Hiballer

DLL failure during nightly update

Recommended Posts

For three days running now (following your latest software update three days ago), I get up in the morning and find a notice that there has been a DLL failure. I have sent the error message  to your site in hopes of finding a solution.

 

Is this going to keep happening? If so, then perhaps I should be looking for another product.

 

I am running Windows 7 (x86) with all MS Updates. I have Malwayrebytes running, but it has been running in conjunction with EAM for several years now with no ill effects. MBAM has had no updates to its software that I know of. My computer(s) run 24/7/365 so they are never turned off. I have EAM running on my gaming computer (Windows 7 (64-bit) but it has no such problem as I've described here.

 

There are no related errors in the Event Viewer. Unfortunately, I did not take a screen shot to show the wording of the error, but when it happens again tomorrow, I will.

 

 

Share this post


Link to post
Share on other sites

There are no related errors in the Event Viewer. Unfortunately, I did not take a screen shot to show the wording of the error, but when it happens again tomorrow, I will.

Yes, that would be quite helpful. "DLL failure" is a bit vague otherwise. At least the DLL name would be necessary to get an idea what is going on.

Share this post


Link to post
Share on other sites

This is far more serious than I originally thought. Just now -- 5 minutes ago -- Emsisoft created 47 pop-up notices of DLL failure. I could not manage a capture of one of them. They are highly elusive and quickly clogged my machine so badly I had to reboot to clear it all. I shut down EAM immediately and am not running it now (although it tells me that Fileguard is still running for some reason).

 

I've attached a shot of the Task manager and all the failed DLL notifications. All but the first one are blank. I cannot drill down fast enough to get a screen capture of the first one. They cannot be moved aside, nor can they be killed - even with Task manager. There are simply too many of them. I will try to get the first failure notice and post it here.

 

emsisoft1.jpg

Share this post


Link to post
Share on other sites

Aha! I did some checking, initiated several scans, and a couple of updates. During a "Quick" scan, the error showed up!!!

 

Here it is:

 

emsisoft2.jpg

 

I can repeat the error every time by initiating a Quick Scan. I have a Quick Scan scheduled at 0200, following an update at 0100, so this must be what is causing the error.

 

I repeat that this has only been going on now for three days - each morning I find one. Your application software updated three days ago also, requiring a reboot to completely install the software. I suspect an error has crept in.

 

I send the error reports by the way. You should have it somewhere - wherever they land at your HQ.

Share this post


Link to post
Share on other sites

I located the "a2service-2.log.txt" file in my appdata/local/temp directory. I'll attach that also.

 

I hope this can be ironed out.

 

I am also wondering why EAM thinks I am running "Microsoft Windows XP (32-bit). I am NOT. I run windows 7.

 

Bill

 

a2service-2.log.txt

Share this post


Link to post
Share on other sites

Happened again early last night. Here's the notification.  I sent the report in.

 

emsisoft3.jpg

 

I would really appreciate knowing what is happening here.

 

Bill

Share this post


Link to post
Share on other sites

AMD Athlon 7550 Dual-Core @ 2.5Ghz

3G of RAM

 

I would like to point out that I've used Emsisoft, in the same configuration of hardware/software for over 2 years with no trouble. Only after your latest update (4 days ago now) did the problem start.

 

By way of explanation of the delay in installing your update - I was on vacation for two weeks and the computer was turned off, so you may have pushed the update down earlier, but I didn't pick it up until I came back Sunday the 27th of Sept.

 

Does that help?

Share this post


Link to post
Share on other sites

Wow! Did that ever open up a huge can of worms! I tried a couple of scans and when I went to a few other panels, EAM suddenly went nuts on me, producing so many error boxes it made my machine lock up.

 

Here's what I captured just before it came to a screaming halt...

 

emsisoft4.jpg

 

Not what I was hoping for.

 

My question now is: How do I bring a2guard to a halt using Task manager? It refuses to be killed no matter who tries to do the killing. All I can do is attempt to reboot or logout/log back in, and stop it from launching in the first place. Do I have to stop a service before killing it?

