something to do with its signatures auto-update, but who knows. Actually, I can't even be sure it's NOD32's fault, although it seems to be the case.

    I managed to open the Task Manager while it happened (wasn't easy), and found that the problem's cause was one of the "svchost.exe" system processes, using 100% CPU and taking priority over everything else. :doubt:

    What gives?
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Hello rotem

    What info does the NOD32 event log show?
     
  3. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    Time Module Event User
    20/11/2006 14:59:06 Kernel The virus signature database has been successfully updated to version 1873 (20061120).

    and

    Time Module Event User
    20/11/2006 00:38:46 Kernel The virus signature database has been successfully updated to version 1871 (20061119).


    Looks normal... :doubt:
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    What other security programs are you running? Do you have another antivirus program that could possibly be running?
     
  5. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    No, I uninstalled VirusScan before installing NOD32.

    Windows XP's "Security Center" lists NOD32 as the antivirus software and it seems to work fine apart from that freeze. It detects the Eicar test file.

    Why does it always rain on me? :(
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Is svchost.exe located in the C:\Windows\System32 folder? Do a search of your system for "svchost.exe"
     
  7. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    Yes, it's in C:\WINDOWS\system32...

    Search matches:

    C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
    C:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf
    D:\WINDOWS\system32\svchost.exe

    (I have an emergency Windows XP copy installed on partition 'D'.)
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    If you go to start, run, and type in msconfig, are there any programs in the startup tab that could be conflicting with NOD? Or is McAfee the only security program you were running? Do you use a firewall?
     
  9. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041
    Four or five instances of svchost.exe is normal. If you want to see what services are run by each Svchost process:For XP Professional

    Click Start, Run and type cmd

    Type tasklist /svc >c:\taskList.txt


    Look through the list see waht else is using it
     
  10. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    No, there's nothing like that in startup, McAfee was the only thing. I have Ad-Aware but that's not antivirus software (not to mention it doesn't run at startup).

    I use XP's built-in firewall.

    That list doesn't mean much to me... I'll try to do it next time it happens. I have six instances of svchost.exe by the way.
     
    Last edited: Nov 20, 2006
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    I would try an uninstall, reinstall. Uninstall NOD from the control panel, restart, delete the Eset folder in Program files, reinstall, and restart.

    You can also try a winsock reset in case it might have been damaged somehow. In XP Home go to the command prompt and type netsh winsock reset and restart your computer.
     
  12. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    Well, this sure is strange.

    There seems to be a problem with my Windows Update. It takes a long time to scan for updates, during which the CPU is at full usage. I have no idea how to fix this problem, couldn't find anything about it in the Microsoft Update troubelshooter.

    The thing is, it seems like the system instability only occurs when NOD32 is installed. Otherwise, it just uses all available CPU time without causing such a big problem.

    At this point I see no alternative but to reinstall Windows (or at least not use NOD32)...
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    There is a known problem with a windows update file, KB 923980. It may have something to do with your problem.
    I personally wouldn't reinstall Windows at this point.
    If you are using automatic update for Windows, you could turn it off to see if it makes a difference.
     
    Last edited: Nov 20, 2006
  14. pemar

    pemar Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    31
    Location:
    Winnipeg, Canada
    I have experienced the same problem. The same process "svchost" was taking close to 100% CPU.
    I have looked at processes with Process Explorer from Sysinternals. Then I've seen that only one of svchost processes was taking so much CPU - it was the one with the process called "wuauclt.exe" attached to it.
    I cannot blame NOD, or any other program, for that. It has happened suddenly, long after I installed NOD.
    At the same time not all of the icons in the System Tray would show up after reboot. I've searched few forums about that and used Steve Gibson's UnPlug n'Pray utility.
    The icons show up ok now and also I haven't experienced more delays during boot sequence. Maybe it is coincidence, but so far works for me.

    Greetings!
     
