BOClean update corruption problems (resolution steps)

[Guest]

[Shady Bimmer]

First, I will state that I did a bit of searching and found the answers I've needed, but it was not easy.

It appears that the 'BOC425.XVU is corrupted' issue is not so uncommon.  On my XP systems and on my 32-bit Vista (64 bit CPU) I have never experienced a problem, but on my 64-bit Vista install the problem has now occurred four times in one month!

I have found bits and pieces on possible solutions all over, and I have seen the same suggestions spouted even after the original poster specifically stated it did not work for them.

First, as anyone that has experienced this problem on startup, it is not possible to get past!  Suggestions on using 'rollback' are completely pointless since BOClean can't even start.  The window can not be dismissed and will repeatedly come back unless the task manager is used to find and terminate the process abruptly.  Suggestion:  Perhaps this error popup can offer an 'exit' option to allow users to continue unprotected.  It is a hassle to have to use the Task Manager to forcibly kill this process, and there are many users that wouldn't even know what that means, let alone how to do it.

Next, the same suggestion to simply use the Updater to fetch a new update is getting old.  As many have pointed out it does not always work.  In fact for me it never works.  Only after even more searching did I find additional posts about terminating both bocore service and boc425 process.  Expecting the general public to understand what this means and how to do it may be asking a bit much, and specific instructions probably need to be provided.

Sadly this has not worked for me either.  When I run the updater, it repeatedly tells me I already have the latest update and will not re-download a new set of definitions.  Please stop suggesting this is the answer as others have similarly indicated it does not always work.

Finally I did more searching and found suggestions to use windows to search for files of specific names and delete them.  Sadly, this did not work either, and even though there were no files named *.xvu the Updater still refused to obtain a new copy

The last step I had to add was removal/reinstall.  Note that this by itself did not resolve the issue, but everything combined works.  If the remaining boc425.xvu files don't get removed they seem to still cause a problem even after reinstall.

So, my endeavor each time this happens now involves the following long list of steps.   This is all that seems to work for me, but the problem does seem to come back again.  This has a few items unique to Vista, but this is the only place I've seen this happen.  I put this together and sent to someone else that had the same problem, again on Vista, and she was able to follow it.

• Right click on the Task Bar and select 'Task Manager'
• Click on the 'Processes' tab, then click on the 'Image Name' column header to sort by name
• Click on the BOC425.EXE process (image) name.
• Click on the 'End Process' button.  When asked for confirmation select 'End Process'
• Click on the 'Services' tab
• Click 'Services' button.  You will need escalated privileges and will either need to acknowledge or provide the Administrator password
• Click the 'Name' column header in the new 'Services' window to sort by Name
• Click on the BOCore service, then right click and select 'Stop'
• Close the Services window (File -> Exit)
• From the Start menu, select 'Search', then click on 'Advanced Search'
• For Location, select 'Local Hard Drives (C:)'
• Check the box that indicates 'Include non-indexed, hidden, and system files'
• In the 'Name' box type 'boc425.xvu'
• When the search completes, highlight all instances and press the 'Delete' key
• You will be asked to confirm this twice, then you'll either need to acknowledge the escalated privilege or enter the Administrator password
• Close the search window
• Remove BOClean: Start -> All Programs -> Comodo -> Comodo BOClean -> Uninstall
• Follow the prompts through to the end
• Find and delete these directories and all of their contents if existing (the uninstaller does not always seem to remove everything during this process).

        C:\ProgramData\BOC425
        C:\Program Files\Comodo\CBOClean
        C:\Program Files (x86)\Comodo\CBOClean

• Re-install (or not) BOClean 4.25

Does anyone else think this is just a wee bit too much effort, especially if the problem only comes back again?

I have seen a few other references that a re-install was needed.  Perhaps someone from Comodo can comment on what else might need to be removed/cleaned up?  I'm not about to spend time searching the registry if I already know a reinstall works.

As for the Vista VirtualStore - this is a 'feature' of Vista, and is something Kevin has commented on previously.  This is why using windows search is important - there may be other copies of the .xvu that need to be removed.  I suspect that when this corruptioni issue happens, it may not affect all users and may only affect the one user with the bad update.

The next time this happens, if I have the time I'll try to collect more info.

