If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Agent won't open, after restart
On Thu, 22 Oct 2015 06:27:35 -0400, Micky
wrote: I'm running Vista, but it seems a lot like Windows 7. Agent 1.93 will not open. I posted about this before in the Forte Agent group but after a bunch of efforts including reinstalling Agent 1.93, I'm thinking there may be an OS problem. AFAICT, you didn't really say why you think it's the OS. Going back about 12 days ago, I had just copied, using Win Explorer, about 5 gigs of files, all of them downloads***, from a backup copy of my XP drive (after XP stopped working and I moved to a Vista computer). The source drive was in a BlacX dock and I only have one partition in the Vista computer. ***None were system, hidden, or read-only. All the files went to subdirectories of C:\downloads. During the course of the copy, my antivirus alerted on about 3 of them. Somehow AVG deleted or quarantined 2 files from the target drive and one from the source drive. I would think all of the quarantines would be from the same drive. Soon after that I restarted Windows, without any power to the HDD dock, (and after I probably started Eudora, Firefox, and Solitaire) I had done little else when I found that neither version of Agent, 1.93 or 6, would open**. Later I restarted the computer and 6 has worked since then. **Coincidence? I think not, but no time to worry about it. Now that ver6 is working, I'm able to post using it and not rely on groups.google. (Which doesn't carry alt.windows7.general, btw) Instead of installing agent 1.93, all I usually do is copy the program and data files and Agent will run, and all I did this time is copy them from the XP backup, and it worked in Vista for 3 weeks without installation. Then it stopped working. As my last step in trying to repair it, I backup up the data and reinstalled v 1.93 but there is no change. This is the problem: I click on the icon and the little blue circle spins around for 5 seconds, then goes away, and the Agent window never appears on my screen. I've waited at least 5 minutes. I go to task manager and it's not listed in Applications but in Processes, it's running and uses between 46 and 51% of the CPU. I can cancel it there, but the next time the same thing happens. What to do? At Ralph's suggestions, I did the following:\ I tried opening a cmd box and going to the directory where Agent resides and running START "" /WAIT .\agent.exe No messages were displayed. After I ended the process with Task Manager, the dos prompt returned to the dosbox. Then I ran echo %ERRORLEVEL% and the result is 1. I forget what 1 means. None of Agent's data files show a more recent update date than the date it last ran. Even though I have no reason to think so, I keep thinking something changed in Vista, an automatic update, that has make 1.9 not work. This is contradicted by the fact that AFTER the problem started, I got a message that updates were ready for installation. I held installation off for 8 elapsed hours while I tried to fix Agent, but then I thought maybe the update would fix it, so I restarted windows, but there was no change. And how could there have been an update to Vista BEFORE the problem started without it notifiying me like it did afterwards? One reason I think it's Vista is that I had 4 versions of the agent.exe (1.9) and I tried 3 of them and none would start. All had data in a Data subdirectory right inside the directory in which each exe was located. I haven't tried the other two lately, because the dock is turned off, but I'm sure they wouldn't work. I changed the Agent Shortcut to point specifically to the data folder, even though it's inside the program folder, and that made no difference. But even if Agent could not find the data folder, it should still start. Is there a way to identify Vista updates, to see if any ran just before this problem started, and possibly uninstall them? I knew where the updates were in XP, with names beginning with KB, iirc. Well, I found such directories in windows\system32\temp and all of the dates were 4 days after the problem started on October 13. My friend who gave me the computer reloaded Vista in April and dl'd a lot of updates then, but I would think there would be others after April and before October 13. I disabled my AV prior to trying to start Agent and it didn't help. Could this have anything to do with protected files? I thought c:\programs would be in a totally unprotected area, and it had been running fine , but protected files are new to me. I went to see if VirtualStore was enabled, went to Control Panel Administrative Tools Local Security Policy I got two error boxes when opening Local Security policy!!, but it still opened. Then to Local Policies Security Options and "User Account Control: Virtualize file and registry write failures to per-user locations" was enabled. I looked in subfolders of the VirtualStore C:\Users\USERNAME\AppData\Local\VirtualStore to see if there is any Agent data was there, but there was nothing there at all. All of my hidden and system files and folders are UNhidden. Any help is appreciated. |
Ads |
#2
|
|||
|
|||
Agent won't open, after restart
|
#4
|
|||
|
|||
Agent won't open, after restart
On Fri, 23 Oct 2015 04:18:38 -0400, Paul wrote:
