haiku

Online Armor / Emsisoft Anti-Malware Causing Hang

Recommended Posts

I run both Online Armor & Emsisoft Anti-Malware on a PC running Windows 7 Ultimate.

 

This PC is rebooted every day as part of the overnight maintenance routines.

 

Yesterday (Tuesday the 17th September) the PC refused to boot, hanging shortly after entry of the login password.

 

The problem was eventually resolved by disabling both the Online Armor & Emsisoft Anti-Malware services.

 

Given that the problem surfaced on Tuesday - i.e. no problems were experienced on Monday morning - I can only presume that the problem was caused by an update loaded during Monday.

 

Your assistance would be appreciated.

 

Kind regards.

Share this post


Link to post
Share on other sites

My apologies - I forgot to supply the requested technical data:

 

1. O/S: Windows 7 64-bit Ultimate with service pack #1 installed.

2. All Microsoft patches are installed.

3. I can't start the PC to obtain the Online Armor & Emsisoft Anti-Malware versions. Is there any other method ?

4. The Emsisoft Anti-Malware 'Signatures' directory shows the most recent file to be 20130917.sig dated 2013/09/17 17h18.

5. The Online Armor 'Logs' directory shows the most recent log entry to be the following:

 

[17/09/13 18:03:24]  1572/624  Executable: C:\Program Files (x86)\Online Armor\oasrv.exe
[17/09/13 18:03:24]  1572/624     Version: 6.0.0.1736
[17/09/13 18:03:24]  1572/624  Command Line:
[17/09/13 18:07:24]  1572/624  Hash: A54B4FBC24C4EDE34BEB5F8D8974752A
[17/09/13 18:07:24]  1572/624  OS  Version: 6.1, Build: 7601
[17/09/13 18:07:24]  1572/624  CDS Version: Service Pack 1
[17/09/13 18:07:24]  1572/624  Win Version: Windows 7/64
[17/09/13 18:07:24]  1572/624  -- Logging level: Both

 

6. The Windows Firewall is disabled.

7. I am not running any other anti-virus or anti-malware software.
 

Share this post


Link to post
Share on other sites

If you can't start your computer, then please try following the instructions at this link to start your computer in Safe Mode, and then uninstall Online Armor. If you can start your computer normally after that, then we can go from there.

Share this post


Link to post
Share on other sites

If you can't start your computer, then please try following the instructions at this link to start your computer in Safe Mode, and then uninstall Online Armor. If you can start your computer normally after that, then we can go from there.

 

The problem lies with Online Armor and not Emsisoft Anti-Malware.

 

I disabled (using MsConfig) the following:

 

1. Service: Online Armor;

2. Service: Online Armor Helper Service;

3. StartUp: Emsisoft Online Armor (oaui.exe);

 

I also disabled the OA Helper Driver in the local area connection properties.

 

The Emsisoft Anti-Malware was left as was, i.e. enabled. 

 

I am now able to successfully re-boot the computer.

Share this post


Link to post
Share on other sites

Lets get an OTL log, and see if it shows the cause of the issue. Please run OTL by following the instructions below:

  • Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  • Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  • Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

Share this post


Link to post
Share on other sites

Lets get an OTL log, and see if it shows the cause of the issue. Please run OTL by following the instructions below:

  • Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  • Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  • Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

 

 

Hi -

 

I downloaded and ran OTL. Unfortunately I was unable to generate an Extras.txt.

 

After failing to generate the Extras.txt file [after the first scan] I ran through the following steps (as recommended elsewhere):

 

1. Ran a CHKDSK. No errors reported.

2. Downloaded and ran AdwCleaner. Nothing significant was reported (see attached log).

3. Downloaded and ran JRT. Nothing significant was reported (see attached log).

4. Cleared the Application & System logs.

5. Re-ran OTL using the parameters attached. Still no Extras.Txt

 

NB: I rarely use the FireFox browser mentioned in the logs.

