BoClean 4.10

Discussion in 'other anti-trojan software' started by dom424, Jun 26, 2002.

Thread Status:
Not open for further replies.
  1. dom424

    dom424 Guest

    Just got my new update emailed to me. Only problem after it is installed my computer will not boot up. After log in BoClean does it scan and then it just stops. After doing a Ctrl-Alt-Delete it tells me Explorer is not responding. Did a GoBack and tried again but the same thing. After 1 more GoBack I went back to 4.09. Anyone else have this happen? I am using Windows Me.
     
  2. Phazor

    Phazor Registered Member

    Joined:
    Jun 27, 2002
    Posts:
    111
    Dom,

    Have this same problem also. Deleted it and went back to 4.09. If you hear anything let me know.

    Phazor
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    The same thing happened to me, and I dropped Kevin a line.

    It turns out that if you uninstall 4.09 first, 4.10 will install without a prob.

    However, I now am unable to start up Outlook Express (5.5 SP2/Win98 SE).

    When I fired up Outlook Express (5.5 SP2) with the intention of thanking Kevin for his swift reply, it just wouldn't start.
    I waited for 15 seconds, and tried again, and again, ending up with 6 instances of Msimn in active tasks, but no Outlook Express in sight.

    I ended task on them all, shut down BOClean, and tried again, and sure enough, OE came right up'.

    I'd be interested to hear whether anyone else is experiencing this, and will post here myself , as soon as I get a reply from NSClean support.

    Cheers, Tony
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    OK, I got a reply from Kevin lightning fast, as always:

    "Run BOClean. In the BOClean configuration screen, if you look down towards the lower right corner, there's a checkbox there marked "Fasthook" ...
    If you UNcheck that and then reboot, Outbreak should come up working ... we did see a couple of circumstances where this has happened and what it is is MSIMN is being hooked by an antivirus that won't allow BOClean at the program, but BOClean has halted it and is waiting for access to it. UNchecking the "Fasthook" will cause BOClean not to do that."

    And of course he was right! :)
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    ..unfortunately, this does not work for all. Copy and paste from PSC:

    Those encountering problems after going to suggestions made earlier on, are advized to drop PSC an email.

    regards.

    paul
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Coming with the NEW corrected BOClean v4.10:

    regards.

    paul
     
  7. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    I have installed BOClean 4.10 and it is running fine. I installed over version 4.09, i.e. w/o uninstalling version 4.09. Prior to installation, I shut down programs and services, except Explorer and Systray. Has anyone else installed it this way with success?
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi octogen,

    Guess you have been lucky :D. Nevertheless, it's recommended to install the new version accordingly to the instructions from PSC, in order to avoid problems ;)
     
  9. Fred_T

    Fred_T Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    12
    My advice, especially if you're running Outlook Express, is don't mess with v4.10 until the "Big Boys & Girls" say it's alright.

    I've been agonizing over it for two days as amply described here and in the GRC forum. Notwithstanding that v4.10 has a couple of great new features, save yourself a lot of grief...stick with v4.09 for the time being.

    "Fasthook" Fredinho
     
  10. Fred_T

    Fred_T Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    12
    Oops...Sorry. My advice is intended ONLY for users like me who are at the bottom of the PC food chain!

    Fredinho
     
  11. FanJ

    FanJ Guest

    Well, I tried it too .....

    Problems with Fasthook and problems without Fasthook.
    So it was Fast removed from my system.....
     
  12. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    Hmmm, there seems to be some work to do yet, at NSCLean... :rolleyes:

    For my part, I can only say that, after disabling Fasthook, I have no problems with the new version.
     
  13. FanJ

    FanJ Guest

    https://grc.com/x/news.exe?cmd=article&group=grc.security.software&item=64647&utag=

    And there are other postings at GRC.security.software with this subject:
    Re: BOClean 4.10 and fasthook
     
  14. FanJ

    FanJ Guest

  15. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    New software releases often have problems - it's impossible to test EVERY system configuration possibility out there.

    I'm happy that the code is at least IN there, and I have NO doubt that Kevin will get these problems some people have been having fixed soon.