Micky wrote: On Fri, 23 Oct 2015 03:06:05 -0400, wrote: On Thu, 22 Oct 2015 06:27:35 -0400, Micky wrote: I'm running Vista, but it seems a lot like Windows 7. Agent 1.93 will not open. I posted about this before in the Forte Agent group but after a bunch of efforts including reinstalling Agent 1.93, I'm thinking there may be an OS problem. AFAICT, you didn't really say why you think it's the OS. I guess you're right. I left out one big thing. When clicking on the icon woudlnt start the program, I clicked on the program.exe itself, using win explorer. When that didn't work, I found two of the three backup partitions I have, and I clicked on the program name in each of them. Same result. The blue circle spun around for 5 seconds, but nothing ever appeared on the screen. And I had two other copies of the program in the same Agent19 directory, from before I modified the program in 2001. They both gave the same result, nothing started. If the program were fouled up, one copy might be, but not all all five. So something must have changed in the environment, mostly the OS, Vista. But the program had worked fine in Vista for 3 weeks before then. .............. Are you using one of these ? http://mirrors.easynews.com/agent/ft...agent/english/ a16en193.exe 24-Dec-2002 00:00 2.4M a32en193.exe 24-Dec-2002 00:00 2.3M Yes, the second one. 2,405,565 bytes. One looks to be 16 bit, the other 32 bit. Using Virustotal, the 32 bit one might have a 16 bit installer program. Maybe, the fact that they even made a 16 bit version back then shows how big 16 bit was. ******* The full version of Agent has a 30 day trial period. http://users.telenet.be/sb/agent/ And you said: "it worked in Vista for 3 weeks without installation" It's possible it was fully functional and running in trial mode. Now, it's switched to Free Agent, and some part of that process failed. No, I copied all the files of my fully functioning, paid, registered version of Agent 1.93, from my backup partition. And it was listed as registered and paid. ******* Out of boredom, I would be running Process Monitor with no filters for a first run, double click the EXE and see what stuff shows up in the Process Monitor trace. https://technet.microsoft.com/en-us/...rnals/bb896645 For example, you could look to see what files are attempting to load. The program might not have loaded at all. Or, perhaps it loaded far enough for some "protection" mechanism placed there by Forteinc to operate. Or, it fully loaded, then started looking for Registry settings or certain critical files. There are many lines for the program that show SUCCESS. Only showing the ones that don't. Where it should show "success", it shows things like FILE LOCKED WITH ONLY READERS BUFFER OVERFLOW NAME NOT FOUND They all seem bad but what do they mean? (Note: In this run I used a version I had renamed to agent19.exe, when I thought I had to distinguish the bad version from Agent 6 which is also called agent.exe. But I ran it again with a file named agent.exe and I still got the NAME NOT FOUND message just as much. PDExploNXP is an enhanced version of windows explorer.) I can included all the success messages too, if you want. 6:18:26.2071872 AM svchost.exe 1512 CreateFileMapping C:\Users\User\Desktop\Agent19.lnk FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2126655 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2414007 AM PDExploNXP.exe 2656 QuerySecurityFile C:\programs\Agent19\agent19.exe BUFFER OVERFLOW Information: Label 6:19:02.2437367 AM PDExploNXP.exe 2656 CreateFile C:\programs\Agent19\agent19.exe:Zone.Identifier NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a 6:19:02.2441696 AM PDExploNXP.exe 2656 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\agent19.exe NAME NOT FOUND Desired Access: Query Value 6:19:02.2449860 AM PDExploNXP.exe 2656 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\agent19.exe NAME NOT FOUND Desired Access: Query Value 6:19:02.2450016 AM PDExploNXP.exe 2656 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\agent19.exe NAME NOT FOUND Desired Access: Query Value 6:19:02.2457512 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE 6:19:02.2464820 AM avgrsx.exe 500 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2794701 AM PDExploNXP.exe 2656 RegQueryValue HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\program s\Agent19\agent19.exe NAME NOT FOUND Length: 16 6:19:02.2795031 AM PDExploNXP.exe 2656 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\agent19.ex e NAME NOT FOUND Desired Access: Query Value 6:19:02.2821066 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2831598 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.3029635 AM agent19.exe 6224 QueryInformationVolume C: BUFFER OVERFLOW VolumeCreationTime: 4/15/2015 3:16:04 PM, VolumeSerialNumber: F09F-6531, SupportsObjects: True, VolumeLabel: Cra? Finally these errors stop and it closes about 40 files in the agent directory. I changed from agent19.exe to agent.exe here. But then it opens some registry keys successfully except 6:41:20.7192871 AM agent.exe 6636 RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearch NAME NOT FOUND Length: 1,024 and loads some images, dll files. and gets Name not found for creating a file 6:41:20.7192871 AM agent.exe 6636 RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearch NAME NOT FOUND Length: 1,024 but in the next line creates the same file in windows\system32. Then seems to be in a loop with 6:41:20.7377221 AM agent.exe 6636 CreateFileMapping C:\Windows\System32\imm32.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY At this point, 22 minutes later, there are hundreds of agent messages with almost nothing else listed, all success except a few NAME NOT FOUND and FILE LOCKED WITH ONLY READERS 6:41:20.7762542 AM agent.exe 6636 CreateFileMapping C:\Program Files\AVG\Av\avghookx.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE I finally stopped it 20 minutes later. It turned out I didnt' have to have different names for 1.9 and 6 because only 1.9 is using 50% of the cpu. But it does help in process monitor, so I don't confuse what 6 and 1.9 are doing. Other than that, you could check Event Viewer for evidence of some sort of trouble. I did that a lot when this started 2 weeks ago, but never found an event that corresponded in time. Paul |
