With this mornings update (3/5/08), C:\Windows\System32\WUAUCLT.exe (windows update agent) is being stopped by Comodo BOClean as DRP-AGENT.SCK malware.
Is this another false positive like the USERINIT.Exe fiasco of a few weeks ago or is this real?
I posted to Comodo’s BOClean forum and someone else promptly indicated the same thing happened to them. I have had quite a few clients receive this prompt, with at least one selecting “Yes” to BOClean’s offer to delete the file.
As of 24 hours later, Comodo has not chimed in; although my laptop, the first to experience the problem, updated the definition file again around 4pm and then no longer reported the problem.
This is frustrating. Yes, Comodo gives away BOClean for free, but I have a number of clients who paid for it just a year or two ago.
Compound this with the ongoing “file corrupt” message that only goes away if you know the trick (I have a video), and the UserInit.exe false alarm just a short time ago that rendered many PC’s unable to login (and me glad I typically install Windows Recovery Console on PC’s), and I’m about to pull my support of the formerly fantastic product and uninstall from all of my client computers.
Very sad. As another poster commented: “This never happened when Kevin (owner of NSClean who created it) was running the show”.
This week I have had several questions about Windows Startup Problems. Enough so that I create a new page on my website for various Windows startup issues. One question came via my YouTube Channel.
One additional issue I had I haven’t seen before. Windows would startup, with some noises on initial power up, as long as the network cable was unplugged. I haven’t been able to find the time to track it down completely, but I’m suspecting the power supply is weak. Windows would begin to start up, but then reboot - I presume at the point where Windows networking was activated.
It was easiest to swap out the PC with one almost identical and just swap hard drives. That’s a clear benefit to buying workstations that are essentially identical and not just buying the big box store “value of the month” whenever you need a new workstation for your office.
I have stated before that I always make sure a new PC has the i386 directory from the Windows CD installed onto the hard drive, typically into C:\i386.
But you might find that on Dell Computers, the i386 directory is on the C: drive, but the above command doesn’t work. I’m not exactly sure why, it isn’t worth my time to find out.
But the other day I had that problem on a new Dell Laptop and fixed it by simply re-copying the i386 directory and then running the command above.
I have recently complained about Microsoft requiring a floppy drive to load a driver on Windows Recovery and installation. Well, though I haven’t had reason to try it yet, Windows Vista now allows one to load a driver from something other than a floppy drive - FINALLY!
The easy way to install Windows Recovery Console is to have the i386 directory already copied to your C drive.
Get to a command prompt. Start | Run , type: cmd
type: Cd \i386
type: winnt32 /cmdcons
After it installs (do be connected to the internet when it installs, it may download updated files), you will want to reduce the prompt time at boot up by right-clicking your My Computer icon, select properties, click on the advanced tab then click the settings button under “Startup and Recovery”.
Reduce “Time to display list of operating systems” to somewhere between 3 and 5 seconds. Depending on your PC, 3 seconds might not give you a chance to see the menu and 5 may just delay boot time.
You aren’t done yet..
Test. Reboot and test.
Some PC’s require a driver in order for Windows Recovery Console to be able to read the hard drive. If the PC won’t boot to the console, then you likely need a driver. This is done by pressing F6 when prompted and having the proper driver on a floppy disk in your A: drive.
Don’t have an A: drive? (besides on a laptop). Then you have succumbed to the stupidity of the PC makers/sellers who think they are outdated but don’t know squat about the behemoth from Redmond still relying on them.
Why does Microsoft INSIST on that driver coming from the A: drive? I have no idea.
But if you have a laptop or a desktop with a floppy drive, about $30 bucks will buy you a USB floppy drive.
Just what I needed. BOClean’s update on or about 12/18/2007 misidentified userinit.exe as having malware. And if you either have BOClean configured for “unattended cleanup and removal”, which I no longer recommend, or answered “yes” to delete the file when prompted, then next time you tried to logon to Windows XP it would logoff immediately. Userinit.exe was gone.
Ok, how to fix?
Well, I always install Windows Recovery Console when I setup a new PC; and I always copy the i386 directory from the Windows XP CD to the C drive. That lets me boot to the Windows Recovery Console and execute the command:
Expand C:\i386\UserInit.ex_ C:\Windows\System32
then reboot and problem solved.
Otherwise, you get to boot from your Windows XP CD and get into the Windows Recovery Console that way and expand the file on the CD.