[redwolfe_98]

i have only had the problem of having a corrupted "BOC425.XVU" happen once, in recent history.. apparently, it was just a fluke..no one else experienced the same problem with the update..

it is not that hard to fix the problem of having a corrupted BOC425.XVU file since there is a "backup" of the "old" BOC425.XVU file which wasn't corrupted..

to fix the problem, just close BOC, then delete the corrupted BOC425.XVU file, then rename the "old" BOC425.XVU" file, changing the file's name from "BOC425.OLD" to "BOC425.XVU".. then, restart BOC..

the BOC425.XVU files are located in "C:\Doc**ents and Settings\All Users\Application Data\BOC425", on my computer, running "win xp"..

i don't know about "windows vista", but, with win xp, if you are running as a "limited user", in order to be able to udate BOC from within a limited user account, you have to adjust the "BOC425" folder's "permissions", in "C:\Documents and Settings\All Users\Application Data\BOC425".. (i also adjust the "permissions" for BOC's "INI" file, in "c/windows").. so, if you are having problems with updating BOC, maybe it is an issue with the BOC425-folder's "permissions"..

i found the information about running BOC from within a limited user account in BOC's "support" webpage.. here is a link for it:

http://www.comodo.com/boclean/supboc.html

[Shady Bimmer]

Yes - your steps are essentially already what has been found in the forums and do not work.  I appreciate the attempts to help but I wasn't looking for help.  Instead I posted the complete solution that works for me so that it might help others in the same scenario.  Try searching and you'll find this problem is not so uncommon, especially on Vista.

If you had read my post you would have seen me mention more than once that the long series of steps has been required so far.  I really wish people would stop posting how easy it is to fix, especially when they aren't experiencing the problem and aren't reading the posts.  I've seen the same suggestions repeatedly in answers to others looking for help, even after the original post specifically indicated those solutions don't work!

I have been using BOClean since before Comodo (I am/was a paid user) and have never had this problem with anything other than Vista, and even then the problems have only started occurring recently on Vista64.  There is no "C:\Documents and Settings" on Vista.  Instead there is a C:\Users and C:\ProgramData.  Vista introduces the notion of Virtual Stores and updating the copy in C:\ProgramData does no good for LUAs.  In fact attempts at updating the copies in the Virtual Stores by hand was not successful either.

You'd also notice in my post that even after I've removed every copy of BOC425.XVU the BOclean updater *still* refused to fetch a new update ("you already have the latest updates"), and BOClean *still* refused to start with the same error.  There is information being stored elsewhere (registry?) but I have not had the opportunity to look for it yet.  It is interesting that even though no BOC425.XVU file exists BOClean thinks that both 1) I have the latest update and 2) The update I have is corrupted.

I was in fact one of the first to get prior versions of BOClean working under Vista a year ago and had made posts in several forums about how to do this.  I am an experienced user (I still code in assembly and C for similar reasons as posted by Kevin) and I have had to help more than one person through this same problem over the phone.

[FigN64]

In Vista 64bit I found renaming the BOC425.XVU to BOC425.OLD in the directory c:\users\YourUsername\AppData\Local\VirtualStore\ProgramData\BOC425 and downloading new updates fixed my error on reboot. (Enter your login where YourUsername is) I was using Procmon from Sysinternals and was finding this error a lot in my capture.

31118   1:09:25.7520146 PM   BOC425.EXE   4940   CreateFile   C:\Users\Yourusername\AppData\Local\VirtualStore\ProgramData\BOC425\BOC425.XVU   SHARING VIOLATION   Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, No Buffering, Non-Directory File, Attributes: A, ShareMode: Read, Write, AllocationSize: 873,583

Could this be what is causing the corruption?

I was finding alot of Bufferoverflows in my captures. I thought 425 fixed this problem? Perhaps a diffrent problem?
 
36942   1:09:27.4046914 PM   BOC425.EXE   4940   RegQueryValue   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Features\HandWritingFiles   BUFFER OVERFLOW   Length: 144

Maybe somone from Comodo can help with this?

