Popular Content

Showing content with the highest reputation since 10/13/09 in Posts

  1. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  2. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  4. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  5. 2 points
    Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  6. 2 points
    Local is your machine, "this end" of a conversation. Remote is whatever machine's at the other end.
  7. 2 points
    I think you have made your point of view crystal clear for everyone, iwarren. Do we really nede more posts?
  8. 2 points
    That would help in this particular instance (alerts during an uninstall), however every rule that exists can decrease performance, so rules are generally not kept if they are not needed.
  9. 2 points
    You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
  10. 2 points
    Good morning. Can we expect to get a fix for the updates not working soon, please? Having to disable the firewall to get updates seems an important bug to me. Thanks in advance and best regards, François
  11. 2 points
    I don't have any insight in the test-methodology apart from what the article states, but a few observations make me doubt the relevancy of this test: The test compares a number of different products: antirootkit scanners and anti-malware scanners. This makes no sense to me. TDSSkiller is an excellent Antirootkit scanner in my opinion, but it is a limited tool, you cannot compare this with a anti-malware scanner like EEK or MBAM because its simply a different product. The tested malware is for the most part very, very old and not seen in the wild anymore, even though the article states 2015 and "in the wild" in the title. To give a few examples: Alureon/TDL3/4 hasn't been around "in the wild" for at least 3 years (and thats estimating it very loosely) The article listed is from 2010 (!) http://contagiodump.blogspot.gr/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html?m=1 The same goes for ZeroAccess/Max++. The latest usermode version of that rootkit was active in 2013 and after the botnet was taken down for a large part, there has been no re-emergence of this malware. However, its kernelmode version was quite a bit older, this was last seen in 2011. Sure, its interesting to see how products perform against such rootkits, but how useful is it? Those rootkits were "retired" for a very good reason, they can no longer infected today's OS versions. Finally, I'm not one to make accusations, but I don't like "sponsored by..." tests. I'm fully willing to believe that Zemana was indeed the best product to remove all these infections, but I just think its not the best strategy for any testing lab to let a sponsor also participate in the tests, just to avoid any possible doubt as to the objectiveness of the test results.
  12. 2 points
    Derzeit bieten wir Email Support auf Deutsch, Englisch, Franzoesisch, Spanisch, Niederlaendisch, Russisch und Italienisch an.
  13. 2 points
    Hello, Jenn Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. Please change your user name to something that is not your email address. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  14. 2 points
    Hi und Herzlich Willkommen beim Emsisoft Support Forum! Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften) Starte jetzt FRST. Ändere ungefragt keine der Checkboxen und klicke auf Scan. Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop. Bitte beide Logfiles in der nächsten Anwort anhängen.
  15. 1 point
    The GUI in EAM doesn't display how many days remain on your license key when you have a subscription license (this type of license key isn't considered to have an expiration date since it will auto-renew). You should be able to see when it will automatically renew in My.Emsisoft.
  16. 1 point
    Hi Damaxx, can you share the decryptor. Wanted try it will work for my files or not.....
  17. 1 point
  18. 1 point
    Hi Gawg Thanks for your comments. I'll try a reboot first when future problems arise.
