HP ProBook 6560b Fails to load EXE's Correctly

Posted on 2012-09-16
Last Modified: 2013-11-22
Hey guys, Ive got an interesting one here.
I have a customer with Multiple HP 6560b laptops and a few of these have all experienced the issue below. So far we have been fixing these with a reload of Windows.

Machines are running Windows 7 Pro x32, are joined to a domain and have Sophos anti-malware

EXE files themselves are fine so its not the file association (I can load stuff like IE, and Control) but alot of other apps start loading.. consume a small amount of ram (Less than 1MB) and hang.

I've noticed that the c# debuger and CSC both appear to have alot of threads when viewed in process explorere

The affected apps have no child processes and dont "Hang" they just present nothing at all to the user

Machines have been scanned with MSSE offline scan and Malware bytes
The issue affects all profiles on the machine and Extremely long startup and shutdown times are experienced.

No high CPU time, No high disk usage..

Its like a debugger is running but I cant find where from (no visual studio or similar)

Any ideas where to start
Question by:JimmyDaily

    Author Comment

    Interestingly further troubleshooting shows, if an app wont load.. Kicking it off in any kind of compatability mode makes it load perfectly.

    Processmonitor shows a ton off calls to google desktop and sophos.. then CSC takes over

    Author Comment

    I should also mention, the customer has a bunch of macbooks in the same network running Windows 7 via Vmware Fusion and they dont appear to be affected.. Im thinking its some HP specific software.
    LVL 2

    Expert Comment

    Try uninstalling the HP Security software and just leave the bundled drivers in there. The HP Security platform can be more troublesome than it's worth. Sophos will ensure the laptop is still secure. Also ensure there are no other antivirus tools running such as Microsoft Security Essentials.

    Also ensure it's fully patched.

    Author Comment

    We remove HP Protect tools as part of our standard "build"'s on these laptops.. but ill try removing the rest of the HP bloatware when I'm back at the office tommorow.

    Sorta hoping I can run hijack this tomorrow in compatibility mode.

    Accepted Solution

    Turns out it was the installation of Sophos causing the problem.
    Removed it using "Autoruns" from app-init in safe mode. Bang! machine is as good as new.
    Re-added it for good measure.. problem comes back

    The offending process was "sophos_detoured.dll" called "Sophos Buffer Overrun Protection"

    After removing it and installing Updates for Windows and Sophos the App-init hook re-appeared. However normal boot times and application behavior was observed.

    Im guessing this was a bug in sophos and it couldnt update itself as the updater was an EXE

    If anyone else is running into this issue, here is a more permanent way to disable detoured

    Note: Adjust path for 32bit.
    Then remove the reference from:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
    to the Sophos dll, leaving other entries as they are if present.
    You would then need to reboot to unload detoured from existing processes.
    The above registry key will prevent detoured being rewritten on updates as just removing it from the AppInit_DLLs will not prevent it being re-created.

    Author Closing Comment

    Self Diagnosis

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now