BOClean 4.21 released

Just got the following in an email from Kevin.

"Our apologies for the delay - when we discovered a few people were having this problem, we stopped distribution until we could figure out what the problem was and fix it. Turns out that the DLL for BOClean was expecting the service to be running and on some systems, it was delayed longer than expected. We've since redone the DLL so that it would check to ensure that the service was actually started and ready and that fixes the problem.

Our folks upstairs are starting to resend BOClean again with the fix for this situation - should be to you later this morning. Our apologies for this unexpected problem - despite all of our testing prior to release, noboy among our testers encountered this."

So looks like there really was a problem and has been fixed.

 

Apologies for the delay - when we discovered a few people were having this problem, we stopped distribution until we could figure out what the problem was and fix it. Turns out that the DLL for BOClean was expecting the service to be running by the time one logged in and on some systems, it was delayed longer than expected. We've since redone the DLL so that it will wait longer if necessary to ensure that the service was actually started and ready and that fixes the problem.

We've also reverted to the earlier 4.20 kernel driver which was a bit more aggressive about its place in the limited feeding trough of the kernel as only eight pigs can suckle at the kernel even after all these many versions of Windows! That's it! One would think in this wonderful world of 32 and 64 bits that 8 bits is a bit passe. Not for Billy.

Kernel drivers are supposed to do their thing, let go of the steering wheel and let someone else have at it after getting what they require. Some unfortunately don't and retain that hold even when it's no longer required. So we've given them the boot for our turn, and then let them have back in. There's no downside to any of this as the major change in BOClean from 4.20 to 4.21 is the new BOCORE component and some minor changes to the exe itself. The fix involves one change to the DLL and reverting to the earlier kernel driver. BOClean itself remains unchanged so the version number and date stamps will remain the same on everything else.

Just so folks know how it works with us, our highest priority is doing the malware and getting the updates out as required. That comes before anything else. Next priority is email and dealing with folks who require support. After that comes work on the next versions of our various products and other necessities of keeping things in order on our end. Coming out to visit the forums is at the bottom of the priority pile simply because there are too many of them to visit, and there just isn't the time to give the quality of answers as compared to the individual care we provide in email for specific situations.

Sadly, it is rare when two people have exactly the same problem even if it may appear so to many. What I solve for one person may make things worse for another which is why I encourage anyone with a problem to come to us directly. As some may have noted, this time around, it wasn't NOD32 or Kaspersky or even Norton at fault, it was ME! Heh. And of course, what worked last time probably won't this time and so the advice on forums isn't necessarily the answer as this situation demonstrated. It's not like I don't enjoy hanging out with everybody here, it's just that time to do so is difficult to come by, especially when things are as busy as they are on our end right now.

We have already replaced the files at Digital River once we solved the problem around 1AM US Eastern time. So if you have the "Extended Download Service" or just bought BOClean, you can go back to the download section with your purchase information and download the repaired copy right now. For those who do NOT have the "extended download service" our office folks will be back in here at 10AM US Eastern time whereupon we will resume sending out copies. We sent them home early yesterday and stopped sending files until we could get to the bottom of the difficulties a few folks had (my count is 31 total) so that others wouldn't have to go through any torture. That's our job.

But this one was entirely my fault. We took the worst case delay in kernel device loading during prerelease testing, padded it by a bit more but it apparently still wasn't sufficient for some systems that are overloaded with bloaty things fighting each other at the kernel level. So we've joined in the fight and modified the DLL so that it will keep checking until it's given the keys to its own device driver. The reason for the CPU hang was that there's an event timer that was given a "null input." And when that happens, it sits there waiting for a signal that never comes. That's what went wobbly for a few people.

Fixed with MY apologies!

 

Thanks for your quick response on this Kevin. That second fix you sent me has everything all working tickety boo again.

 

You're MOST welcome ... there's still some of us out here who actually CARE if things work properly - one of the advantages of us little "mom and pop" software companies as opposed to the "big guys" who've got your money already and can afford to advertise their way to NEW suckers whilst flipping you off. In our realm, all it takes is one unhappy experience to ruin ten years of reputation. We like to avoid that.

