[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

HP ProBook 6560b Fails to load EXE's Correctly

Posted on 2012-09-16
6
Medium Priority
?
972 Views
Last Modified: 2013-11-22
Hey guys, Ive got an interesting one here.
I have a customer with Multiple HP 6560b laptops and a few of these have all experienced the issue below. So far we have been fixing these with a reload of Windows.

Machines are running Windows 7 Pro x32, are joined to a domain and have Sophos anti-malware

EXE files themselves are fine so its not the file association (I can load stuff like IE, and Control) but alot of other apps start loading.. consume a small amount of ram (Less than 1MB) and hang.

I've noticed that the c# debuger and CSC both appear to have alot of threads when viewed in process explorere

The affected apps have no child processes and dont "Hang" they just present nothing at all to the user

Machines have been scanned with MSSE offline scan and Malware bytes
The issue affects all profiles on the machine and Extremely long startup and shutdown times are experienced.

No high CPU time, No high disk usage..

Its like a debugger is running but I cant find where from (no visual studio or similar)

Any ideas where to start
0
Comment
Question by:JimmyDaily
  • 5
6 Comments
 

Author Comment

by:JimmyDaily
ID: 38404528
Interestingly further troubleshooting shows, if an app wont load.. Kicking it off in any kind of compatability mode makes it load perfectly.

Processmonitor shows a ton off calls to google desktop and sophos.. then CSC takes over
0
 

Author Comment

by:JimmyDaily
ID: 38404544
I should also mention, the customer has a bunch of macbooks in the same network running Windows 7 via Vmware Fusion and they dont appear to be affected.. Im thinking its some HP specific software.
0
 
LVL 2

Expert Comment

by:WotanAU
ID: 38404601
Try uninstalling the HP Security software and just leave the bundled drivers in there. The HP Security platform can be more troublesome than it's worth. Sophos will ensure the laptop is still secure. Also ensure there are no other antivirus tools running such as Microsoft Security Essentials.

Also ensure it's fully patched.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 

Author Comment

by:JimmyDaily
ID: 38404930
We remove HP Protect tools as part of our standard "build"'s on these laptops.. but ill try removing the rest of the HP bloatware when I'm back at the office tommorow.

Sorta hoping I can run hijack this tomorrow in compatibility mode.
0
 

Accepted Solution

by:
JimmyDaily earned 0 total points
ID: 38407920
Turns out it was the installation of Sophos causing the problem.
Removed it using "Autoruns" from app-init in safe mode. Bang! machine is as good as new.
Re-added it for good measure.. problem comes back

The offending process was "sophos_detoured.dll" called "Sophos Buffer Overrun Protection"

After removing it and installing Updates for Windows and Sophos the App-init hook re-appeared. However normal boot times and application behavior was observed.

Im guessing this was a bug in sophos and it couldnt update itself as the updater was an EXE

If anyone else is running into this issue, here is a more permanent way to disable detoured


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\SAVService\SetupOptions]
"DetourDLLState"="excluded"
Note: Adjust path for 32bit.
 
Then remove the reference from:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
to the Sophos dll, leaving other entries as they are if present.
 
You would then need to reboot to unload detoured from existing processes.
 
The above registry key will prevent detoured being rewritten on updates as just removing it from the AppInit_DLLs will not prevent it being re-created.
0
 

Author Closing Comment

by:JimmyDaily
ID: 38424407
Self Diagnosis
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question