Online Armor + Unhackme problem.

Discussion in 'other anti-malware software' started by muf, Nov 13, 2005.

Thread Status:
Not open for further replies.
  1. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I am trying out Online Armor and also Unhackme. With both running it appears there is a problem. At least on my machine. When i double click the Unhackme tray icon a blank white box comes up in the middle of my screen called "main Form". Once i close this box Online Armor is terminated. If i right click the Unhackme tray icon and select CheckIt! nothing happens. It's as if it can't execute. If i close OA down and try it again then a messages comes up from Unhackme for a few seconds saying "That's allright no trojan found". So it would appear OA is stopping Unhackme from performing it's scan.

    I have closed down my other security apps and this problem stills persists. In the programs module of Online Armor i have allowed the Unhackme processes Unhackme.exe and Hackmon.exe

    My system is a Athlon 64 running 32 bit Windows XP SP2.
    Online Armor version 1.1.0.457

    Is there anyone else out there who is using OA with Unhackme on XP, and do you have the same problem. Any advise will be much appreciated.

    muf
     
    Last edited: Nov 13, 2005
  2. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Just tried another test. I tried to launch the Unhackme main interface through Start\Programs and it worked. So it appears this problem it related to launching Unhackme from the Unhackme system tray icon context menu. But only when OA is running.

    Edit: Also discovered it is stopping Unhackme from carrying out it's 1 minute poll of my system. If OA is running then Unhackme doesn't poll. I checked this by looking at the time it last polled which stayed the same for 10 minutes. Once i closed down OA the time showing last poll updated every minute as it should. So OA is definately stopping Unhackme's monitor.

    Still would like some help with solving this.

    muf
     
    Last edited: Nov 13, 2005
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Mike should be around shortly. He is pretty prompt.

    Pete
     
  4. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Hello muf,

    Unfortunately, I am experiencing the same problems as you are since I am concurrently running OA and UnHackMe as well. What I was able to determine that is causing all the problems is when OA's GUI(OnlineArmorUI.exe) is loaded at startup, is a running process and the OA icon appears in the system tray. Interestingly, it appears that OA's core application(OnlineArmor.exe) is not the culprit. Hopefully, we will hear what Mike has to say about this issue.


    Peace & Love,

    CogitoErgoSum
     
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I had this problem as well.. but it seems to be an artifact of something else. Even without OA installed, UnHackMe doesn't come up like it should when you double click the tray icon. Dmitry says he knows what it is, and is working on it :)

    I'd bet this has something to do with the injected DLLs.. the tray icon is probably calling the wrong thing when you double click on the tray icon.
     
    Last edited: Nov 13, 2005
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I also run Prevx 1, which alerts you to programs executing. I noticed that sometimes UnHackMe won't run, but at one point I had something that UnHackMe was detecting, and it kept detecting it every 30 seconds anyway.. I'm not sure exactly what the deal is, but it does keep working!

    Still a good find, though.. definitely let Dmitry know.
     
    Last edited: Nov 13, 2005
  7. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    muf,

    Despite RegRun Std. and UnHackMe both coming from Greatis, I acknowledge that these are two entirely different applications. Having said that, fortunately, RR continues to poll my system from minute-to-minute normally even with OA's GUI(OnlineArmorUI.exe) loaded.


    Peace & Love,

    CogitoErgoSum
     
  8. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Yes i concur. I noticed that Regrun was still polling. I checked as i wondered if Dmitry had Unhackme polling in the same way as does Regrun. Obviously not. Cheers for the replies everyone. Lets hope it gets resolved soon either by Mike(AO) or Dmitry(UHM) or both.

    muf
     
  9. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Guys,

    I'll get someone right onto it. Apologies for the delay but I am busy doing some onsite work for a bank at the moment, so I can't check wilders as often as I would like during the day.

    I still sneak onto the OA forums however :)


    Mike
     
  10. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    This is now fixed - it will be on automatic updates and available for download in an hour or two.

    Apologies for any inconvenience.


    Cheers


    Mike
     
  11. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Mike,

    Just downloaded and installed the update. Unhackme is working from the system tray icon and is polling with no problems.

