NOD32 Causing BSOD?

Discussion in 'ESET NOD32 Antivirus' started by RDX, Sep 4, 2008.

Thread Status:
Not open for further replies.
  1. RDX

    RDX Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    2
    Hey, i'm new here. I have recently been trying to run a full in-depth system scan on my home PC, and every time it is left to run Windows BSODs. Having just debugged the minidump, it comes up saying memory corruption caused by ekrn.exe. Does this mean I have a fault with my NOD32, or is my computer just rubbish?

    -----------------

    Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [c:\windows\minidump\minidmp.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available

    Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols

    Executable search path is: c:\symbols
    Windows Server 2008 Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 c
    ompatible
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 6001.18063.x86fre.vistasp1_gdr.080425-1930
    Kernel base = 0x81c10000 PsLoadedModuleList = 0x81d1d930
    Debug session time: Thu Sep 4 16:28:26.292 2008 (GMT+1)
    System Uptime: 0 days 0:22:33.294
    Loading Kernel Symbols
    ................................................................................
    ............................................................................
    Loading User Symbols
    Loading unloaded module list
    .......
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    Use !analyze -v to get detailed debugging information.

    BugCheck 1A, {5003, c0402000, 3185, 352add8}

    Probably caused by : memory_corruption ( nt!MiAllocateWsle+7d )

    Followup: MachineOwner
    ---------

    0: kd> !analyze -v
    *******************************************************************************
    * *
    * Bugcheck Analysis *
    * *
    *******************************************************************************

    MEMORY_MANAGEMENT (1a)
    # Any other values for parameter 1 must be individually examined.
    Arguments:
    Arg1: 00005003, The subtype of the bugcheck.
    Arg2: c0402000
    Arg3: 00003185
    Arg4: 0352add8

    Debugging Details:
    ------------------


    BUGCHECK_STR: 0x1a_5003

    DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

    PROCESS_NAME: ekrn.exe

    CURRENT_IRQL: 0

    LAST_CONTROL_TRANSFER: from 81c87402 to 81ccb6d9

    STACK_TEXT:
    a4d82cac 81c87402 0000001a 00005003 c0402000 nt!KeBugCheckEx+0x1e
    a4d82ce4 81c820d7 c002a2e4 83b10a40 00000000 nt!MiAllocateWsle+0x7d
    a4d82d4c 81c6aae4 00000001 0a8b9000 00000001 nt!MmAccessFault+0x16e2
    a4d82d4c 76fd8a73 00000001 0a8b9000 00000001 nt!KiTrap0E+0xdc
    WARNING: Frame IP not in any known module. Following frames may be wrong.
    0610d4f0 00000000 00000000 00000000 00000000 0x76fd8a73


    STACK_COMMAND: kb

    FOLLOWUP_IP:
    nt!MiAllocateWsle+7d
    81c87402 cc int 3

    SYMBOL_STACK_INDEX: 1

    SYMBOL_NAME: nt!MiAllocateWsle+7d

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: nt

    DEBUG_FLR_IMAGE_TIMESTAMP: 4812bd66

    IMAGE_NAME: memory_corruption

    FAILURE_BUCKET_ID: 0x1a_5003_nt!MiAllocateWsle+7d

    BUCKET_ID: 0x1a_5003_nt!MiAllocateWsle+7d

    Followup: MachineOwner
    ---------

    0: kd>
     
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Burn a Memtest+ cd and boot to that to check the system memory. http://www.memtest.org/

    Odds are when you initiate a full system scan you are hitting sections of ram that are bad which causes your OS to crash due to ekrn.exe being loaded as a system driver.
     
  3. RDX

    RDX Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    2

    Thanks for your reply. Unfortunately, Memtest came back negative.

    Something I noticed mind, although it causes a BSOD on "In-depth", it will complete a Smart Scan with no issues and resident protection works fine.

    I have put my spare RAM in the system for the time being. Will run another "In-depth" scan shortly and see if it has made any difference.
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    The differences between a in-depth scan and a smart scan are scanning archives and email stores (assuming you didn't modify the default settings). This could be some sort of very odd conflict when hitting one of those types of files. Try running on "Log all objects" while running the scan so you can track down where it was when it crashed.
     
  5. element119

    element119 Registered Member

    Joined:
    Jul 14, 2008
    Posts:
    72
    are you running the newest version of eset?
     
  6. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    I had a same problem in a customer PC

    Soln i used was,

    1. Disable system cache is Bios,

    if does not works

    2. Change the RAM and Check

    it worked when i changed the RAM
     
Thread Status:
Not open for further replies.