BOClean 4.21 released

Discussion in 'other anti-trojan software' started by Nancy_McAleavey, Feb 27, 2006.

Thread Status:
Not open for further replies.
  1. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    You wouldn't see it in Task Manager (it's a driver, not a process--that is, a SYS file, not an EXE file).

    The easiest way is as follows:

    (I believe you need to be logged on as a member of the Administrators group to do this, though Power Users might work as well.)

    1. Open Device Manager.

    2. Click View > Show hidden devices

    3. Expand the Non-Plug and Play Drivers list.

    4. An entry named BOClean Kernel Monitor. should appear. (The period is not a typo on my part. :))

    5. ...

    (A) If BOClean Kernel Monitor. isn't there, the BOClean Kernel Monitor driver isn't installed.
    (B) If BOClean Kernel Monitor. is there, double click the entry, then click the Driver tab. It should say that the Status is Started.
     
  2. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks for the heads up nameless. I initially thought you were speaking of the Bocore file, which I noticed under the processes tab last night.

    I will double check it later and let you know my findings/results.

    Thanks. :)
     
  3. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Alternatively, run msinfo32.exe and select software environment=> system drivers and look for bocdrive BOClean Kernel Monitor.
     
  4. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    How long is it taking everyone to receive the new version? I requested it yesterday afternoon and am still waiting; requested it again a few hours ago ... o_O

    Acadia
     
  5. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    same here,
    waiting, waiting, waiting
     
  6. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    A big thanks from me to nameless regarding the BOClean Kernel Monitor. I checked when I got home, and I stand corrected. It was not working on my initial version either.

    After upgrading to the new version, it is indeed there. :)

    Thanks again.

    So Blackcat, you might want to install the new version after all. :D
     
  7. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    I'll post this as a new message as well, but given the questions raised here, will add it to this thread as well so as to cure the confusion ...

    A FIX BUILD of BOClean 4.21 has just been released - this "fix build" addresses two problems in the original release. New copies of the "002" began delivery a few minutes ago.

    The first problem required replacement of the BOClean DLL file to solve a problem on some machines where bootup time was excessive and caused BOClean's DLL to load before its kernel driver had been loaded, resulting in it being unloaded by the system. This resulted in 100% CPU and lockups under certain conditions. In addition to a new DLL, we reverted to the original kernel driver. The second problem involves a bug in the BOCEXC.EXE "excluder" module which would write out its data to a BOC420.DAT file instead of the correct BOC421.DAT file, making exclusions impossible. Finally because of complaints that the unaffected BOCLEAN program file itself was not changed to reflect changes to other modules, the BOC421.EXE file was retagged as 4.20.002 even though no changes were ever made to that file. Synopsis of files are as follows:

    BOCDRIVE.SYS 8,477 05-01-05 3:22a (reverted to original)
    BOC4UPD .EXE 46,592 02-25-06 6:46a (no changes)
    BOC421 .XVU 200,951 02-27-06 11:35a (no changes)
    BOSETUP .EXE 159,744 02-27-06 8:48p (no changes)
    BOCORE .EXE 69,632 02-27-06 3:00p (no changes)
    BOCLEAN .DLL 81,920 03-01-06 1:17a (fixed kernel loader time in 001)
    BOCEXC .EXE 118,784 03-01-06 8:53p (fixed incorrect 420 with 421)
    BOC421 .EXE 196,096 03-01-06 9:09p (changed version number only)

    On the first replacement, we automatically resent the files to all who had received the earlier file. We are not going to do so this time - you will need to request the upgrade again. This is necessitated by some rather nasty people who put in "spamming complaints" against us for trying to do the right thing. "No good deed goes unpunished." Therefore, there will be no automatic resends except to our corporate/governmental/institutional customers who have already received their replacements.
     
  8. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    Since installing BOClean, I've been having freezes in applications that I've used for quite awhile without any trouble. Looks like I'm outta here once again...
     
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks for the heads up Kevin. I just sent you guys another e-mail request for an upgrade.
     
  10. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    We're currently 36 hours behind right now owing to the two stoppages in delivery whilst we sorted out the early reports of problems, and then the one involving the excluder being the wrong build. As of 10PM US Eastern upstate New York time, our remaining folks continued to send out the fixed "4.21.002" build until their shift ended at 2AM (GMT -5000) ... budgetting limitations precluded a third shift or that would have forced us to go "subscription" to cover the costs, something we STILL really don't want to be forced into doing for all these freebies. So our "day shift" will pick up the "catch up" in about another hour or so from this post and try to get back under the 24 hour potential maximum we'd warned of in our notice.

    Had it not been for the need to pull the cord on delivery to ensure that once we found out there were some problems that others would not receive a defective copy, then we wouldn't have fallen so far behind as we are at the moment. Rigorous testing and retesting of all of the "personal version" copies of BOClean now has me personally confident that there will not be any MORE "re-releases" ... we're QUITE solid now and will now endeavour to catch back up to no more than an hour or two behind the request by Sunday ...