[rowie]

I've had exactly the same problem with Vista Basic, an uninstall and reinstall doesn't cure the problem.
The file 'boc425.xvu is left behind after an uninstall, as "Shady Bimmer" explains above, search for the file and delete it. Then re-install and hopefully the downloaded update wont be corrupted, and everything works well.

[Kevin McAleavey]

In Vista 64bit I found renaming the BOC425.XVU to BOC425.OLD in the directory c:\users\YourUsername\AppData\Local\VirtualStore\ProgramData\BOC425 and downloading new updates fixed my error on reboot. (Enter your login where YourUsername is) I was using Procmon from Sysinternals and was finding this error a lot in my capture.

31118   1:09:25.7520146 PM   BOC425.EXE   4940   CreateFile   C:\Users\Yourusername\AppData\Local\VirtualStore\ProgramData\BOC425\BOC425.XVU   SHARING VIOLATION   Desired Access: Generic Write, Read Data/List Directory, Read Attributes, Delete, Disposition: OverwriteIf, Options: Sequential Access, No Buffering, Non-Directory File, Attributes: A, ShareMode: Read, Write, AllocationSize: 873,583

Could this be what is causing the corruption?

I was finding alot of Bufferoverflows in my captures. I thought 425 fixed this problem? Perhaps a diffrent problem?
 
36942   1:09:27.4046914 PM   BOC425.EXE   4940   RegQueryValue   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040110900063D11C8EF10054038389C\Features\HandWritingFiles   BUFFER OVERFLOW   Length: 144

Maybe somone from Comodo can help with this?

 Sorry for "Vista being Vista" ... I'm working on the next BOClean, but absent any REAL problems, I like many other software authors are waiting to see what this "SP1 for Vista" turns out to fix. Your "buffer overflow" issues are not BOClean - we call the standard BOClean location which will NOT suffer BOF's, apparently this is a problem in the protected stores that Vista is using (since Vista, not any external program, controls how the valid redirect is written out) and it would appear to my own old feeble mind that Vista can't count its ... ummm ... errr ... balls and come up with the same number twice if this is the case. All of that handling to the "virtual store" is redirected by Vista's kernel *directly* and without benefit of external intervention and we have no control over it after a proper file call and size presented on the original call to the original space ... that BOF is Windows. 

 As to the "corrupted database" problem ... perhaps I can explain what BOClean does when it handles an update since we've seen a number of database issues since the "old days" ... that necessitated a redesign of the handling back in BOClean 4.24 to deal with that, and the way we dealt with it was to have BOClean BACKUP the prior database before grabbing an update. This way, BOClean would automatically fall back to its prior database after issuing that screen warning that the NEW database somehow got messed up. Once that was delivered, BOClean will then reload the prior database and use that long enough to run and collect a new one. Apparently in a few cases lately, the BACKUP was also corrupted, leading to a "no win situation." I never expected that. 

 So, as the next version of BOClean is under design, my plan is to rewrite the code to try it anyway, and if the backup is corrupted, then offer to download a GOOD database (hadn't expected the need, my apologies) and keep trying until you say "I give up, I'll fix my connection and try again." Sorry, folks - we had a few of these in the past, and the "backup of good/restore last" made QUITE the difference. Looks like a bad download can get backed up in Vista owing to its quirky "does this file go where it's supposed to? Or should I hide it in a personal store and mark it "qwap?" And of course, when Vista decides to do this, it doesn't notify proggies of the redirect without making a proggie incompatible with everything prior to Vista ... nor does it remove these "images" itself once what it replicated has been uninstalled. And sadly, there's nothing an uninstall can DO about that. At least not so far as I know. Those "virtual stores" only exist in the first place because BOClean was denied access to write to its PROPER space by Vista! Otherwise, there wouldn't BE anything there.

 GHODS! I hope Microsoft fixes Vista with this magical "SP1" ... alas, nothing Microsoft even STARTED to work until an SP2. 

(my own PERSONAL opinion after 27 years of Microsoft - my opinion expressed is NOT that of COMODO ...)

[redwolfe_98]

shady bimmer, what you are saying amounts to simply uninstalling BOC and then reinstalling it.. i don't see how that would resolve the problem with the corrupted databases, when running BOC with vista.. i would think that the problem would just keep repeating since nothing is changed except that BOC has been uninstalled and then reinstalled..

update: shady bimmer has pointed out that there is only a problem when running BOC with 64-bit versions of windows..

