📜 ⬆️ ⬇️

Hello ... - the new NOD

Nothing foreshadowed trouble. And the call to technical support at 17:20 msk “my computer was frozen, I can not print the report” did not seem out of the ordinary. Well, yes - it is frozen, more precisely - the system “slows down” so that even the Task Manager refuses to start. I sent the car to reboot, I went out - and I came across a support in the corridor that describes a practically similar problem for another person.
Here in my head the alarm bell rang ...

And having returned to the “headquarters”, it turned out that during that time several more people had collided with the same baddy guy. Yes, and on the machine itself the support hung obscene message "ekrn.exe bla-bla-bla memory can't be written".
Looked at the logs of the machines. Swearing is everywhere, but diverse - then tcpip swears at too many messages, then mrxsmb yells that it cannot find the master browser, then something else.
At this point, user complaints seem to have stopped. To clear my conscience I checked the switches, looked at the network load, read the IDS logs. All in general, within the normal range.
Well, I think - either a virus attack by some mutant, not by night, be it confused, or anyone worse, or the antivirus itself sucked on something and decided to have some fun. I drove a few tests - everything seems to be quiet. Okay.

And then, around half past seven in the evening, the “second wave” went. The car started to hang, even ICQ fell off. At the same time, a colleague complained - “everything is hanging, I'll go to reboot”. It became naturally scary - okay, evening, nobody is there, but if such a whistle begins in the morning?
And now I climb on the ESET forum - and stumble upon similar complaints and a loud mate. And just below - and to the support answer - “the problem is known, we solve”.

In general, in order not to chase the reader through all the circles of hell, we will immediately issue the results.
The next update of the popular NOD32 antivirus in some cases leads to system hang-up, and both workstations and servers.
5416 - normal, fair update.
5417 - contains a hidden error.
5418 - this error "opens" and leads to problems.
5419 - according to ESET'ovtsev, eliminates the problem, but not immediately, but after 1-2 reboots. However, it seems that there is an urgently written wonder utility that solves the problem without rebooting.
At the same time, it is said that those lucky ones who update immediately from 5416 to 5419 will not notice anything.

Summing up - I want to note that I am against the incitement of holivors like "the best antivirus is the one that I use, and all the rest are bad." I am writing this so that tomorrow (or today) those administrators who step on this rake do not repeat my throwing and immediately know who is to blame and what they should do.

PS Sorry for the style, time later, and the day was hard.

Source: https://habr.com/ru/post/103405/

All Articles