Share this post


Link to post
Share on other sites

Self Protection needs to be turned off before a2start.exe and a2guard.exe can be closed with Task Manager. The only way you'll be able to close them is to restart your computer, and you may have to hold down the power button for around 4-5 seconds to force the computer off if restarting normally isn't working.

Share this post


Link to post
Share on other sites

I have had no trouble starting/restarting my computer at all. I read in another post that to kill any of the a2... functions, one had to use the context menu item "Shut down protection".

 

There was no failure during the night last night, and I ran several scans, updated manually, and investigated several of the protection options without failure. So, at this point, I feel that leaving EAM running would be my best bet and keep forwarding any failures I get to you for analysis.

 

I've noted several threads from Windows XP users who are having DLL failures much the same as mine. It is interesting to see that EAM thinks that I am running Windows XP also - which I am not. I went the upgrade route from Windows XP to Windows 7 several years ago. It is because of this I think EAM is confused as to what I running as that particular DLL may not have been updated by the OS update process.

 

I've run SFC (System File Checker) and it found no irregularities. The best option now I feel would be for me to keep running EAM and report errors here. If no more occur, then perhaps whatever it was in the Beta update fixed the problem. You would know better than I what the change was. I would like a brief explanation if possible, though.

Share this post


Link to post
Share on other sites

A lot of the issues were fixed by a patch a few days ago which resolves an issues with older processors that didn't support SSE2. It's hard to be certain (AMD doesn't seem to have information about your processor anymore), but I think yours does support SSE2.

Share this post


Link to post
Share on other sites

Okay. I don't know what to do with this information, GT500. I've turned on "Beta updates" as requested by Fabian, and supposedly they've been downloaded/installed. But, last night, I had yet another failure:

 

 

emsisoft5.jpg

 

This was followed immediately by another error, but that flashed off the screen in microseconds and I didn't get a screen capture of it.

 

Whatever steps have been taken aren't fixing the problem. I do not have this situation on my 64-bit machine.

 

Bill

Share this post


Link to post
Share on other sites

Lets get some debug logs from Emsisoft Anti-Malware. In order to do this, you will first need to run a batch file to enable debug logging. This batch file is contained in the ZIP archive at the this link (this ZIP archive also contains a batch file to disable debug logging).

Please save that ZIP archive on your desktop, extract its contents, and then follow these instructions:

  • Run the enable_debug_output batch file (if your computer has Windows Vista, Windows 7, or Windows 8 then please right-click on the batch file and select Run as administrator).
  • You will see a black window pop up, and then disappear very quickly. After that happens, please restart your computer.
  • Reproduce the issue you are having (wait for the error again, or if there's something that you know causes the error then go ahead and do that).
  • Once you have reproduced the issue, hold down the Windows key on the keyboard (the one with the Windows logo on it, usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog.
  • Type the following into the Run dialog, and then click OK:

    %ALLUSERSPROFILE%\Emsisoft
  • A window should open and you should see a Logs folder. Right-click on that Logs folder, go to Send to, and select Compressed (zipped) folder.
  • Move the new ZIP archive you created with the logs folder in it to your desktop.
  • Attach the ZIP archive containing the logs to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
Note: If you get an error message when trying to send the Logs folder to a Compressed (zipped) folder then you may need to try a utility such as 7-Zip or WinRar to compress the folder. Both 7-Zip and WinRar have options to create an archive and save it in another location (such as on your desktop), which should prevent the error message. Here are links to the download pages for 7-Zip and WinRar.

After posting the debug logs, you can run the disable_debug_output batch file (be sure to run it as administrator as well) and restart your computer again to disable debug logging.

Share this post


Link to post
Share on other sites

I assume your last post was for me, GT500. We can probably dispense with such detailed instructions in the future because I've been building/;programming/repairing computers since 1963 (over 50 years). No offense taken at all. You didn't know.