[Shady Bimmer]

shady bimmer, what you are saying amounts to simply uninstalling BOC and then reinstalling it.. i don't see how that would resolve the problem with the corrupted databases, when running BOC with vista.. i would think that the problem would just keep repeating since nothing is changed except that BOC has been uninstalled and then reinstalled..

Hmm.  A simple removal and reinstall is not sufficient itself and my long list of steps can not simply be reduced to that.  It isn't clear how you came to that conclusion.

Removing all copies of the database was not sufficient itself either since BOClean still did not want to fetch a new update.  I could probably have waited a day or so until another update appeared at Comodo and tried again, but I chose not to run 'exposed' that long.

It took the long list of steps I listed to recover from this.  After searching the forum and reading other posts I am not the only one that has found that multiple steps are required.

Since you haven't experienced this problem why are you disagreeing?

I also have been using BOClean on my Vista32 install for over a year and have not had any corruption issues there.  It has only happened on my Vista64 install, and has unfortunately happened several times there.

[redwolfe_98]

i noticed that "windows defender" uses special malware-databases for "x64-based versions of Windows".. maybe that is also what is required, a special version of BOC malware-databases for "x64-based versions of Windows"..

here is a link to a MS webpage that shows that MS uses a special version of malware-databases for "x64-based versions of Windows":

http://www.microsoft.com/security/portal/ADL.aspx#top

[stretch10066]

I had the same problem but I had already uninstalled the program before I read this forum. I went and followed your instructions and found that you could skip down to the advanced search for boc425.xvu and start there. After that the  only files I found were the c:\program files\comodo\cboclean. I think that if it happens again I will try the advanced search for boc425.xvu, remove that and then reinstall

[bluesjunior]

I had this same problem yesterday and ended up uninstalling BoClean. Then before reinstalling it I thought I would visit here to check up if any others had the problem.Found this thread and like Stretch 10066 I followed Shady Bimmers instructions to remove any residue left over. This worked fine I have reinstalled BoClean and it appears to be working ok again.

My system is XP Home SP2 and up to date. Most of you others with this problem seem to have Vista.

[Libra1]

I experienced this problem with Windows 98se today.  I removed BOClean but Boc425.exe and Boc425.dll remained in Program Files.  Also, BOC425.xvu cannot be deleted.  So I presently have a message on my desktop from BOClean saying BOClean database is corrupted.  BOClean is not in add/remove, and there is nothing to the right of BOClean in the start menu.

I have no protection and don't know how to  fully remove BOClean to try to install it again. I'm in a mess.

Sincerely, Libra

[andyslogos]

Hi

I have been using boclean for about a month with no problems until yesterday, then I got that stupid message that you can't get rid of without taskmanager saying about the corrupted BOC425.XVU files.

Just as shady says all that info about re naming the backup file etc etc does absolutely Nothing. I had to uninstall then delete the remaining files and re install.

This fixed the probelm until just now, about 5 re booots later, the same damn error 

This time renaming the backup file does seem to have fixed it.

Why is this happening now ? Once more and it's 'gone' There is nothing that 'bugs' (!) me more than buggy software, let alone security software that causes problems.

And by the way I am NOT using Vista but win xp home sp1, and don't start going on about I should be using sp2.. that's your opinion 

Regards
Andy

[reldel]

Another instance in Vista,

This morning in Vista Home Premium, the update corruption problem struck my system.  It just popped up out of the blue. 

The strange thing is the corruption only shows on a standard account and not an administrative account. 

I tried uninstalling and reinstalling with no success.

At this point if uninstalled and will leave it off of system.

One further note, before corruption showed as error screen, Boclean dissappeared from the notification area of the taskbar.  I checked the task manager and Boclean was still running BUT it was showing 50% CPU usage instead of 1-2% and memory of Boclean was only about 2,100 instead of the usual around 14,100 on this system.

Reldel

[2magpies]

 
Hi have had this problem a few times now .. and have tried various methods of removal
only to have the same message come back..

tried this method by shady bimmer for now the method has worked
and I'm using Vista home premium
so will keep updating if any problems come back..
cheers
Rick

[Tags:]