  15. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    I have KB 923980 installed already, and the delayed update scanning has actually existed here for a very long time, it's not something new... I see it in manual updates, which take an excessively long time of 100% CPU usage.

    I haven't noticed this problem during background automatic updates until now, but now I see in Task Manager that it happens every time I boot. But from my observations, the freezing only happens with NOD32 installed.

    I did turn automatic updates off and the problem was gone. Then the moment I enabled it, it happens again.

    Any other ideas before I reinstall XP? :p

    That makes sense, "wuauclt.exe" is a Windows Update process and it's always active right before "svchost.exe" starts making trouble...

    I'm not blaming NOD32 for the Windows Update problem, but it seems that the presence of NOD32 somehow creates a system instability whenever it happens, causing the system to be almost completely nonresponsive for the duration of the "update check". :doubt:

    I can't see how disabling UPnP has anything to do with it... :p
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Send an email to support at eset.com with a link to this thread.
     
  17. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Ugh. The problem with the svchost.exe going up to 100% is indeed related to Windows Update / Automatic Updates. I have seen it on many computers, regardless of whether any antivirus software is installed or not. I believe it started doing that with Windows/Microsoft Update version 6. If you do not have a fast computer, it can be a real pain. :rolleyes:

    I would try creating some AMON exclusions for the files mentioned in the Microsoft Knowledge Base article, Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;822158

    If your stability problems are due to contention between NOD32 and the Automatic Updates / Windows Update, the exclusions may help.
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I have this problem also all I do is turn off Windows Automatic Updates and all is fine but make sure you check for Updates Manually from time to time! Again this is all I do because it is a pain! :ouch: Also it has nothing to do with NOD32!

    Cheers,
     
    Last edited: Nov 21, 2006
  19. pemar

    pemar Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    31
    Location:
    Winnipeg, Canada
    You were right - UPnP has nothing to do with OS freeze. My problem has returned very quickly.
    My icons did not load properly so I thought system hang ups had something to do with it.
    Disabling UPnP had solved my icon problem (even NOD icon shows up every single time! - which was not the case before)

    Windows was still hanging up on "wuauclt" so I followed alglove's recommendation from post #17
    So far, three boots later, I have not seen "wuauclt" using up too much CPU. In fact, vsmon takes close to 95% but only for a few seconds.
    I hope it will stay this way, otherwise I will disable automatic updates as Triple Helix suggests.

    My concern is: am I making my system more vulnerable by excluding files from AMON scanner?
     
  20. Gizmo

    Gizmo Registered Member

    Joined:
    Apr 23, 2003
    Posts:
    34
    Maybe it has something with this:
    http://support.microsoft.com/kb/916089
    FIX: When you run Windows Update to scan for updates that use Windows Installer, including Office updates, CPU utilization may reach 100 percent for prolonged periods

    Some google search about this KB may help.
    I am also having this problem on some computers.
    I have not tried installing it by myself yet so I cannot tell if it helps or not.
     
  21. rotem

    rotem Registered Member

    Joined:
    Nov 20, 2006
    Posts:
    8
    I'm happy to report that my problem is now resolved, thanks to the very useful Google results for "KB916089". :D

    The problem appears to be caused by the combination of Windows Installer, Windows Update and antivirus software. This solution did the trick for me:

    http://swigartconsulting.blogs.com/tech_blender/2006/07/windows_update_.html

    Thank you all for your patience and help! :thumb:

    Rotem
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,763
    Location:
    Texas
    Thanks for the feedback. :)
     
  23. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Wow, that is awesome. I sure hope this makes it to an updated version of Windows Installer sometime soon in the future... preferably, one that is distributed through Windows Update, so everyone can have it.

    ...assuming they can actually wait through the 100% CPU usage required to find it, that is! :ninja:
     
  24. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Thanks Rotem for the link the fix works like a charm!:D

    TH
     
Thread Status:
Not open for further replies.