Glad it was that easy once we figured out where the problem was.

 

I don't want to add to the e-mail requests by sending another but just to make sure have the e-mail upgrades started again
(just read this post) I am not in any hurry and realise the huge task this is but wondered if the e-mail ones have been sent as to date I haven't received anything (the e-mail I requested does permit the .zip files)

I have used extended downloads on other software and never needed it thus my reason for not applying when I purchased BOClean.
I am pleased the problem was found and things stopped in order to fix - that is good service.

 

If the original 4.21 seems to be working as expected with no apparent problems, I assume we do not need to request and download the new "fixed" 4.21?

 

Thanks for the kind words ... I don't know quite when they stopped sending them upstairs, it was sometime in the mid-afternoon US Eastern time at MY request once I got the phone call to come in early (still here) since I'm the head coder here. But as soon as I heard the groups were filling up with complaints, I yanked the cord and asked that files not be sent until we figured out what the problem was. Didn't get to the actual answer until around 1AM my time. It was decided to just send the folks here home at that time, paid for the whole day since it was obvious it would take a while.

So your copy request is probably up there, and will be sent out once folks start coming in around 10 US Eastern time. I know there's a backlog of several thousand requests, so it might not arrive until late afternoon or evening if you're towards the end of the queue. We've got about 750,000 individual folks to get copies to and we pulled the cord somewhere around 8,000 done. But at the same time, I think the backlog right now is only about 6,000 from what I can tell. We should be caught up by sunset our time.

The big determinant as to what we send is based primarily on known behaviors of certain ISP's as well as whether or not you're using Outhouse Express or Outbreak Pro (Microsoft's stuff where any attachment of ZIP or EXE gets eaten by a bear as "dangerous" while the scripting and buffer overflow viruses get put on the express track to your drive, heh) ... if it's an ISP likely to delete a "known format" or Outluck is in use, then we'll send you to our site to get a decoder and send and encrypted "001" file to get past the idjits at the door - if you're using Thunderbird, The BAT, Eudora, Poco or something sane and your ISP is also sane, then we can send a ZIP or EXE as requested.

BIG problem is getting the file actually to your door and our folks will choose EXE, ZIP or 001 unless you tell them that you've already gotten ZIP or EXE successfully recently or you've beaten Outhouse into submission so that it won't eat the file. Repeatedly resending the files over and over again to the same person gets tedious for us as well as you and thus the way we'll handle things based on that.

And yeah, that "extended download" is usually worthless but given the fact that we do the new versions for free (even if you have to go and download what DR says is the OLD version to get it) the "extended" is worth it as far as BOClean goes. I don't know how many years they support it (I think it's 3 but that's not my department) but it's very useful for going to the head of the line when there's a new version of BOClean at least. But you can't buy into it later (something we've been after them to provide) - gotta think of that up front.

BLACKCAT:

If it's working fine, then you're all set - but it wouldn't hurt to wait a few days or a week and THEN request the latest - ya never know when some other program will turn stupid and do what a few others have done in the latest version of "kernel wars" ... think Daffy Duck saying "mine! mine! ALL MINE!" and realize what caused the problems for the few.

For now though, we'd like to take care of the folks who need their upgrade and those who need the fix ... plenty of time for everybody else to let the desperate have their toys first, then you can get yours.

 

Thanks for all your hard work Kevin from product to service.

The advice you offered Blackcat is exactly the user I am. Again, thanks to all those who are cutting edge users (got to have the new toy now) and post here to many of us who are a little less savy about all the nuts and bolts.

 

Heh. I'm like that too ... been around the sun in orbit too many times to be a member of the "bleeding edge" ... them's the ones who have enough insurance and can afford to go see the doctor.

What's sad though from this end of it all is that we invite those who have had problems with the prior release to "beta test" the next release. And dammit! They get their "pre-toy" and it's all "hugs and kisses" ... everything "A-OK" and fat dumb and happy. So we release having fixed those previous weirdies to everyone's satisfaction and what happens? NEW weirdies that not a one of them ran into.