 

I'll run the batch file and see what happens. i didn't get any failures last night, but, according to the logs, there weren't any updates installed before the scan was run at 0300. I have a feeling that I get the error if an update is done followed by a scan. If I can cause the error manually, so much the better.

 

When I have some results, I'll post back.

 

Thanks,

 

Bill

Share this post


Link to post
Share on other sites

Well, BOOM! I managed to cause a fault almost immediately when I rebooted.

 

I did an update followed by a Malware scan and a Quick Scan. That didn't do anything. Then, I remembered that it last happened while I was looking at Protection - Behavior Blocker. Las time, it faulted when I UNchecked the "Hide fully trusted applications".

 

Sure enough. The instant I unchecked that box, I got this fault:

 

emsisoft6.jpg

 

I had the debug output enabled, so I'll attach the ZIP file of those logs.

 

Bill

 

 

debug_output.zip

Share this post


Link to post
Share on other sites

Another overnight failure:

 

emsisoft7.jpg

 

This time, it appears to be a different DLL - comctl32.dll.  Note that there is another error behind the first one. But, that one disappears as soon as I clear the top one.

 

I've examined the Event Viewer, but there are no entries related to this so I believe it is solely a problem with EAM.

 

Want me to try running in debug mode again? I can see that the log grows huge with just a couple of hours usage, but maybe something in it can be extracted if I'm told what/where to look. Being a software engineer myself, I would like to be a part of the solution so I will keep EAM running in hopes of assisting you. Seems like a fairly elusive bug. Perhaps an empty file scan pointer? That can cause an access violation.

 

Bill

Share this post


Link to post
Share on other sites

OK, I've passed your debug logs on to our developers.

They're going to want a memory dump as well. Before doing that, go into the settings in Emsisoft Anti-Malware, and turn off the Self Protection (it won't allow you to save a memory dump). Once that's off, wait for the crash again, but don't close Emsisoft Anti-Malware when it happens and don't close the error message. The process will remain in memory if you don't close the error message, and you can save the memory of the running process using something like Process Explorer or Process Hacker. Just right-click on the process (presumably a2start.exe since it is running in each screenshot), and there will be an option to save a dump. If you use Process Explorer, then be sure to save a full dump.

Obviously you'll need to compress the memory dump before attaching it to a forum post. ZIP, 7z, and RAR will all work just fine (technically we should be able to open any popular archive format).

Share this post


Link to post
Share on other sites

I have used Process Explorer and it is currently installed, but there doesn't seem to be a "memory dump" option in the context menu for the process. In fact, none of the running processes have that option. If it is there, I can't see it.

 

I have a suspicion that what is showing on the screen when the crash happens is NOT the running process. I think immediately following the crash, another instance of EAM starts up and replaces the crashed one. So wouldn't that make any dump meaningless? I believe this because when I close the error dialog, the EAM app closes. But an icon in the notification area is present that will start up the interface again.

 

Perhaps a word on how to get the memory dump from Process Explorer might help.

 

Bill

Share this post


Link to post
Share on other sites

Never mind. I was using an older copy of PE. I downloaded the new one and it does have a Create Dump option
.

Now, all I have to do is wait for another crash. maybe I can cause one.

 

Bill

Share this post


Link to post
Share on other sites

BOOM! I caused another failure. Updated, then ran two scans, then went (once again) to the Behavior Blocker and unchecked "Hide Fully Trusted Applications". My screen filled with seemingly hundreds of failure dialog boxes. I captured a few of them:

 

emsisoft8.jpg

 

The window behind the errors is the crashed program. I went to PE, used the context menu to create a full dump and will attach it here, suitably ZIPped.

 

The error dialog boxes appeared one after another at approximately 1 to 2 second intervals. It seemed to occur as if the program was scanning files, erroring out, and selecting the next.

 

My upload speeds are really cruddy (250Kb/s) AT&T loves to tout their download speeds (25MB/s) but their upload is a guarded secret.

 

Bill

 

a2start.zip

Share this post


Link to post
Share on other sites

Houston, we have a problem.

