Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Alohamgr.exe crashes

Status
Not open for further replies.
DocD4u

DocD4u

IS-IT--Management
Mar 21, 2001
3
US
Help!
I have a client that got infected with malware. I cleared off all malware but i think it might of messed up the Aloha. It seems that all services are running ok but when I try and run the Aloha Manager I get the following message:

"Aloha Manager has encountered a problem and needs to close. We are sorry for the inconvenience."

I have re-registered all Aloha services without a problem. Does anyone have any ideas?

And of course, payroll is on Monday........

Can you run reports without the manager?

Any help would be greatly appreciated.
DocD

PS. This computer is an XP SP3 with two terminals. I believe Aloha is 5.2.
 
Sort by date Sort by votes
Does this restaurant accept credit cards through the POS?

How did this POS become infected? It should be impossible for a POS system to become infected, because it should have AV software, no ability for end users to surf internet, restricted access, no direct connection to the internet, etc.


MegabyteCoffee.com
 
Upvote 0 Downvote
Good Morning,
NO CC through Aloha or the network!
It is restricted to only the manager. The manager was tricked by a fake anti-virus renewal that looked like Avast. Hey, impossible is not in the vocabulary of computers......

PS. Most malware gets around most anti-virus software, its the anti-malware software that does the best protection from malware. I have seen this stuff get around almost all anti-virus software.

NOW back to the problem at hand, How do I get this freaking thing running. They are stressing....
 
Upvote 0 Downvote
Well, if they got a fake AV message, then that means they were obviously surfing the open internet and got to a site they shouldn't have been at in the first place.

You never stated what virus they got other than probably the Antivirus 2009/2010 piece.

Back to the problem, since you have provided no information about the error from any log files or windows event, have you tried deleting the trans.log and mirror.log files and then restarting the Aloha Manager? What things did the AV repair you did remove? The log from the AV program will be helpful. It may have deleted an important file in the BIN directory.

And, since you do have backups (Or you should) you could just replace the whole BIN directory from the last backup, and take the scorched earth approach to repair Aloha.

Are the FOH terminals in redundancy? If not, then you have no network damage, if so, then use something like Combofix and/or Winsock repair to repair the network connection to re-establish netbios communication.

Have you verified the FOH terminals are not infected? Since it's possible for your BOH to get infected, the terminals, during an EOD or refresh could have loaded an infected file from the BIN directory and now they are infected.


And about more viruses get past AV software these days. Could happen, but if the system was put in place with proper security and policies, it shouldn't ever be able to happen.

MegabyteCoffee.com
 
Upvote 0 Downvote
Now I am off my soapbox, so here's more info.

I'll expand on the repair more:

The antivirus program you used to clean the POS BOH should tell you everything that was repaired/deleted during the scan.

Worst case, restore the .DBF files from a dated subdirectory BEFORE the POS was known to be infected.


IF the BIN directory of Aloha had any files infected, then the only way to remove the virus once and for all, is to shut down all FOH terminals. Clean the BIN directory. If any BIN files were removed from the virus scan, then you will need to restore any of these files from a backup copy.

Now Aloha manager should start just fine. The trick is to get the FOH terminals clean. If the virus doesn't affect targeting the booting of a computer, then just the BIN directory may be infected. Most likely it is more widespread. You will need to clean the FOH terminals without them connecting to your now clean BOH machine. Use an antivirus rescue disc like Avast Bart (It's not cheap but worth every IT shop having).

Once the FOH terminals are clean, then copy the BIN directory from the BOH onto the FOH terminal and reboot. Only do 1 terminal at a time.

If you have a way to reinstall the terminals (ie, injection method) or RAL method, then do so after the BOH is known to be clean.

Should be all there is too it.


MegabyteCoffee.com
 
Upvote 0 Downvote
Hang on now, dont rake me over the coals to much, I'm a newbe when it comes to Aloha, I just picked up this client and I know very little about Aloha. I do know my way around computers pretty good, been a tech/owner for the last 23 years. I did spend 3 or 4 hours last night trying to figure out how Aloha is setup. I am thinking that alohamrg.exe is corrupt but I'm not sure. They do not have the original disk. I did find a directory that looked like it was the CD copied to hard drive but not sure.

The steps I used to clear out the malware:
I started with UBCD4Win and ran superantispyware but it did not find much.

1. Ran rkill in safe mode several times to stop the processes.
2. Ran malwarebytes and it did find and clear out several items. It found "Antivirus Soft Platinum" main file was avsoft.exe.
3. Still did not clear it all so ran Combofix which did the trick.
4. I have review the combofix log and I dont think it removed any of the Aloha but again not sure because I don't know Aloha. I'll attach the log for you.
5. I did see where they where making some kind of backup to another spot on the hard drive
6. I re-registered all the aloha services by following an article that I found on this website. I rebooted and went to bed late last night.
7. I also did a windows restore thinking that something in the registry got removed or messed up.