 

Many thanks

Share this post


Link to post
Share on other sites

If you look at OTL, the "Extra Registry" option is set to 'None', which is why the Extras.txt file was not generated.

I am seeing Microsoft Security Essentials in the log, so please note that an update to Microsoft Security Essentials last week broke compatibility with Online Armor and caused major performance issues on computers where both MSE and Online Armor are installed. You will need to create exclusions to resolve the issue.

To create an exclusion in Microsoft Security Essentials, please follow these instructions (note that you may need to restart your computer in Safe Mode before doing this, and you can find instructions for that at this link):

  • Open Microsoft Security Essentials.
  • Go to the Settings tab.
  • Select Excluded processes from the menu on the left.
  • Click the Add button on the right.
  • Using the little [+] and [-] buttons to the left of folder names to open and close them, navigate to the Online Armor folder, select the file you wish to exclude, and click OK to add it.
  • Repeat the last two steps until you have added each of the following files:
    • oacat
    • oahlp
    • oasrv
    • oaui
  • Be sure to click the Save changes button in the lower-right corner when all of the files have been added.
Please note that the Online Armor folder should be as follows:

C:\Program Files\Online Armor

On 64-bit editions of Windows, it will be a bit different:

C:\Program Files (x86)\Online Armor

Here are instructions to add Microsoft Security Essentials to the exclusions in Online Armor (be sure to restart your computer if it is running in Safe Mode, as Online Armor will not run in Safe Mode):

  • Open Online Armor.
  • Go to Options in the menu on the left.
  • Go to the Exclusions tab.
  • Click on the Add button.
  • Using the little [+] and [-] buttons to the left of folder names to open and close them, navigate to the Microsoft Security Essentials folder, click on the folder to select it, and click OK to add it.
  • Be sure that the option to also exclude subfolders is selected before closing Online Armor.
The Microsoft Security Essentials should be in C:\Program Files or C:\Program Files\Common Files, and it may be named Microsoft Security Client.

Share this post


Link to post
Share on other sites

Hi Arthur -

 

May I respectfully suggest that, when asking a customer to run OTL, you also provide the settings that you require. It would have saved me a couple hours in fruitless searching for a solution as to why a scan wasn't generating the requested Extras.txt.

 

That said:

 

1, I removed the existing installation of Online Armor.

2. Rebooted etc.

3. I downloaded and installed the latest version of Online Armor.

4. I excluded the Online Armor files in the Microsoft Security Client.

5. Clicking on Online Armor completed the installation i.e. entering the registration code & updating the files.

6. Online Armor requested a reboot i.e. before I could add the Microsoft Security Client's files to Online Armor.

7. The computer hung on start-up, i.e. as before.

8. I rebooted into safe mode and uninstalled Online Armor, then rebooted.

9. The computer started normally.

10, I ran OTL which, with the corrected settings, generated the Extras.txt.

11. The results of the scan are attached.

 

I don't know if this relevant, but with Online Armor files installed but deactivated, MIcrosoft's VPN connections no longer work. I have to remove Online Armor before the VPN will work.

 

Regards

 

-- haiku

Share this post


Link to post
Share on other sites

Try starting your computer in Safe Mode, and see if you can turn off Microsoft Security Essentials while in Safe Mode (there should be an option to turn off real-time protection in the settings in Microsoft Security Essentials). Online Armor's settings are not accessible while the computer is running in Safe Mode.

Share this post


Link to post
Share on other sites

Try starting your computer in Safe Mode, and see if you can turn off Microsoft Security Essentials while in Safe Mode (there should be an option to turn off real-time protection in the settings in Microsoft Security Essentials). Online Armor's settings are not accessible while the computer is running in Safe Mode.

 

Seems to be working now, though OAMine did crash my machine <sigh>

 

Will test for a couple of days before closing ....

 

Many thanks for the assistance.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.