    -javacool
     
  16. FanJ

    FanJ Guest

    The following is a quote from Kevin over at GRC:

    https://grc.com/x/news.exe?cmd=article&group=grc.security.software&item=64920&utag=

    [hr]
    Yes, there have been a few (60 so far) problems reported with BOClean
    4.10 going in without a prior uninstall of 4.09 (or an uninstall of 4.10
    which accomplishes same removal from registry of old entries and early
    startups) when either Kerio, ZoneAlarm or Sygate is present on Win98SE
    boxes ... I'm still trying to get to the bottom of it and am still here
    beating my head against the wall. The problem sounds like the "Fasthook"
    is activated somehow, and after the first day we saw that a few people
    were having problems with an associated DLL included with BOClean that
    provides the "Fasthook" services and defaulted it to "off" ... the
    "standard hook" works if this is turned off and doesn't seem to run afoul
    of the firewall's system hooks. What we have going on though is
    "contention" where the firewall locks down and backing off BOClean solves
    it for now, long enough for me to continue to work on why the deadlock is
    occurring at all on Win98 and ME. Under NT, Win2000 and XP, all works
    famously. If the three mentioned firewalls aren't there (using either no
    firewall or something else) no problem either. For many, still no problem.

    What we did determine though is if any remains of BOClean 4.09 are still
    installed, BOClean 4.10 needs to load AFTER Explorer comes up. Because of
    this, we relocated the startups from one location in the registry where
    4.09 started up earlier than anything else in the past to a new location
    where it starts after Explorer. What's most likely is that since you
    didn't uninstall 4.09 (I inadvertently neglected to mention the need for
    the uninstall of 4.09 in the emails that went out the first day and
    adjusted the SETUP program to take care of it as of the second day of
    release) that original "early start" key may have still been there and
    triggered the whole thing. When you uninstalled (assuming that you
    received yours after 4pm on the 27th) that would have corrected it as well
    since the uninstall mode would have cleared the registry entries in the
    4.10 setup as well. That's my guess.

    One of the reasons why I've been "invisible" the last few days is I'm
    still struggling to pinpoint the cause - wasted a lot of time checking out
    how the various firewalls worked only to discover yesterday that it isn't
    the firewalls causing the problem - they're contributing to it by the way
    they use VXD's to hook Win9X/ME, but the problem has been determined to be
    the Microsoft Visual Studio DOTNET 7.0 that we had to use to build that
    DLL. There's a bug in the compiler itself which favors properly working
    code on NT/2000/XP and does subtle hoses for 95/98 and ME. Something in
    there isn't right and I've been struggling to find out where the problem
    is and work around it. The REST of BOClean (aside from the Fasthook DLL)
    is written in Borland and that's what we've always built our stuff with.
    The DLL unfortunately needs to access pieces of the Windows kernel that
    aren't documented and so we're stuck at the moment.

    Bottom line though, turn off "Fasthook" and BOClean falls back on its
    traditional hook which doesn't require that pesky DLL where a problem
    arises. As soon as I get a working compile out of Microsoft's compiler,
    and we can test it, I'll provide everybody the fix. Been at it all weekend
    and am still banging my head against the wall. What's more frustrating
    than anything is we handed out 4.10 prior to release to just over 450
    folks, and only one ran into any problems. I made the mistake of assuming
    that to be a fluke. Yow. :)

    Anyhoo, a reload SHOULD get you past the problem you had the first
    go-round - that was the old 4.09's entrails that probably caused that.
    Just make sure since you did run into the lockup that you install, then
    instead of rebooting as you are told, RUN BOClean as soon as it's been
    installed (instead of rebooting), doubleclick on the traybar icon, select
    "Configure BOClean" and when the configuration screen comes up, make SURE
    that the small checkbox in the lower right corner marked "Fasthook" is
    *NOT* checked. Uncheck it if it is. Then you should be OK until we get the
    DLL replaced.

    My apologies ... we test the hell out of everything we make before
    letting it go. This has been an even more unpleasant surprise for me.
    That'll learn me to use Microsoft's latest to design a piece of our stuff.

    For everyone else, be happy to provide chapter and verse on this once I
    get the problem solved. I've received a number of emails from folks with
    questions about how our web page is laid out and more esoteric questions
    from "which firewall is better than another" and so on. For now, I'm only
    answering email from people that are having problems that need immediate
    attention. Answering emails and dropping by here is time spent away from
    working on the code and checking out nasties. Once I come up for air, I'll
    get to those as well as time permits. Hope this helps for now ... it's
    been a hell of a week. :)
     
  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    The culprit:

    I do wish PSC all the best in working this out, redesigning BOCLean, and providing an "all working copy" to their users.

    regards,

    paul
     
Thread Status:
Not open for further replies.