NOD Kernel + unreadable CD/DVD can freeze my PC?

It happened something strange lately when dealing with poor quality CDs and DVDs.

On 3 different PCs (2 WinXpPro, 1 Win2003), all sporting NOD with Default AMON settings enabled that trying to browse or read CD/DVD contents (jpeg images), the computers got frozen. Couldnt launch task manager either. The only response was given by the ALT+TAB combination showing the task list icons.

Had to hard reboot.

Could it be NOD kernel trying to access data on a bad/poor support, ending in a freeze state? Maybe a stuck NOD kernel can freeze the PC?

 

Hello?

 

I've had that issue since Windows 95, so I really doubt it has anything to do with NOD.
Ejecting the drive when the pc locks up usually helps, but not all the time.

 

Well it's strange, cause the defect you're talking about usually ends when ejecting the disc; in my case you can try anyithing but it ends brute-forcing off the PC....

 

Another possibility could be the IDE/ATAPI drivers that are being used. I remember when I had my old NVIDIA nForce2 based motherboard, I would run into similar trouble if I used the "special" NVIDIA IDE drivers, but not if I used drivers that were based off of Microsoft's delivered IDE driver.

 

I've seen PC's that get stuck forever just after POST during boot up if there is a normal blank CD-R in the drive.

Yes it seems possible that NOD32 could be getting stuck.
No this is not normal.
Shouldn't you just throw out the defective CD?

Cheers

 

As I've said, the problem has shown it self on 3 different PCs, with different hardware.

It happened with a defective CD and with a not-so-readable DVD within one week.

If it is NOD, Eset could try to spot out the problem, following a timeout approach....

 

Hello,

Does the problem still occur if NOD32 is disabled on the computer and then an optical disc is accessed?

Regards,

Aryeh Goretsky

 

I'll have a go and post the results......

 

Arr..... How can I disable NOD without uninstalling?

 

NOD32 Control Center --> AMON --> uncheck "File system monitor (AMON) enabled".

You may also go to AMON --> Setup --> Security --> uncheck "Enable automatic startup of AMON".

 

Ok, I've did some testing and it looks like the problem is NOD related.

Test 1 - On my portable, Winxp + latest patches, NOD 2.7 + latest patches, AMON (enabled or disabled, same results) the CD today is unreadable, and nothing happens; no locks. Probably my poor quality CD reader isn't capable to access the CD anymore.

Test 2 - On a desktop, sporting a good quality Plextor CD reader (Winxp + latest patches, NOD 2.7 + latest patches), the CD is apparently readable: contents are shown into Windows Explorer. As I've disabled CD autorun, nothing happens; then within windows Explorer I've tried to launch the .exe listed in autorun.inf:
- whit AMON disabled the CD players "chats" a bit ending with an error message that sounds like "This is not a windows application", probably due to CRC/reading errors; nevertheless the system is stable and no freeze occurs.
Enabling AMON and launching the same executable ends everything in a "freeze". It is not a complete freeze: mouse cursor is available moving the mouse, ALT+TAB works, but the system is unusable, even if ejecting the CD and waiting hours. Could it be an infinite loop somewehere?

It may be a very-low-percentage scenario, but it does exists and in some systems, like our server, it may be very critical even if it happens once. (Just one hard reset on a Windows 200x server may lead into an Active directory or Exchange Server damage, with days of troubleshooting).

 

It certainly sounds like you have given us a reproduceable scenario.

Out of curiosity, were you able to Ctrl-Alt-Del to access the Task Manager, or was even that not working?

I am curious, if you happen to have the Task Manager already running before you start the test, can you Alt+Tab to it then? If so, I am curious if any of the entries in the Processes tab are running at 99%, like nod32krn.exe .

 

I've tried but the command wouldn't be executed. Very strange that ALT+TAB works (without executing, just showing the classic icon list) but not the task manager. Yes probably the system still accepts user input, but due to system stress it is unable to process requests.

Excellent idea, monday morning (I'm on GMT+1) I'll give it a try (the offending CD is @ the office)

 

I've tested the offending CD again this morning with Amon enabled and task manager running, and apart from being slow while checking nothing happened anymore.... nodkrnl was sleeping below 1%......and the system after a few seconds of slowness, always resumed.
As the PC was being used allready since early this morning, did maybe Eset update the engine with a fix?

I'm not able to reproduce the problem....not willing to give a try on the server....

 

Hello,

A new advanced heuristics module was released yesterday (December 3, 2006), however, it does not seem likely that would make a difference.

If the problem re-occurs please let us know.

Regards,

Aryeh Goretsky

 

The key is the CD recording software.

If one wants an app, other than the CD recording software to access something in a writable CD drive, then the media should not be inserted until AFTER the relevant app is ready to request the media.

Do you have a plain CD-ROM drive to test with as well? That should eliminate effects of CD recording software.

Also get ISOBuster from http://www.smart-projects.net/isobuster/ to check the media.

 

Ok I've been able to reproduce the problem on another PC.

Windows Xp fully patched + NOD 2.7 fully patched, CD unit writing capable.

The problem occurs only with Amon enabled,CD autorun enabled and a particular sequence......

Test 1 - Amon disabled
- Insert CD in the player
- Xp attempts to read contents nothing happens (read fails, no messages)
- Open Windows Explorer
- Windows Explorer gets "stuck"
- Ejecting the CD resumes explorer and the PC is stable

Test 2 - Amon enabled
- Insert CD in the player
- Xp attempts to read contents nothing happens (read fails, no messages)
- Open Windows Explorer
- Windows Explorer gets "stuck"
- Ejecting the CD doesn't resumes explorer and the PC is stuck
- Task manager shows zero CPU usage (also during the test)
- No way to resume the PC, CPU at 0%, but nothing is executed anymore
- Hard reset needed

Test 3 - Amon enabled
- Insert CD in the player
- Xp attempts to read contents nothing happens (read fails, no messages)
- Now eject the CD
- Open Windows Explorer, everything is fine again, PC working

 

Agoretsky?

 

Hello,

If you disable the Anti-Stealth option in NOD32, does the problem still occur?


Regards,

Aryeh Goretsky

 

Yes.

I've disabled Antistealth, rebooted and performed "test 2" again, still same beheaviour.

 

Hello,

As a workaround, you can try downloading a fresh copy of NOD32, disconnecting your computer's network connection, uninstalling NOD32, copying the files off of the marginal discs to another location and then reinstalling NOD32 and reconnecting the computer to the Internet.

Regards,

Aryeh Goretsky

 

? Didn't understand what you mean......

 

Hello,

As I understand it, the problem only occurs when attempting to read CD or DVD discs with errors on them. What I was suggesting was that you temporarily uninstall NOD32, copy the data off the "bad" discs and then reinstall NOD32.

Regards,

Aryeh Goretsky