rc91

EAM 7 scanner stops cold during scan

Recommended Posts

Yeah so today I get home and get on my pc and anti-malware downloads version 7. So I wait for it then try to begin a scan. It gets to where it starts scanning the C: drive (or in my case 80% progress) and the scan just stops. Not like goes to scan complete or anything, but it just sits there at 80%. No movement in the progress bar, no increase in the number of objects scanned, the area where it shows what file is being scanned remains blank. Also leading up to this the other parts of the scan are abnormally slow. So what do I need to do?

Share this post


Link to post
Share on other sites

We'll probably need a DebugView log to see what is going on. Before we can get that, we'll need to set a registry entry that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file eam_enable_debug_output.zip contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator):

After that, please restart your computer, and then proceed with the instructions below:

  1. Download DebugView from this link:
  2. When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'.
  3. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All".
  4. Open the new DebugView folder that was created on your Desktop after extracting.
  5. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator".
  6. Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item).
  7. Do whatever it is you need to in order to replicate the issue (run the same scan until it freezes at 80%).
  8. After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop.
  9. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls.

Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.

Share this post


Link to post
Share on other sites

Now there's another problem. In DebugView, when I click on save as, DebugView locks up and takes the rest of the computer with it. I end up having to force the computer to shut down. So what now?

Share this post


Link to post
Share on other sites

rc91,

Open Emsisoft Anti-Malware > Guard > File Guard and click "Manage whitelist'.

In the first column (Type), select process.

Click in the second column (Item), a tiny blue button appears. Click that button and navigate to the file Dbgview.exe on your PC and select that file.

Click OK.

On my machine it looks like this:

Once the process Dbgview.exe is excluded/whitelisted the machine will not lockup when you save the DebugView logs.

Share this post


Link to post
Share on other sites

Here's the debug file. Also, I don't know what happened between yesterday evening and this afternoon, but now the scanner reaches 60% (still at scanning C: drive), still completely stopping, but now the whole EAM GUI and scanner stops responding.

Share this post


Link to post
Share on other sites

Our developers are also requesting an Engine Debug Log, which will tell them more information about what is going on. Here's another ZIP archive, which contains two batch files. One is named engine_enable_debug_output and the other is named engine_disable_debug_output. Please download this ZIP archive, extract the batch files, and run the engine_enable_debug_output file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click and select to Run as administrator):

After running the batch file, please restart your computer, and try your scan again. Once it freezes, please check the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) and there should be a file named ScanEngineDebug.log (the files should be listed in alphabetical order). Please ZIP this file (if you do not have a program such as WinZip, 7-Zip, or WinRar then please right-click on the file, go to Send To, and select Compressed (zipped) folder) and make sure to save the ZIP archive on your desktop to make it easy to find. After that, please attach the ZIP archive with the ScanEngineDebug.log file in it to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.

Share this post


Link to post
Share on other sites

Are you doing a Custom Scan, or is this one of the default scan options (such as Deep Scan)?

If this is a Custom Scan, then please try it again and make sure the option Use direct disk access is unchecked, like in the screenshot below (if it is too small to read, then you can click on it to make it bigger):

Let us know if the scan finishes OK like that.

Share this post


Link to post
Share on other sites

It was a custom scan and I did have direct disk access checked. However, I just tried it without direct disk access and it's still getting stuck at 80%.

Share this post


Link to post
Share on other sites

rc91,

I have the same problem- custom scan (" It gets to where it starts scanning the C: drive (or in my case 80% progress)" ). but after 5-7 Minutes, the scan Continues but very very slow- this is didn't It did not happen,in the last version.

Share this post


Link to post
Share on other sites

Is this happening for everyone on Windows 7?

If so, then when the scan freezes, please open the task manager (either with Ctrl+Alt+Delete or Ctrl+Shift+Esc), switch to the Processes tab, make sure to click the button at the bottom that says Show processes from all users, and then find a2service.exe in the list. Once you find a2service.exe please right-click on it, and select Create Dump File. This will save the scanner's memory to a dump file in one of your temporary folders. When it is done, a message will pop up telling you where it was saved. Please make a note of the path to this file, and then click the Start button, go to Computer, and navigate to the folder that contains the dump file (there will probably be a lot of other stuff in there as well, however it should all be listed in alphabetical order).