 

My 64-bit Windows 7 just threw an exception similar to my 32-bit machine:

 

emsisoft100.jpg

 

Whatever it is, it has spread (or been downloaded as an update).

 

EDIT: Something else interesting. I had quite a few Update Logs in that category and when I "Clear"ed them, It threw two "Invalid Pointer" notifications. I couldn't capture them because they went away quickly.

 

 

Bill

Share this post


Link to post
Share on other sites

Well, I was wrong. EAM on my 64-bit machine can be killed in the same manner as my 32-bit. Same sequence of update-scan-then uncheck the box. I get a failaure with a continual amount of Access Violations piling on top of each other. The last thing you need is yet another picture of this, so i didn't post one.

 

This error should probably be checked out on a completely different machine, somewhere in your office maybe?

 

This has to be a really buried bug, though, and I think it was introduced by your last (normal) update.

 

I've enabled Beta downloads and then updated/rebooted. Do you want me to enable debugging on the 64 machine?

 

Bill

Share this post


Link to post
Share on other sites

32-bit machine had this error, but nothing on my 64-bit machine.

 

I realized that the reason I hadn't seen the error on my 64-bit machine is that I had been running Ubuntu for the last month (it is dual-boot). Yesterday was the first time I'd booted up Windows 7.

 

Here's the 32-bit error this AM:

 

emsisoft9.jpg

 

Can I be of any more help here? I've spent a lot of years debugging my own programs, so I do have expertise.

 

I have noticed that the error remains until I either send or not send the report. Then, the error AND the Main Screen go away. There is an icon remaining in the notification area and, when I activate it, the main screen appears again. I suspect that this is a new instance of EAM that replaced the faulted one. Since I have to manually cancel the faulted instance, the new one takes over guarding my computer in the background, leaving the bad one just sitting on the screen. Hovering the mouse over the bad screen brings up the "waiting" endless circle.

 

Bill

Share this post


Link to post
Share on other sites

I am unable to tell you what version(s) I am running on either of my machines. I've searched through all the menus but there doesn't seem to be a Help -> About page anywhere. The little question mark icon in the upper right corner bring up a Help manual that says "These instructions relate to version 10.0." but no other identification can be found. The 64-bit machine is the same way - no idea what version.

 

I have been successful killing the program by taking these steps. it doesn't work ALL the time, but around 90% of the time, especially the 32-bit machine:

 

1. do an update

 

2. do either a Quick or Malware scan (Not sure if this is necessary. It is inconclusive that it is)

 

3. go to any one of the following sub-panels under "Protection": Application Rules, Surf Protection, or Behavior Blocker.

 

4. Check/uncheck the box at the top right that hides/unhides Fully trusted applications or Built-in list.

 

5. That's when I get the access violations - and there are a lot of them. It will not bring my system down, because I can open other applications and run them, but they are annoying and fill up my taskbar.

 

Bill

Share this post


Link to post
Share on other sites

Bill when you open the EAM interface look under the blue logs panel, you will see 'follow us' and then beneath that 'about'.

 

Click on 'about' and you will see the version build number of EAM that you are running.

Share this post


Link to post
Share on other sites

Oh, so there it is. I had to change the brightness/contrast of my screen to find it. It was VERY hard to see because I have poor vision and the dark grey font on light grey background seems a uniform color to me. It isn't in the traditional place, is it?

 

My version on both the the 32-bit and the 64-bit is: 10.0.0.5735

 

Thanks for pointing that out.

 

Bill

Share this post


Link to post
Share on other sites

Okay, so we are running the same version.   My initial attempt produced no problems.  So the big difference in our systems, is you run malwarebytes, and I don't, but you don't run the other stuff I run, so I will add malwarebytes, and give it a few tries.

Share this post


Link to post
Share on other sites

Many months ago, there was a documented (in both forums) conflict between MalwareBytes and EAM. For one month, I kept MBAM from running at startup and in the background, only starting it once every couple of days "just checking". I am behind a very effective hardware-based firewall, and my browsing is limited mostly to writing sites, my own site, and other professional sites.

