Possible Serious Problem with CAV

Hi All,

   For the second time in a week, I have a problem with Windows because my hal.dll file went completely missing from my PC. Now there could be a lot of causes for this and I am trying to narrow it down as best as I can. So far there is only one consistent thing I have done when this happened, and that is to start a full virus scan right before I went to bed (Something I do often) with CAV. 

When I get up in the morning that scan shows complete and the system seems fine but if I reboot it, that file is gone… This morning I just reinstalled Windows instead of pulling the hard drive. Once I get everything exactly like I had it before, I will test this again. Just wanted to let you guys know that there is the potential for a serious problem here.

Check your quarantined files in CAVS
it could be there.
if it is, then exclude this file so that it does not get caught again.
it could be a false positive and u can submit this file to Comodo to make sure they fix it.

Melih

Hi Melih,

       That could definitely be it and I will check it, but it makes XP completely inoperable as it will not boot. So unless you catch it after the scan there is no way to get in to look for it. You can't extract that file from the XP disk either, so you either have to pull the hard drive and copy the file off another PC or reinstall windows altogether.  

It doesn’t bother me that much as I have all my data backed up on an external hard drive, but I just don’t want to see anyone lose any information from their PC.

Thanks for the quick reply and I will see what I can find out.

ok. pls keep us informed. so that we can fix it asap.
thanks Ryan

Melih

The last thing I’ve done after getting CAV installed successfully here tonight is start a Full System Scan. It’s still running, so I’ll post back with my results.

I must admit though that while a part wouldn’t mind duplicating your problem to prove it, I’ve crossed all fingers and toes in support of not reinstalling WinXP. :smiley:

P.S. Thanks for giving permission to use your excellent Sig image… saved me from feeling like a clepto ;D

EDIT
Ok, the scan just finished… and Hal.dll is still in the C:\Windows\System32 folder… phew :smiley:

… or is rebooting to see if the file is still there the final step?

Hey, no need to thank me on the sig image. Consider it a small gift to an awesome community.

I have two theories on why this is happening which I am testing now. Will let you know the results.

Hello all.
Regarding the inability to perform maintainance on a ‘dead’ system, I have used the excellent
pre-installation environment that PEBuilder (Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD) offers. This is virtually “Windows XP Pro Live” and while not sanctioned or in any way supported by
Microsoft it is, in the author’s eyes at least, legal. It allows full R/W access to your harddrive
installation and you can customize its build by adding various handy plugins. I have used it for
a few years now, and as the author says " 'cause being an admin is hard enough".
Regards,
Lauren
(R)

I’ve even used Live Linux CD’s to access files on a PC that won’t boot windows… usually Ubuntu/Kubuntu [url]http://www.kubuntu.org/[/url]

Well so far my theories have been false but I do not have all of the same software installed on my PC. I wiped the hard drive last time just because once I copied the HAL.DLL from my other PC, i had to reactivate windows and reinstall a bunch of software because for some reason it was corrupt. I have some more updates to do and then I will test my theories again.

This is one of those issues that you don’t want to happen but wish it would so you could get down to the root cause. If you can understand that…

Melih / Ryan,

I’ve also has the missing hal.dll problem, but only once. It required a reimage to recover. As best as my memory serves me, the HAL problem occured on the first reboot after installing CPF beta 2.2.0.19 (after having uninstalled the previous stable version).

I first tried to copy hal.dll from anorther working system, but then found that ntoskernel.exe was also missing. Copying this from the working system would not allow the PC to boot.

After reimaging, the PC was in a Comodo-free state (image was taken in mid-March). Clean install of CPF beta 2.2.0.19 followed without incident and has performed flawlessly since. Subsequent upgrade to beta 2.3.0.20 was a no-brainer.

Ryan, did your hal error occur after installing the first beta and did you previously uninstall a stable version that used IS installer?

Just a thought?
Ewen :slight_smile:

Since the stable version used the InstallShield uninstaller and the subsequently installed beta didn’t, could this have a bearing?

just as an FYI… (from a non-missing HAL user)

My CPF path has been… 2.1.1.1 → 2.2.0.11 (auto update) → 2.3.0.19 Beta (reinstall) → 2.3.1.20 Beta (reinstall).