ARRRRRrrrrrrrgh! Heh.

But we cool now.

 

Just to update, I was one of those having 100% CPU issues with the initial version of 4.21 but just installed the newest version and my problems are now gone. Back in BOClean bliss now .

Top notch support as usual. My thanks to Kevin and his team!

 

Is bocore suppose to be in the running tasks?
It seems to me when I had the last version installed it was there, but now it isn't.

 

Yes. It is part of the new security measures

 

Hmm, anyone have any idea why it is not in my running tasks?
Like I said, in the last version it was there, not it isn't.

This is a XP SP2 system if that makes a difference.

 

Well, I got it working.
I have Process Guard and apparently it wasn't allowing bocore to install correctly, even with Learning Mode.
I had to disable protection and now it is working fine.

 

I was one of those individuals on the bleeding edge to have the latest new toy. Having the extended download service afforded me the luxury of installing BOClean within minutes of the announcement Monday night that a new version was out. It also meant I was one of the first to send emails to Kevin for help with the processor at 100%.

I'm pleased to admit that my issue has been resolved.

No one tops BOClean in personalized technical support. Many thanks to Kevin, Nancy, and the "people upstairs" for all their hard work.

Also (and a bit off-topic), thank you Kevin for your little witticisms that poke fun at Microsoft...Outhouse Express, Outbreak Pro, etc. I laughed out loud when I read them. I'm sure a sense of humor (no matter how sarcastic) is a necessity in your line of work.

 

Is the BOCDRIVE.SYS driver supossed to be visibly running? The only place I ever see it (besides the file itself in the BOClean install directory) is under HKLM\SYSTEM\ControlSet003\Services\BOCDRIVE. I never see it under CurrentControlSet.

This seems to have been a bug in the original 4.21.001 release, which was resolved in the second release of the same version/build.

 

I'd have to differ with this advice. I installed the original 4.21.001 release, and found that (as I inadvertently noted in my post above) the BOClean Kernel Monitor (BOCDRIVE.SYS) driver was never running, and thus, of course, not working at all. Nothing else seemed out of order--I didn't have the high-CPU-usage issue others described ... nothing.

It wasn't until I installed the second 4.21.001 release that the BOClean Kernel Monitor began working at all.

So, good thing I installed the latest version "just for the hell of it".

 

Of course, after installation of BOClean you have enabled ProcessGuard's protection, haven't you?

I have PG and a couple of other apps (mIRC for example) in the exclusion list of BOClean, and that has always helped me with possible conflicts, however when installing ANY trusted app I disable PG so I don't get asked if I allow the execution to take place.

 

Thanks for the updates Kevin. I did not have the CPU hang on my system, nor the problem that nameless has mentioned.

So I guess I fall into the category of Blackcat and will wait a bit before installing the newer updated version.

Many thanks to you for your quick response in correcting the matter tho.

Cheers.

 

To know if you have the problem or not, you'd have to specifically look for the BOClean Kernel Monitor in Device Manager or some other applicable place. It's a symptom-free problem.

 

Nameless, I had the same experience with the first version of 4.21.001 and BOClean Kernel Monitor.

If I read Kevins posts, my guess is that in the first version of 4.21.001 "BOClean Kernel Monitor" was removed; and added back in the second version of 4.21.001. (BOClean Kernel Monitor was in 4.20).

 

I think the driver was present in the first release of 4.21.001, but didn't install itself correctly. The driver file was there, and it seemed to set itself up in the registry immediately upon install, but wasn't there after the first reboot.

 

Ok, I stop guessing

 

Yes.
I'm getting old, but I'm not that far gone yet.

 

nameless - I will check it when I get home. I should be able to see it by looking in task manager at processes tho correct? If not, my apologies, it's been a long couple of days for me and Im fried.

Le me know. Either way, I will check when I get home and report back later this evening.

Cheers.