 

For these tests, I've disabled MBAM. It is possible, I suppose, that just the presence of MBAM in my system could be significant, but probably not.

 

Just now, I did a clean reboot, and proceeded to immediately cause a series of Access Violations by EAM. MBAM was NOT running.

 

Bill

Share this post


Link to post
Share on other sites

Hi Bill

 

I installed the trial of MBAM premium, and did a series of what you said to do to reproduce.   I had no issues at all.   Strange.    If you want to eliminate MBAM, uninstall it with two reboots.  Disabling still leaves drivers installed.

 

All I can say now is a) you are in good hands with the staff, and b) don't give up on EAM.  I am one of those weirdo's who test my setup against real malware, and I can tell you EAM/EIS has always been the first to stop nasties.

 

Pete

Share this post


Link to post
Share on other sites

I have a floppy with several pieces of malware on it. Like you, I've found that EAM is the only one that identifies all 7 of them. Yes, I have a floppy on my computer. Hey, the Mobo had a header for it, so why not? :D Sometimes, that's the only way I can play some DOS games or nostalgic prgramming in BASIC or even machine language within my Virtual machine running DOS and Windows 3.11.

 

I have a nagging suspicion that my problem stems from the method I used to install Windows 7. My computer originally had Windows XP-SP3 on it. Then I upgraded to Vista (yech) and further to Windows 7. I am totally happy with Windows 7 and not about to go 8, 8.1, or (shudder) 10. Before i do that, I'll make my remaining two computer Ubuntu and be done with Windows forever. My point is that I could be running an older copy of a DLL (or DLLs) that was grandfathered in by the upgrade procedures and not replaced. Maybe even M$ saves effort by adhering to the "if it isn't broke, don't fix it" statement.

 

Now, EAM is bumping heads with some obscure link/subroutine/background tasks or whatever that is killing the scanner.

 

The staff helping me seem to be really competent and, since I am a software developer also, I can say without fear of contradiction that fixing a bug is 99% locating the doggone thing first, taking all the time. The fix is easy. I'll hang in there, responding to requests from them and maybe we'll find the elusive little thing.I am bothered by the bug appearing on my 64-bit box, though. I installed Windows 7 directly to it. It has never had anything lower on it. Now, it's dual-boot with Ubuntu 14.04LTS.

 

Bill

Share this post


Link to post
Share on other sites

Did you still have debug logging turned on when the issue on Saturday (October 10th) happened? The one on your 64-bit Windows 7. If so, then our developers would like to take a look at them. If not, then would it be possible to reproduce it and send us debug logs (plus submit the error report when the crash happens, of course)?

Share this post


Link to post
Share on other sites

I didn't have debug turned on for the 64-bit machine when it happened. However, I am able to cause the error easily and will enable debug and report back with the error.

 

Yesterday, in response to a post here, I completely uninstalled MalwareBytes on my 32-bit machine, rebooted, and let my system run overnight. The error happened just like always:

 

emsisoft10.jpg

 

It would appear that there is no conflict between MBAM and EAM that I can see.

 

THIS error was on my 64-bit machine this morning:

 

emsisoft101.jpg

 

Both error reports have been forwarded to you.

 

I will enable debug on BOTH machines and cause an error on BOTH machines and report back here with the results.

 

Bill

Share this post


Link to post
Share on other sites

This is really coming unraveled now. My 64-bit machinethrew a deliberate error following debug enablement, and then, when I tried to access the log, threw ANOTHER error in "logging.DLL" (which is in this screen capture):

 

emsisoft102.jpg

 

Things are falling apart rapidly.

 

I have yet to do anything to my 32-bit machine.

 

NOTE: I don't mind helping in the least, but could we concentrate on either the 32-bit or the 54-bit machine? Hopping between the two of them is a chore (even with my KVM switch) and entails keeping track of which machine I am on at the time. I suspect that we will find the problem using either one or the other and, when fixed, will cure both of them.