#5
|
|||
|
|||
Agent won't open, after restart
Micky wrote:
On Fri, 23 Oct 2015 04:18:38 -0400, Paul wrote: Micky wrote: On Fri, 23 Oct 2015 03:06:05 -0400, wrote: On Thu, 22 Oct 2015 06:27:35 -0400, Micky wrote: I'm running Vista, but it seems a lot like Windows 7. Agent 1.93 will not open. I posted about this before in the Forte Agent group but after a bunch of efforts including reinstalling Agent 1.93, I'm thinking there may be an OS problem. AFAICT, you didn't really say why you think it's the OS. I guess you're right. I left out one big thing. When clicking on the icon woudlnt start the program, I clicked on the program.exe itself, using win explorer. When that didn't work, I found two of the three backup partitions I have, and I clicked on the program name in each of them. Same result. The blue circle spun around for 5 seconds, but nothing ever appeared on the screen. And I had two other copies of the program in the same Agent19 directory, from before I modified the program in 2001. They both gave the same result, nothing started. If the program were fouled up, one copy might be, but not all all five. So something must have changed in the environment, mostly the OS, Vista. But the program had worked fine in Vista for 3 weeks before then. ............. Are you using one of these ? http://mirrors.easynews.com/agent/ft...agent/english/ a16en193.exe 24-Dec-2002 00:00 2.4M a32en193.exe 24-Dec-2002 00:00 2.3M Yes, the second one. 2,405,565 bytes. One looks to be 16 bit, the other 32 bit. Using Virustotal, the 32 bit one might have a 16 bit installer program. Maybe, the fact that they even made a 16 bit version back then shows how big 16 bit was. ******* The full version of Agent has a 30 day trial period. http://users.telenet.be/sb/agent/ And you said: "it worked in Vista for 3 weeks without installation" It's possible it was fully functional and running in trial mode. Now, it's switched to Free Agent, and some part of that process failed. No, I copied all the files of my fully functioning, paid, registered version of Agent 1.93, from my backup partition. And it was listed as registered and paid. ******* Out of boredom, I would be running Process Monitor with no filters for a first run, double click the EXE and see what stuff shows up in the Process Monitor trace. https://technet.microsoft.com/en-us/...rnals/bb896645 For example, you could look to see what files are attempting to load. The program might not have loaded at all. Or, perhaps it loaded far enough for some "protection" mechanism placed there by Forteinc to operate. Or, it fully loaded, then started looking for Registry settings or certain critical files. There are many lines for the program that show SUCCESS. Only showing the ones that don't. Where it should show "success", it shows things like FILE LOCKED WITH ONLY READERS BUFFER OVERFLOW NAME NOT FOUND They all seem bad but what do they mean? (Note: In this run I used a version I had renamed to agent19.exe, when I thought I had to distinguish the bad version from Agent 6 which is also called agent.exe. But I ran it again with a file named agent.exe and I still got the NAME NOT FOUND message just as much. PDExploNXP is an enhanced version of windows explorer.) I can included all the success messages too, if you want. 6:18:26.2071872 AM svchost.exe 1512 CreateFileMapping C:\Users\User\Desktop\Agent19.lnk FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2126655 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2414007 AM PDExploNXP.exe 2656 QuerySecurityFile C:\programs\Agent19\agent19.exe BUFFER OVERFLOW Information: Label 6:19:02.2437367 AM PDExploNXP.exe 2656 CreateFile C:\programs\Agent19\agent19.exe:Zone.Identifier NAME NOT FOUND Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a 6:19:02.2441696 AM PDExploNXP.exe 2656 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\agent19.exe NAME NOT FOUND Desired Access: Query Value 6:19:02.2449860 AM PDExploNXP.exe 2656 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\agent19.exe NAME NOT FOUND Desired Access: Query Value 6:19:02.2450016 AM PDExploNXP.exe 2656 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\agent19.exe NAME NOT FOUND Desired Access: Query Value 6:19:02.2457512 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE 6:19:02.2464820 AM avgrsx.exe 500 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2794701 AM PDExploNXP.exe 2656 RegQueryValue HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\C:\program s\Agent19\agent19.exe NAME NOT FOUND Length: 16 6:19:02.2795031 AM PDExploNXP.exe 2656 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\agent19.ex e NAME NOT FOUND Desired Access: Query Value 6:19:02.2821066 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.2831598 AM PDExploNXP.exe 2656 CreateFileMapping C:\programs\Agent19\agent19.