You can cut and paste (or drag and drop) the dump file onto your desktop, and then ZIP it (if you don't have WinZip, WinRar, or 7-Zip then you can right-click on it, go to Send To, and select Compressed (zipped) folder). Please upload this zipped dump file to a website such as RapidShare/DepositFiles/BayFiles/etc. and then copy and paste the link to download the file into a reply (you can also send it to me in a private message), and I'll pass it on to our developers.

Share this post


Link to post
Share on other sites

I tried to Create Dump File, but I get an error that it can't create dump file.

That will happen if you do not have administrative rights. To elevate the Task Manager to administrative rights, then you would need to click on the button in the lower-left of the Task Manager's Processes tab that says Show processes from all users.

Share this post


Link to post
Share on other sites

I'm getting an "unable to create dump file: access is denied" error with the task manager having administrative rights. What now?

Share this post


Link to post
Share on other sites

Are you getting any notifications from Emsisoft Anti-Malware or Online Armor while doing it? Do you have any security software installed other than Emsisoft Anti-Malware and Online Armor (other anti-virus, anti-spwyare, system settings protection, WinPatrol, etc)?

Share this post


Link to post
Share on other sites

I have no other security software and EAM and OA don't do anything, that I can see. Like I said the only thing that happens is windows throws up an access is denied error.

Share this post


Link to post
Share on other sites

With admin rights, you shouldn't be seeing an "access is denied" error, unless something else is blocking it (or unless there's an issue with your hard drive). Please try shutting down Online Armor before trying to save the memory dump. You can do this by right-clicking on the Online Armor icon in the lower-right corner of the screen (somewhere to the left of the clock), and selecting to "close and shutdown" Online Armor.

Share this post


Link to post
Share on other sites

Please follow the instructions at this link to check your hard drive for errors, and let me know if that helps. You will most likely need to restart your computer to run the disk check.

Share this post


Link to post
Share on other sites

This computer is driving me insane! :-)

Try to run disk check. Disk check makes me reboot. Without doing anything else, disk check goes straight to "Disk checking has been canceled" right after reboot. Any ideas?

Share this post


Link to post
Share on other sites

GT500,

I have administrative rights, and I turned off OA, and still I get an error that I can't create dump file.

Something wrong with EAM 7. this "scan freezes" didn't Occurred in the previous versions.

Share this post


Link to post
Share on other sites

There's more wrong here than just an issue with EAM 7. Something other than EAM is preventing the dump from being saved. The disk check also should have worked fine. Do you have a blank CD and a CD burner installed in this computer?

I also want to see some more information on your computer's software configuration, just in case something else is conflicting with EAM. Please run OTL by following the instructions below to get me a log:

  1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

Share this post


Link to post
Share on other sites

Have you tried disabling BitDdefender TrafficLight to see if everything works OK while it is disabled?

As for the blank CD, if you want to try running a disk check from a bootable CD, this will be fairly easy since you are using Windows 7. You can create a bootable System Repair Disk by clicking on the Start button, typing backup into the search, and selecting Backup and Restore from the list of search results. Once the Backup and Restore window opens, there will be a link on the left that says Create a system repair disk. If you insert a blank CD into your CD burner and click this link, you will be able to create a special disk that you can use in the event that anything bad ever happens to your computer (among the other tools on this disk, it will also contain the chkdsk utility, which is how Windows checks your hard drive for errors).