 

Bill

64-bit-Logs.zip

Share this post


Link to post
Share on other sites

Thanks for logs.

The reason of the problem is not clear yet.

Anyways, you are correct there is no need to test it on both systems.

It will be enough to focus on one of them (on your choice).

Share this post


Link to post
Share on other sites

I've replied to your PM, Mik. I caused the error on my 64-bit machine, ZIPped up the files and then caused the error on my 32-bit machine, ZIPping up those files also. They are in our PM thread.

 

I see no need to post screen shots any more as they all look alike and act the same way. If left running, I just fill up available RAM with windows informing me i've had an error. Pointless, actually.

 

I didn't realize that a3guard didn't begin logging until several minutes after the error chain began. I let them run for a while and then used Process Explorer to kill both a2guard and a2start. I've changed the self-protection option in Tools to allow me to do that with a minimum of fuss - especially the Capcha, as my eyes sometimes fail me when trying to read those tiny numbers. :D After all, I am 73 years old.

 

Bill

Share this post


Link to post
Share on other sites

Oddly enough, the last three days were error-free in the mornings when I turned my monitor on. I can still cause an error manually, but the automatic errors seem to have gone away for the present.

 

My 64-bit machine has been returned to Linux service and is currently not running Windows 7, so I don't know if the error occurs there overnight.

 

Were my logs of any use?

 

Bill

Share this post


Link to post
Share on other sites

Did you disable your scheduled scan? At least, I am assuming that the issue was happening overnight after or during the scheduled scan running.

Share this post


Link to post
Share on other sites

I have not changed a thing in the Options panel. Scans are still being made. But, when I check this fact just now, I had to pop-up errors tell me "Invalid Pointer" as I closed the main interface window. They cleared by clicking "OK". This has happened before.

 

The untended crashes were happening during the night, but have stopped for some reason.

 

Bill

Share this post


Link to post
Share on other sites

Today, I was doing a bit of log clearing. When I got to the Scan Log list and began to delete older logs, I got this:

 

emsisoft12.jpg

 

As I deleted each log, the error re-appeared. Then, while I was taking a screen shot and processing it, EAM failed with the familiar Access Violation in a2start.exe. I could NOT get a screen shot of the error because the computer was unresponsive this time. I was able to kill EAM after a Ctrl-Alt-Delete and bring up Task Manager.

 

For the time being, I have stopped EAM from running at bootup and will not use it again until this matter is fixed. I cannot afford the time it takes to mess with it.

 

Something has been introduced into your program not long ago that began this series of errors as I've been using EAM for several years with no troubles. You need to go back and see what changed in your core process during that last engine update. I also have a hard time believing I am the only one who has this problem.

 

My 64-bit machine will NOT throw the Invalid Pointer error, but I can still cause a crash as before.

 

Bill

Share this post


Link to post
Share on other sites

And my 64-bit machine chimed in this morning with:

 

emsisoft103.jpg

 

I have now shut down the operation of EAM on this machine also until things get fixed. I will restart it if you need a particular bit of information, but not routinely.

 

BTW, Send Error Report was not "clickable".

 

Bill

Share this post


Link to post
Share on other sites

I assume you've submitted them in the past? I'm fairly certain that our developers would have said something to me if we didn't have the crash reports for these, but I just want to be sure. ;)

Share this post


Link to post
Share on other sites

I've sent every one I've been able to send. Quite a few of the times, one error will pile on top of the next making it impossible to grab just one and send it.

 

My 64-bit machine is back to Linux now as I am working on a Python project, so Windows won't be operational for some time.

 

Overnight errors seem to have stopped on the 32-bit machine. I've made no changes to any of the settings so I assume that something has been pushed down to it that has halted the crashes.MBAM was completely removed days ago but the errors kept happening even after that.

 

Bill

Share this post


Link to post
Share on other sites

It sounds like our developers are hoping that our next beta version will resolve this issue. If you still have Beta Updates turned on, then you should get it automatically once it is published.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.