Here is an update, I just talked to the manager, It looks like the alohamrg.exe is working but it does not have any history when she looks up the employees hours to run a report. No dates but today. It also throws up and error of "Security key not found". The two terminals still have read boxes around the screen (I'm guessing that is because they do not see the server)

What other questions, logs or actions would you have me do. I do appreciate all that you are helping me with. You also might have to explain some of the nomenclature that you are using. I am assuming that FOH are the touch screen terminal and BOH is the main server.

Again, I really applicate it
Davin
 
 http://dl.dropbox.com/u/4363742/ComboFix.txt
Upvote 0 Downvote
The ComboFix-quarantined-files.txt would be the one to post if it created one. Did you save all the log files of the repairs/scans from the other tools?

Running UBCDWIN is ok, but any scanning from that disc doesn't load the remote registry hive from the PC you are trying to clean. You can only clean physical known infected files, and not always the actual problem because of no remote hive loading. Now, if you booted the PC normally, and ran from the UBCDWIN SuperAntiSpyware, and combofix and all, then that is different. Using a disc to clean a machine such as the Avast Bart CD versus the UBCDWIN is the preferred method since it loads the remote registry and provides tools to clean, log, and repair an infected or non-booting machine.

From the log file I see Aloha is in C:\aloha. At this point, I doubt Alohamgr.exe is corrupted. Antivirus scanners will either remove the attached virus from the file or delete/quarantine the file if it is not repairable.

If you have dated subdirectories, the sales history is there, and since they only contain data, they most likely will not be deleted.

Aloha having security key problems means that the Aloha security is not running and/or the HASP key driver is not responding. Sounds like either a virus scan deleted known Aloha required files, and/or environment variable changes. I can think of a few DLL files that can cause this in the BIN directory, but you need a copy of the BIN directory files that are not affected.

At this point, it's a guessing game as to what are all the items missing, or changed, and even posting a couple of debout log files from the TMP directory may not be enough.

Your problem can be repaired easy enough though, but not at this pace. You need some remote support to repair Aloha, otherwise we're going to go back and forth for a while, especially since you are not that familiar with the Aloha product.


MegabyteCoffee.com
 
Upvote 0 Downvote
I have dealt with many viruses for aloha users. When aloha Manager crashes when you try to open it, it is pretty much not working. You can try reloading aloha from scratch with the install disk. just remember to copy the bmp, recipe, data, newdata, and edc before you start. then transfer them back after the install. most virus cases with aloha i had to rebuild them from scratch or re-image. as far as security key not found you can open up command prompt. navigate to C or
D:\aloha\bin type hinstall -r to remove then -i to install.
replacing the bin wont work unless you have a worm wich kills all .exe files in windows. If reinstalling aloha does not work then rebuild your pc. If you know how. or ask your aloha dealer to reimage that bad boy. If they know what they are doing they would of mad an image of your box before giving it out.
 
Upvote 0 Downvote
Wow MegabyteCoffee, and you said this would be an easy one, I see our previous posts were deleted. Took me over 5 hours. I've never seen anything like this one.

With Aloha on drive "d" none of the dated subs would populate in rpt.exe, once I installed it on drive "c" everything worked fine.

Checked shares, permissions, variables and everything I could think of, eventually re-installed on C and all is fine now.

I tried replacing dll's in system32, registery just about everything I've ever done in the past. It was a strange virus.
 
Upvote 0 Downvote
Interesting. I would have loved to have seen that machine. Wish I would have had the time this week. I saw the posts deleted whenever they have specific user info posted. Hey, I don't delete posts on my site.

I agree, first thing that comes to mind would have been the registry information. Not sure what else would have thrown off functions like rpt.exe. I've just finished writing an .exe to move an installed Aloha system to another directory and re-create shares, services registration etc, for PCI requirements to improve our security. I need play with this and edit the .exe and maybe make a version of it that could even reinstall in same path. Would like to see what it would report. -I'll play around on this in the next couple of weeks. Might be fun next time an issue comes up, to see if I can construct a repair utility that will work on most installs.


MegabyteCoffee.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cobbler9
  • Locked
  • Question
Micros 3700 WS Crashes w/ Printing Timed Items on Startup 1
Replies
4
Views
68
cobbler9
cobbler9
POSN
  • Locked
  • Question
Micros 3700 5.6 Autosequence Schedules exe crashes
Replies
1
Views
43
Wildbar
Wildbar
USofAScott
  • Locked
  • Question
Aloha crashes down to windows desktop
Replies
4
Views
145
PosTech72
PosTech72
PosTech72
  • Locked
  • Question
ALOHA EOD crashes in the Middle of EOD
Replies
3
Views
31
eburks
eburks
scottm52
  • Locked
  • Question
AlohaMgr.exe Mnt4x: Unable to read ALOHA.INI
Replies
0
Views
32
scottm52
scottm52

Part and Inventory Search

Sponsor

Back
Top