After creating the System Repair Disk, you will need to start your computer up from this disk in order to gain access to the recovery environment. This process is a little different on every computer, however I will do my best to explain it below:

  1. Make sure the disk is in your primary CD/DVD drive.
  2. Restart your computer.
  3. When your computer begins starting back up, it should display the manufacturer's logo momentarily. Normally in one of the corners of the screen, or directly below the manufacturer's logo, it will tell you what key to press to access what is normally called the Boot Menu (this name can vary, but usually has the word boot in it somewhere). You will need to press this key in order to access this menu.
  4. Once the boot menu is open, please select your CD/DVD drive from the list using the arrow keys (some systems, such as Fujitsu, may allow you to use the mouse) and then press Enter. If you are having trouble figuring out which one you should select, then note that many CD and DVD drives have TSSTCorp somewhere in the name.
  5. Once you select your CD/DVD drive, you should see a black screen, and if some white text appears in the upper-left corner asking you to press any key to start from the CD/DVD then please press any key (such as the space bar) to continue, otherwise your computer will not load the recovery environment from the disk.
  6. Once the recovery environment loads, you should see a screen that looks like the following (this image was borrowed from a Microsoft article):
    6303.WinRE5.PNG_2D00_550x0.png
  7. You will want to select the option to load the Command Prompt.
  8. Once the Command Prompt loads (it should be a black window with white text), please type in chkdsk C: /F and then press Enter on your keyboard to start the disk check (this process will most likely take a few minutes).
  9. Once the disk check is done, it is safe to restart your computer. You should be able to do this by closing the Command Prompt and clicking the Restart button in the lower-right corner.
  10. As your computer tries to start up again, and the manufacturer's logo appears on the screen, please eject the CD from the drive. This prevents issues with computers that attempt to automatically load off of the CD.

Share this post


Link to post
Share on other sites

TrafficLight couldn't be the problem (if you're referring to the scanner problem), since I only got it 3 days ago. But let me try that bootable disk.

Share this post


Link to post
Share on other sites

I got to starting chkdsk from the command prompt when I got the following message:

"Chkdsk cannot run because the volume is in use by another process. Chkdsk may run if this volume is dismounted first. ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BE INVALID. Would you like to force a dismount in this volume? <Y/N>"

I thought I should ask before proceeding.

Share this post


Link to post
Share on other sites

You can allow chkdsk to close all open handles to the drive. It shouldn't hurt anything, as the only thing accessing the hard drive would be the recovery environment loaded from the disk, and you'll be restarting the computer after the chksdk is done running.

Share this post


Link to post
Share on other sites

Ok, we're getting somewhere. The scanner now does something after about 5 minutes and moves along very slow - similar to what soilentgreen is saying above. Oh and in terms of the dump file, still getting access is denied.

Share this post


Link to post
Share on other sites

OK, that sounds like we're making some progress. Let me know if the scan finishes, and if you could attach the log from the scan to a reply for me then that would be great.

Share this post


Link to post
Share on other sites

Do you still have the engine debug logs enabled? If so, you will probably want to delete the ScanEngineDebug.log file and then run another scan (you can run the scan overnight if it takes too long). Please attach the new ScanEngineDebug.log file to a reply once the scan is done.

If you have trouble deleting the ScanEngineDebug.log file, then right-click on the little Emsisoft Anti-Malware icon in the lower-right corner of the screen (to the left of the clock) and select Shut down Guard. After that, please hold down the Windows key on your keyboard (normally in between the Ctrl and Alt keys, with the little Windows logo on it) and tap the R key to open the Run dialog. Type services.msc into the field, and then click OK. This will open a list of services that are installed on your computer. Please scroll down until you find the Emsisoft Anti-Malware Service, right click on it, and select Stop. After stopping the Emsisoft Anti-Malware service, you should be able to delete the ScanEngineDebug.log file.

To reactivate Emsisoft Anti-Malware, just right-click on the Emsisoft Anti-Malware service, and select to Start it from the menu. Now you can click the Start button, go to Programs, go to Emsisoft Anti-Malware, and select Emsisoft Anti-Malware Guard to get the icon back in the System Tray/Notification Area.

Share this post


Link to post
Share on other sites

Did you run the scan with or without Direct Disk Access? If you ran it with Direct Disk Access, then let me know if the scan speed is any faster without it.

Share this post


Link to post
Share on other sites

Tried it without direct disk access. Up until 80%, the scan is slower than a snail. Then it hits 80%, and there's still a delay, however about 30 seconds shorter. Then the scan is still slow until right around 90%, where it speeds up considerably. So I don't know what to think.