    But the "clog" has already been removed - my personal apologies - whilst there were apparent problems, didn't want to make it WORSE, so I ordered the stoppage of delivery until we had it right.
     
  11. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    :thumb:

    Acadia
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Good work Kevin!!:thumb: :thumb: :D :D
     
  13. sandokan

    sandokan Registered Member

    Joined:
    May 14, 2004
    Posts:
    112
    Thanks much Kevin. I got my copy today and will install it after making an image of my system drive. Will report later on how it went. Thanks again.
     
  14. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    I am running BOClean v4.21.002 on Win98 SE. Can anyone tell me if "BOCore.exe" should be present in Software Environment>Running Tasks in the Microsoft System Information Utility? The reason that I ask is because the above entry appears as a running process in task manager under WinXP SP2 but not under Win98. Any help would be greatly appreciated.


    Peace & Love,

    CogitoErgoSum
     
  15. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    I was one of the folks that had the CPU loop/hang on the "original" BOClean V2.1 release.

    I am pleased to say that, as promised, the friendly folks at NSCLEAN E-mailed the new/improved V2.1; I just installed it, it works/runs GREAT on my system with no problems!!!

    Hats off to Trooper, nsclean, and all the others that worked to solve issues with the new BOClean release in a timely manor.
     
  16. sandokan

    sandokan Registered Member

    Joined:
    May 14, 2004
    Posts:
    112
    Happy to report back that installation was a breeze and the previous symptoms are gone. After installation (which I did after exiting all other security apps that run real time), I rebooted and it was just perfect. BOCORE.exe behaves great, and there is no process hogging at all.

    Thank you Kevin for a job well done and in such a timely fashion.
     
  17. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    I'll second that. ;)

    I'll wait til this weekend to make my request. :)
     
  18. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    I don't see BOCore.exe in Process Explorer, running ME. I've removed msinfo from my system. Not sure where else to look...
     

    Attached Files:

  19. Kevin McAleavey

    Kevin McAleavey Security Expert

    Joined:
    Dec 8, 2003
    Posts:
    376
    Location:
    Upstate New York
    Howdy all, and thanks once again for the kind words! There's still some of us left who actually care if things work. :)

    Not sure if it was you or someone else who IM'd me over Win98 and the BOCORE component - so I'll repeat my reply out here in public since there's no need for BOCORE or the BOCDRIVE items in Win95/98/ME since they can't perform the "NTFS hide and seek shuffle."

    Here's the explanation:

    Greetings and sorry for the wait - forums have to come last right now. BOCORE and the BOCDRIVE.SYS files are necessary ONLY on NT/2000/XP because there is "security" on those systems which allow things to be hidden "for real" and thus it's necessary for us to have a foot in the kernel to ensure that we can see everything that is going on.

    Such isn't necessary for 95/98/ME simply because there is no security in the FAT32 file system. The functions which require BOCORE and BOCDRIVE are in the BOCLEAN.DLL which can find everything even in spite of "rootkit" like VXD's since the registry cannot have entries "turned off" nor can the file system if you reach down directly into "ring zero" as we do when the system in question is 95/98/ME. So it wasn't necessary to build a kernel driver for the older legacy systems as there's no real place for things to hide. The "pseudo-rootkits" for the 9x versions can hide things from Windows file explorer, but if you reach into the kernel for data, even "hidden" stuff can be made to appear without difficulty.

    But no, no need for those functions, and the code isn't compatible with 95/98/ME anyway and thus they're not loaded at all in a 9x environment. Hope this helps ...


    So bottom line is you won't see either BOCORE nor the BOCDRIVE on 95, 98 or ME - no need for it. The DLL can "see" everything as it is ...
     
  20. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Kevin,

    Thank you very much for addressing the concerns of Win98/ME users who rely upon the latest version of BOClean.


    Peace & Love,

    CogitoErgoSum
     
  21. Elwood

    Elwood Registered Member

    Joined:
    Sep 12, 2005
    Posts:
    205
    Location:
    Mis'sippi
    Thanks for the great explanation, Kevin. :)
     
  22. daniel952

    daniel952 Registered Member

    Joined:
    Jul 30, 2004
    Posts:
    71
    I had no problem installing the program on Admin account. In Limited User Account, the icon does not appear in the SysTray, and in 'All Programs', the application icons are not correct/the files won't open. Also in LUA, the files in the Boclean directory are encrypted. Could that be the problem? No exe in TaskManager under WinXP Limited User Account.
    I've already emailed Boclean Support, but I feel sure the problem is somehow due to my setup or permissions.
     
    Last edited: Mar 3, 2006
  23. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Daniel Im pretty positive you need admin to install BOClean. As for running it as a limited user, I am not sure. Sorry. :doubt:
     
  24. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,325
    Location:
    US
    Well done Kevin! I've never seen such low CPU spikes before on both mine and my wife's machines; almost non-existent! :cool:

    Acadia
     
  25. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,238
    Location:
    Sydney, Australia
    thanks to nsclean again
    everything peachy here. :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.