Maybe this helps to prove/debunk that theory.

Thanks for the response fellas,

                     Ewen, I do believe what you are stating did in fact occur the first time this happened. I uninstalled the public version and installed the beta version but I can't quite remember the second time (funny since it was more recent) So far I have been operating without incident even after retracing my steps the night of the second occurance. I am currently running the most recent beta of CPF. 

                   The reason I thought this was strange was because both times this happened, I did the exact same thing. I launched a full system scan and then promptly went to bed. The next morning the HAL.DLL was missing. I thought this could of triggered by the screensaver or standby starting while the scan was running. 

Never would have thought it would have to do with the installation of CPF, but then again if the Installshield was buggy, who knows…

Thanks

I don’t know if this is helpful or not, but I’ll post in case it is.

I’ve lost c:\windows\system32\hal.dll twice in the last two days.
Here’s the sequence for me.

Downloaded and installed the Comodo Antivirus Build Version 1.1.0.3
During install, I still had CA’s eTrust Antivirus installed, but had turned off all the scanning options.

After install, I ran a complete scan, which hung up after an hour. Rebooting after that, I was missing hal.dll

I retrieved it by booting from my XP CD to the Recovery Console and typing
expand d:\i386\hal.dl_ c:\windows\system32

Upon rebooting after that, my system had lost all device drivers, so it redetected literally everything. I had to manually install a couple of drivers to get back to normal.

Later, I uninstalled Comodo Antivirus and CA eTrust and started over. Installed CPF as well as Comodo Antivirus this time around, and things seemed to go better. (CPF 2.2.0.11??, not the beta)

After reporting some issues on the CPF forum, I was led to the Beta version of CPF. So, I uninstalled CPF 2.2.0.11, which required a reboot. Again, hal.dll was gone. This time though I didn’t lose all my devices at the same time.

Now I’ve installed CPF 2.3.1.20 BETA.
I have not yet run a complete antivirus scan to see if it completes.
Is there a newer Comodo Antivirus in Beta? I have other issues.

My system hasn’t been very stable from the outset after installing Comodo antivirus. At some point, I was missing devmgmt.msc as well as all the other Microsoft Management Console plugins, and had to retrieve them from the XP CD. Starting up Microsoft Excel has invoked the Office Professional setup process a couple of times. After it churned for a couple of minutes, Excel finally came up. I’m just having a lot of weird things happen.

Now I've installed CPF 2.3.1.20 BETA. I have not yet run a complete antivirus scan to see if it completes. Is there a newer Comodo Antivirus in Beta?

Nope that’s it so far, but the next version is not far away from what I have read in the forums.

The HAL.DLL was the only major issue I have had so far. I actually had a dream about it happening again… ::slight_smile:

Since I installed the lastest version of the CPF Beta’s. I have not had any problems. I hope it continues that way.

I had that problem on 6 PCs, when Comodo team will patch this?

This is very important!!!

Faxophone

Can you pl attach the Hal.dll for further analysis. You can simply scan the windows directory and see if any of windows files are being detected. Pl do not quarantine any files and attach here those files which are being detected. Also send us the the ‘version information’ which will give us the database version information you are using.
For version information:
Go to Main window->About->Version Information

you dont have to ask us to submit it - `ask Microsoft for a copy. :wink:

HAL.DLL is a Windows system dll - HAL = Hardware Abstraction Layer. It is responsible for enumerating and determining the hardware installed in a system. No hal - no hardware!

This has been reported several times. Love to hear Comodo’s take on this problem.
Ewen :slight_smile:

Ewen

I guess this topic [url]https://forums.comodo.com/index.php/topic,1229.0.html[/url] is the same issuue.

Is CAVS really detecting hal.dll & offering it up for quarantine?

The problem is clear like the water, I install comodo antivirus on 25 PCs, this morning 20 PCs have booting problems because they loose Hal file.

I loose a day of work :frowning: and I think that, until a new release that resolve the problem, I will install another antivirus.

I believe in Comodo software but this problem is too serious and I cannot spend time to use beta software.

Thanks,

Faxophone

For those of us who don’t have this problem should we be worried?

Mike