    Many thanks for the fix. :)

    muf
     
  12. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Thanks Mike and OA crew for resolving the technical issues regarding UnHackMe and OA in the latest update. It works like a charm. Unfortunately, on the other hand, my WinXP SP2 pc takes an additional 45-60 seconds to boot/reboot with the latest fix.


    Peace & Love,

    CogitoErgoSum
     
  13. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Well i spoke too soon i'm afraid to say. I just noticed that OA disables Unhackme from running resident. If i close OA and open Unhackme, go into the options and tick to enable the monitor then save it, it adds a startup to the 'current user run' in the registry. Now when i start up OA this entry gets removed. And as long as OA is active if i tick the monitor in Unhackme and try to save it, it doesn't get saved. So looks like OA is still not quite friends with Unhackme yet. But they are getting that way. Btw, the registry changes were prompted by Regrun Gold.

    muf
     
  14. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    OK then! Back to the drawing board, we'll get this one nailed.

    Sorry for the inconvenience :(


    Mike
     
  15. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    And this one :)
     
  16. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi muf,

    I think that the startup for Unhackme was denied by OA in this case as we cannot reproduce this problem any other way. If you remove UHM from the programs list, then re-run it all should reset itself.

    Please let me know if that solves it.

    Still looking at the reboot delay


    Mike
     
  17. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Mike,

    No go on that one i'm afraid. I uninstalled Unhackme(UHM). Deleted the permission's out of OA and then reinstalled UHM. Gave permission to everything it threw up including the installers. Still could not get the tick for 'active' to stay ticked in the UHM option's. So i uninstalled it again and removed all the permission's in OA. This time i closed OA down by RMB of the OA sys tray icon and selection "Close and Shutdown Online Armor". Then i installed UHM and made sure the tick was there in option's, it was. So i loaded up OA and as soon as the icon appeared i checked for changes using Regrun and low and behold Regrun tells me the UHM monitor startup has been removed from 'current user run'. So i selected change back in Regrun so that the value would be reinstated and the user run key was removed again. Damn frustrating and with only one day left of my evaluation i'm getting worried.

    Currently i have added a shortcut to the UHM monitor and added it to my startup folder. The active UHM monitor now loads at bootup. But this is just a temporary workaround. I need to fix this. I've disabled all my other active stuff just in case they were causing a problem. Still the same. The only application that affects the UHM monitor is OA. Have OA on and the monitor gets put to the sword, have OA closed down and the monitor works fine. How much hair is it possible to tear out in one day? I've more than used my quota!!!

    If it helps, here's a list of my current active security software. Maybe one of these others is having an influence!
    Sygate firewall(free version 5.6 Build 2808 )
    BOClean 4.12.002
    KAV 5.0.388
    Regrun gold 4.1
    Cookiewall 1.01
    Online Armor 1.1.0.500
    Unhackme 3.0 beta 2

    All running on windows XP sp2


    Thanks,
    muf
     
  18. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hi Muf,

    I'm happy to extend your OA evaluation if needed. I am pretty sure that somehow OA's settings have not quite been removed properly (a bug in OA maybe) - we could prove this by uninstalling OA, making sure that the OA directory was clean (ie no client.dat, server.dat, shared.dat, etc) and reinstalling.

    Appreciate it if you could give it a go.


    Cheers


    Mike
     
  19. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Mike,

    Good news. That did the trick. I'll monitor things and see how they go. Not prepared to say it's fixed just yet. Remember what happened last time i said that? But looking good so far. At least the UHM monitor is staying and i can adjust the UHM monitor, save the settings and it stays that way.

    Thanks again for the help.

    muf
     
  20. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    No problems - I think it's a bug in OA - there's no way to reset the "startups" choice that is made :( Something to look at!

    Cheers

    Mike
     
  21. CogitoErgoSum

    CogitoErgoSum Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    641
    Location:
    Cerritos, California
    Thanks Mike and OA crew for addressing the boot delay problem in such a timely manner. Everything seems to be back in order.


    Peace & Love,

    CogitoErgoSum
     
Loading...
Thread Status:
Not open for further replies.