Virus Scan Keeps Freezing

Discussion in 'ESET NOD32 Antivirus' started by SlapnutSkits, Jan 14, 2008.

Thread Status:
Not open for further replies.
  1. SlapnutSkits

    SlapnutSkits Registered Member

    Joined:
    Jan 14, 2008
    Posts:
    5
    Right, here's the deal. Yesterday I installed NOD32 v3 and updated it until it was up to date. I ran a virus scan but it froze at 67% while scanning a Firefox plugins folder.

    I attempted to scan again today but it froze again at 67% while scanning a different folder (can't remember which one).

    When it freezes, my computer speed drops dramatically so I am unable to use it. I have to turn it off my the power button which obviously shouldn't be done.

    Why is the virus scan freezing and how can I stop it?

    Any help would be appreciated,
    Cheers.
     
  2. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    The freezing issue has been noticed by a few people on the forums. I'm sure ESET are aware of it and are working on a fix.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does disabling advanced heuristics make a difference?
     
  4. SlapnutSkits

    SlapnutSkits Registered Member

    Joined:
    Jan 14, 2008
    Posts:
    5
    I'm a bit of an idiot when it comes to Antivirus'. Could you elaborate?
     
  5. MaVRiC

    MaVRiC Registered Member

    Joined:
    Dec 7, 2007
    Posts:
    25
    Same issue here, only way the scan will complete is with both heuristics and advanced heuristics disabled.

    SlapnutSkits instead of powering down, open task manager (ctrl alt del) end the application then go in and kill the ekrnl process, the process will automatically start again, but you will have to restart the gui through start menu. Then you have to delete the 1.6gig temp file in windows/temp.
     
  6. SlapnutSkits

    SlapnutSkits Registered Member

    Joined:
    Jan 14, 2008
    Posts:
    5
    Thanks for the reply. However, I have no idea what this ekrnl process or the gui you are talking about is o_O
     
  7. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    GUI means graphical user interface. Put it simple open up NOD32. Press ctrl-alt-del at the same time and that brings up your task manager. Find the ekrnl process and high light it. Then click end process.
     
  8. SlapnutSkits

    SlapnutSkits Registered Member

    Joined:
    Jan 14, 2008
    Posts:
    5
    Right OK. Does this solve the problem of the scan freezing then?
     
  9. Chalawah

    Chalawah Registered Member

    Joined:
    Jul 26, 2005
    Posts:
    75
    Location:
    Australia
    I have a similar problem with scans freezing on the Firefox plug ins folder.

    NOD32 v3.0.621.0
    Virus signature database: 2791 [200880114
    Update module: 1019 [20071030]
    Antivirus and antispyware scanner module: 1102 [20080103]
    Advanced heuristic module: 1068 [20071119]
    Archive support module: 1069 [20080113]
    Cleaner module: 1024 [20071217]

    Firefox 2.0.0.11

    Firefox Extensions:

    AI Roboform Toolbar for Firefox 6.9.85
    British English Dictionary 1.19
    Copernic Desktop Search 2 Toolbar 2.0.0.2280
    CustomizeGoogle 0.69
    NoScript 1.2.9
    Orbit Downloader Firefox Integration 1.05
    RefControl .0.8.9
    Yahoo! Mail Notifier 1.0.0.3

    Firefox Themes:

    Default
    Noia 2.0[eXtreme] 3.371............in use

    Windows XP Home SP2 fully updated, 1GB memory, Athlon 2800+

    As soon as a manual scan gets to the Firefox pluggin folder the scan appears to stall according to the GUI, with no progress being made. CPU for ekrn.exe is 9% at the most and for egui.exe 15.15% at the most.

    I find that if I click on the button to 'Stop' the scan the Target info changes from:

    C:\Program Files\Mozilla Firefox\plugins

    to:

    C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll

    After clicking the Stop as above I am waiting for the scan to complete for many minutes, with both the Stop and Pause buttons greyed out. 3-4 minutes went by before the was finally given as 'Scan interrupted by user'

    If I navigate a Custom Scan directly to C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll I don't get any scan progress being shown. CPU usage CPU for ekrn.exe is 9% at the most and for egui.exe 15.15% at the most. The scan doesn't progress at all. Clicking on the Stop button to stop the scan and scan termination took 10 minutes.

    The MD5 for npdivx32.dll is: 56E18C09654020009012A53FD332D397

    I have DivX for Windows, DivX Pro, DivX Converter, DivX MPEG-2 Plugin showing as 'registered on the system'. These were installed by the latest DivX 6.8.0.30 bundle.

    If I run a custom scan of the C:\Program Files\Mozilla Firefox\plugins\ but exclude npdivx32.dll I can get the scan to run and complete in a couple of minutes. I however don't get any scan progress showing in the GUI

    Here is a copy of the scan log file when npdivx32.dll was excluded:

    15/01/2008 6:23:22 PM Operating memory;C:\Program Files\Mozilla Firefox\plugins\Microsoft.VC80.CRT\;C:\Program Files\Mozilla Firefox\plugins\npdivx32.xpt;C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll;C:\Program Files\Mozilla Firefox\plugins\npnul32.dll;C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL;C:\Program Files\Mozilla Firefox\plugins\nppdf32.DEU;C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll;C:\Program Files\Mozilla Firefox\plugins\nppdf32.FRA;C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll;C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll;C:\Program Files\Mozilla Firefox\plugins\npUpload.xpt;C:\Program Files\Mozilla Firefox\plugins\nsIDivxPlayerPlugin.xp 492 0 0 Completed

    These scans were completed with advanced heuristics turned on.