Share this post


Link to post
Share on other sites

What type of scan times are you seeing? A few hours to scan an entire hard drive, or more than that? How much different is it than EAM 6?

Share this post


Link to post
Share on other sites

Usually an hour or two (3 hours on occasion) for the entire drive plus 20 to 30 minutes for processes, traces, etc. and the delay at 80%, compared to 30-45 minutes total in version 6.

Share this post


Link to post
Share on other sites

This could be related to the fact that BitDefender's engine scans more types of archives than the Ikarus engine did. What happens when you disable the option to Scan in compressed archives (zip, rar, cab)?

Share this post


Link to post
Share on other sites

Our developers are asking for a new engine debug log and a scan log. They also want the scan that the logs are from to be run without direct disk access.

Please note that if you have not restarted your computer since the last time you ran a scan, that you should go ahead and do so now. This will cause Emsisoft Anti-Malware to create a new ScanEngineDebug.log, so that our developers get a fresh log with data from only one scan.

Share this post


Link to post
Share on other sites

OK, our developers have taken a look at your logs. They did ask if there was a reason why the "advanced caching" was disabled in the scan performance settings, as this technology is used to speed up the scan times. They also wanted log from OTL and Speccy, so here are instructions for those:

Getting OTL Log:

  1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
  2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
  3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
  4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
  5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

Getting Speccy Log

  1. Please download Speccy Portable from this link, and save it on your desktop.
  2. Once the download has completed, right-click on the file that you saved on your desktop, and extract the contents (this should create a new folder on your desktop with the Speccy files inside of it).
  3. Open the Speccy folder on your deskop, and run Speccy (if your computer has a 64-bit edition of Windows, then you may wish to run Speccy64 instead).
  4. After Speccy launches, you should see a little circle spinning in the lower-left corner to indicate that it is building a list of the hardware in your computer. Once this spinning circle disappears, please proceed to the next step.
  5. Click on File, and select Save as Text file to save the log.
  6. Please save the log on your desktop, and then attach it to a reply by going to More Reply Options to the lower-right of where you type in your reply to access the attachment controls.

Share this post


Link to post
Share on other sites

Ok, first let me start off by saying that if you notice that Extras.txt is missing, it never appeared after the OTL scan.

Second, after version 7.0.0.12 downloaded today, I went ahead and attempted a scan to see if it helped anything (although I stopped it at the 80% delay). I thought you should know that the scanner has for some reason started 30-second delays at 40% (scanning traces) and 60% (scanning cookies), though the latter may be attributed to it detecting 56 tracking cookies. Now when I tried to delete these cookies all at once, EAM for some unknown reason locked up. I had to re-scan and delete the cookies 6 at a time to keep it from locking up.

Third, about the advanced caching question, its just that I didn't trust it, since, as I understood (please tell me if I'm wrong), it decided which files couldn't be infected and could be automatically trusted, therefore skipping over it. And I have adopted a policy of don't trust anything unless I explicitly say so.

Share this post


Link to post
Share on other sites

The caching is a little more than just skipping over files that are trusted. There are certain checks that are done to verify if a file has changed since it was determined to be safe, and the file will be scanned if there is a possibility that it has been compromised.

Also, in regards to your Speccy log, one of our researchers determined that it contained your Windows license key, so they immediately deleted the log. If you open Speccy again, there should be an option in the File menu to publish the information to the web (which should not contain any sensitive information) and you should be able to post a link to that information for our developers to see.

As for Extras.txt, it should be saved on your desktop automatically after the scan. I probably need to review my instructions and make sure that OTL's behavior hasn't changed in regards to how it shows you the logs.

Share this post


Link to post
Share on other sites

Our developers have let me know that the scan times you are experiencing are fairly normal for the settings you are using during the scans. They also let me know that the pause around 80% completed is by design, as the scanning engine stops to evaluate the number of files to scan during the next stage, so that it can accurately calculate the progress of the rest of the scan.

Share this post


Link to post
Share on other sites

As long as there's nothing wrong with the scanner(and if I may make a suggestion add a message to keep people from thinking that there's a problem).

Anyways thanks for the help.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.