Nod32 AV 4 and Windows 2003 R2 boot up BSOD

We have a problem which started the morning of 1/29/2010. All of our terminal servers began getting a stop error 0x0000007E BSOD on boot up. Removing Nod got the sytems booting again however if Nod is reinstalled the problem starts again. I have not tried any other 2003 or 2008 server with fear of the same problem. I have also tried installing Nod on a clean installation and get the same problem. This is an all VMWare ESX enviroment. This appear to be a very serious problem. I have opened a ticket with Nod but have not heard anything back yet. Help Please!

 

I have done some additional testing.

This problem is only affecting server that have had their C drive changed to an alternate drive letter. Citrix server for instance have the C drive changed to M. We do have some web servers that have the C drive changed to W. Anyway I suppose I need to wait for a fix from ESET.

 

Please set the OS to create a complete (or at least kernel) memory dump per the instructions here and reproduce BSOD. Let me know when done and I'll provide you with further instructions where to upload it. You can most likely fix the problem by uninstalling EAV and reinstalling it, or by disabling self-defense followed by a computer restart. We'll check the dump instantly and make a fix if a problem is found.

 

I am having trouble generating the dump. This is a virtual machine and I am not sure if the CTL-Scroll Lock combination is being recognized. Is there a way to turn off the self-defense option in safe mode?

 

I uninstalled nod32, rebooted into windows then reinstalled nod32 and turned off self-defense. Still getting the BSOD on boot up.

 

We have had the same issue, not with all of our Citrix servers in the farm, just some. We have spent a couple of days trawling through the log, WSUS etc, and this morning uninstalled NOD32 and the server booted up. We downloaded the latest engine code from ESET and installed it back on the server and this seemed to fix the issue, have you tried that?

We also remap the C drive, and also noticed on a 64bit installation of Windows 2003 server you cannot install NOD32 at all when the C drive is remapped. It has worked fine up until now on 32bit installations.

Let me know how you get on.

 

We have the issue resolved at this point.

According to ESET there was a problem with a module deployed on 1/28/2010. The module has been removed from their upstream mirrors however if you have a remote administrator server then it will not be removed from it. To manually remove it goto. C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server\mirror Delete the contents of this folder then run a manual update from the remote administrator console.

Then on the affected servers uninstall and reinstall nod32 AV. You may also want to delete the <system root>/Documents and Settings/All Users/Application Data/Nod32 folder before installing.

This has solved our problem with the drive letters on 32bit systems. We don't have any 64bit Citrix servers so I can't speak to that problem. You might want to try a newer version of the client if you haven't already.

 

Thanks for that, glad everything is now OK with your servers and also ours

 

Getting the exact same issue - A clients Citrix server (on 2003 server - non R2) where the only hard drive is configured as M: (probably an accident during install my guess - no logical reason to be m: - it just it) - Blue screen of death on a reboot last night - spent HOURS working it out as it wasn't giving me much of a bootlog, there was no dump file and nothing in the eventlog to help diagnose what was stopping it booting.

The error was a Stop 0x0000007E (0xC0000005,xxxxxxxx,xxxxxxxx,xxxxxxxx)

No drivers or otherwise mentioned.

Took the eset sys files out of the drivers folder and it boots fine now.

 

I've had this issue on numerous machines where %SystemDrive% was not C:. I've confirmed that it's not tied to any particular Windows version. I've duplicated it on the following OSes in my lab:

Win2k3 Std/Ent, R1/R2, x86/x64
Win2k8 Std/Ent, R1/R2, x86/x64

To fix the problem I did this:

1. Destroyed the ERAS update mirror (delete contents of /mirror) and rebuilt from ERAC.
2. Booted affected machines into Last Known Good configuration.
3. Uninstalled ESET NOD32
4. Removed HKLM\Software\ESET
5. Rebooted
6. Reinstalled ESET NOD32

Caveats: This is a brute force approach, but it works. Machines that have had system changes that kill ControlSetXXX registry trees will likely require a different approach. In this case, I would:

1. Rename %SystemRoot%\System32\drivers\eamon.sys to eamon.sys.disabled
2. Remove HKLM\SYSTEM\CurrentControlSet\Services\ekrn

Also, the repair install does not seem to work on machines where NOD32 was installed via einstaller.exe from the ERAS.

If anyone has anything better, please share.

 

Just wanted to confirm that we experienced the same problems with our Windows Server 2003 R2 terminal servers (just in case anyone is using this thread to assess the impact on ESET users).

I've uninstalled Nod32 for now and will attempt re-installation once we have purged the mirrors and I've had some sleep...