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY 6:19:02.3029635 AM agent19.exe 6224 QueryInformationVolume C: BUFFER OVERFLOW VolumeCreationTime: 4/15/2015 3:16:04 PM, VolumeSerialNumber: F09F-6531, SupportsObjects: True, VolumeLabel: Cra? Finally these errors stop and it closes about 40 files in the agent directory. I changed from agent19.exe to agent.exe here. But then it opens some registry keys successfully except 6:41:20.7192871 AM agent.exe 6636 RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearch NAME NOT FOUND Length: 1,024 and loads some images, dll files. and gets Name not found for creating a file 6:41:20.7192871 AM agent.exe 6636 RegQueryValue HKLM\System\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearch NAME NOT FOUND Length: 1,024 but in the next line creates the same file in windows\system32. Then seems to be in a loop with 6:41:20.7377221 AM agent.exe 6636 CreateFileMapping C:\Windows\System32\imm32.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_READONLY At this point, 22 minutes later, there are hundreds of agent messages with almost nothing else listed, all success except a few NAME NOT FOUND and FILE LOCKED WITH ONLY READERS 6:41:20.7762542 AM agent.exe 6636 CreateFileMapping C:\Program Files\AVG\Av\avghookx.dll FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection: PAGE_EXECUTE I finally stopped it 20 minutes later. It turned out I didnt' have to have different names for 1.9 and 6 because only 1.9 is using 50% of the cpu. But it does help in process monitor, so I don't confuse what 6 and 1.9 are doing. Other than that, you could check Event Viewer for evidence of some sort of trouble. I did that a lot when this started 2 weeks ago, but never found an event that corresponded in time. So you're saying Agent 1.9 went into a loop ? The CWDIllegalInDLLSearch is covered here, although yours claims to be 1KB long, when it should just contain a number according to this. The value 0xFFFFFFFF is equal to minus 1 in computer speak, and that value indicates the application is not allowed to load DLLs from the current working directory. In Unix, that approach is a security precaution, but for a Windows user, when a setting like that breaks something, they're not going to know what is going on. If you don't even have that key defined, it doesn't break anything, and the system uses the default DLL locating methods. https://support.microsoft.com/en-us/kb/2264107 So if Agent 1.9 is in a loop, some thing it was looking for, it is still looking for, and won't open a graphical window until that requirement is met. If you have entries where Agent is listed as a process, that means it is running. For example, it might use dynamic DLL loading, and be loading DLLs for itself using system calls. And a loop, means there won't be a crash or error event, or a log of the activities Agent does when it stops, so you can trace back and find the line of stuff that caused Agent to fail. Now, you have to consider Agent went into an infinite loop, and read the lines leading up to that, in the hope you can see Agent searching for a particular file or registry entry it needs. A logical assumption might be it cannot find the license key, where ever that is stored. The IMM32.DLL is... "The DLL imm32.dll, also known as the Input Method Manager, helps minimize the effort needed by users to enter text containing characters from Unicode and double-byte characters" so that's a library the program would use, to help it deal with things outside the normal ASCII character set. There's no guarantee Process Monitor will capture a single line of stuff that explains what happened. In some cases, you would have to compare a "success trace" running on some other system, to the "failed trace" to get an additional hint as to where it went off the rails. Many of the failure messages aren't really failures at all. In fact, many registry key checks (where the registry key is not present), just shows you all the registry variations the software supports (both the system and the agent program). For example, the CWDIllegalInDLLSearch is a later modification to your OS, supporting the ability to limit where DLLs come from, and prevent malware from implanting something in the current working directory. An IT guy would set the value of that key, according to perceived need, with the end result that the users could be ****ed off by the side effects. On a system where the Registry key is not defined, the loader simply uses the same old default path it always used. You will also see programs search for a large number of files in alternate locations, and return FILE NOT FOUND. This too is not an error, and gives you some idea how flexible the program might be in finding dependencies or data files. The ideal situation, is you see the program crash or exit in the trace, and the item immediately preceding that is the culprit. Agent Readfile baloney.ini Agent Exit and then you would suspect something in the INI contents caused indigestion. I managed to figure out why a custom sound control panel would not show once, but it required me going through a hundred thousand lines of Procmon output until I could find a specific (suspicious) registry key. And editing that key fixed my problem. But there is no guarantee you will always be that lucky. I've dealt with traces as big as 5GB using Procmon, but the reason I could do that, is I knew the causative event was in the last 30 seconds of the trace. So most of the trace could be ignored. If I needed to review every line in there, I'd still be working on it... Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|