    With advanced heuristics turned off I can not get a scan of npdivx32.dll to complete. The scan doesn't progress at all. Clicking on the Stop button to stop the scan and scan termination didn't happen at until 19 minutes and 9 seconds.

    Opening the \Windows\Temp folder shows two .tmp files belonging to NODDBD4.tmp and NODDBD7.tmp at 1.69GB and 885MB respectively.

    Hope this information helps

    I'd be interested in reading any feedback.

    Thanks in advance for your time...I really value it.
     
  10. heyman

    heyman Registered Member

    Joined:
    Jan 14, 2008
    Posts:
    2
    Chalawah...

    This ..>>ekrn.exe is the problem<< ....well for me it was.. this exe..slowed to stopped PC from functioning?..ONCE I uninstalled it and then deleted all files and folder, using uninstaller 2008......

    Then as a precaution you have to delete WHATEVER you have in temp file in C:\Documents and Settings\Administrator\Local Settings\Temp...or Windows/temp........If you can..use Historykill 2006-7 IF you can get your hands on it..THIS is an excellent program to use to delete Temp files in your PC....:)

    I rebooted... in safe mode...... and deleted ekrn.exe ....
    NOW I am able to surf and download and surf with multiply windows open..previously...NO WAY!

    I hope this works for you as it did for me...otherwise, keep looking in forum for clues:D
     
  11. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    ekrn.exe is part of NOD32...
    So I guess you changed to another AV?
     
  12. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    I'm experiencing big delays on some folders and files too. Especially on folders with big zipped self-extracting archives, or setup.exe/.cab files, or older .exe files (like old games). Just right after I go into a directory with such files erkln.exe process starts to use 60-99% of CPU and hangs all other processes for couple of minutes. All .exe icons at that moment is blue/white window. After NOD32 finished the scan normal icons begin to appear.

    Disabling NOD32 resident scanner completely solves the problem.

    I'm using 3.0.621. I _think_ this was not an issue in earlier versions.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Do you use default program settings?
     
  14. Gribus

    Gribus Registered Member

    Joined:
    Jan 13, 2008
    Posts:
    6
    Dear Marcos

    I have the same problems ... it was never like this untill update 2786 popped up in the middle of watching a divx movie online....

    https://www.wilderssecurity.com/showthread.php?t=197357

    Before that update I never had any problems with the program ( V2.7 )

    Ciao !
    Gribus
     
  15. SlapnutSkits

    SlapnutSkits Registered Member

    Joined:
    Jan 14, 2008
    Posts:
    5
    I'm a bit of an idiot, so could somebody please talk me step by step on how to stop my problem?

    Cheers.
     
  16. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    The archive support module was updated today. Check to see if this fixes your problem. If not, remove the check for 'Advanced Heuristics' for the 'On-demand computer scan' as follows:

    1. Click on 'Computer Scan' on the left margin.
    2. Click on 'Scan setup'
    3. Click on 'Setup' button to the right of 'Threatsense engine parameter setup'
    4. Click on 'Options' and remove the check for 'Advanced heuristics'
     
  17. Chalawah

    Chalawah Registered Member

    Joined:
    Jul 26, 2005
    Posts:
    75
    Location:
    Australia
    Latest NOD32 Installed Components have resolved this issue for me. Thank you Eset team for your time and energy on this matter:

    NOD32 v3.0.621.0
    Virus signature database: 2794 [200880115]
    Update module: 1019 [20071030]
    Antivirus and antispyware scanner module: 1102 [20080103]
    Advanced heuristic module: 1068 [20071119]
    Archive support module: 1067 [20080115]
    Cleaner module: 1024 [20071217]
     
  18. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Sadly, the new archive module haven't helped.

    I'm using non-default settings. Can I upload configuration XML here or send you personaly?
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can send a customer care query using the integrated form and enclose this thread's url in the description field. Your configuration will be attached to the email we will receive. Before you submit a query, please make sure that advanced heuristics and runtime packers are disabled in the real-time protection setup (leave them enabled only for newly created/modified files).
     
  20. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Disabling AH and runtime packers in real-time protection helped. But why I can't use the feature that exist o_O
     
  21. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Enabling AH and runtime packers on access will siginificantly slow down the performance, hence it's enabled only for newly created/modified files by default.
     
  22. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    Well I can expect performance slow down. But should it take 30-40 minutes to scan one .exe file on 2ghz core 2 duo, 1gb of ram and gigabit network machine? This is unacceptable in my opinion.
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Well, it's likely if it's an installer or sfx archive with tons of embedded executables or dll's. Is the file in question downloadable from the web or could you send it by email?
     
  24. ProTON

    ProTON Registered Member

    Joined:
    May 18, 2006
    Posts:
    62
    But it worked well in version 2.7. I had AH and runtime packers on run-time scan enabled there too.
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    V2 doesn't have an option for using AH and runtime packers upon file access.
     
Thread Status:
Not open for further replies.