  19. 1 point
    Hallo Wolfgang, vielen Dank dass Sie unseren Support kontaktiert haben. Eine Infektion durch die offizielle Version vom VLC Player bei der Installation oder beim Update sollte sich ausschließen lassen. Sie haben Chip erwähnt, Ihrem Beitrag entnehmen ich aber dass Sie den Chip Installer nicht verwendet haben als Sie VLC Player installiert haben? Wie Sie bereits festgestellt haben könnte man sagen es wird einem damit einfach gemacht auch andere Dinge als das Programm zu installieren welches man eigentlich herunterladen wollte. Daher sollten Programme immer direkt vom Hersteller bezogen werden, damit sollten sich dann auch Zwischenfälle ausschließen lassen, wird in einer offiziellen Software einmal eine Infektion gefunden sollten vertrauenswürdige Hersteller auch dafür sorgen dass alle Nutzer informiert werden. Wenn eine Plattform wie Chip.de verwendet werden soll um Software zu beziehen, würde ich persönlich empfehlen Ausschau nach einem Link "Manuelle Installation" zu halten; damit wird dann der Installer des Herstellers heruntergeladen, und nicht der Chip Installer über den dann wiederum z.B. VLC Player heruntergeladen und am System installiert werden soll. Ein einfaches Rezept zur Säuberung eines Systems welche für Jedermann und in alle Fälle gut funktioniert lässt sich vermutlich nicht finden. Etwa ist die Anleitung welche @onegasee59 freundlicherweise erwähnt hat schon in ein sehr brauchbares Format gebracht worden. Gerne sind wir Ihnen bei der manuellen Bereinigung behilflich, lassen Sie mich bitte wissen wenn Sie gerne eine Anleitung zum Erstellen der benötigten Log-Dateien haben würden die wir benötigen damit wir Sie damit unterstützen können. Wenn Software vom Hersteller des eigenen Vertrauens bezogen wurde sollte man davon ausgehen können dass Update-Aufforderungen legitim sind wenn diese eindeutig von diesem Programm stammen. Verhaltensverstöße bzw. Aktionen die auf einmal von einem Programm am System durchgeführt werden sollen können schon von Sicherheitssoftware aufgespürt werden - etwa mit einer Technologie wie unserer Verhaltensanalyse; vorausgesetzt es wurde keine Ausnahme-Regel für das Programm erstellt. Man sollte sich da System genauer ansehen, wir helfen Ihnen gerne dabei, mit eine Anleitung die dann für Jedermann funktionieren würde können wir aber leider nicht dienen. Darauf lässt sich leider keine Antwort finden wenn man nicht vorher einen genaueren Blick auf das System geworfen hat. Dazu werden wiederum diverse Tools verwendet die detaillierte Informationen über den Systemzustand und verschiedene wichtige Bereiche im System auflisten. Entweder muss dann wiederum mit anderen Werkzeugen nachgesehen werden bzw. werden die Informationen dazu genutzt um dann Malware die am System gefunden wird gezielt zu entfernen. Es tut mir Leid dass meine Antworten für Sie nicht genauer ausfallen können oder ich mit einer Anleitung dienen kann die dann vielen Nutzern sofort auf einfache Weise helfen könnte. Für Ihre Fragen und Anliegen stehe ich gerne weiter zur Verfügung.
  20. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  21. 1 point
    that's fun. firefox doesn't block code injection yet, but it's on their roadmap for q4 2018/q1 2019. i'd also expect opera to start doing it if they merge upstream changes from chromium. *EDIT* Opera is tracking Chromium 69 for Opera 56, and Vivaldi is tracking Chromium 69 for Vivaldi 2.x.
  22. 1 point
    So... is that specific webpage meant to show no file name, no file size etc?
  23. 1 point
    The Windows Defender controls in Windows 10 show firewall status and controls as well, but the Windows Firewall is still a separate technology and should still work fine without Windows Defender.
  24. 1 point
    Won't we have to turn on Windows Firewall when the conversion takes place? How will we know when to do that?
  25. 1 point
    A quick workaround, if you'd like to try it, would be to exclude the mpc-hc64.exe file in Emsisoft Internet Security. Here are instructions on excluding a process from scanning and monitoring: Open Emsisoft Internet Security. Click on Settings in the menu at the top. Click on Exclusions in the menu at the top. To the right of the list to Exclude from scanning, click on the Add file button. Navigate to the file you would like to exclude, click on it once to select it, and then click Open. To the right of the list to Exclude from monitoring, click on the Add file button. Navigate to the file you would like to exclude, click on it once to select it, and then click Open. Close Emsisoft Anti-Malware. Note: If a program you have excluded is running, then you will need to close it and reopen it for the exclusion to take effect. In some cases you will need to restart your computer before this will happen. I assume the file in question is in a folder such as one of the following: C:\Program Files\Media Player Classic C:\Program Files (x86)\Media Player Classic
  26. 1 point
    Hello, Hit sometime last night or this morning, likeliest vector is RDP (though I use strong passwords >:( ). It appears to be the same flavor as bruticus0's given the filenames. Encrypted files have .onion extensions and are 36 bytes larger than the original file. The attached example is an ASCII file, but I can provide a binary if needed. Please note that I got the original by downloading a previous version that was maintained by Google drive. Google drive had named the file "mc-generated_tgp1_tbp1_tsr0.667_tmc9_trainset.txt.unified.desc.id_1726307421_fgb45ft3pqamyji7.onion.desc" which wasn't the original name and so I renamed it to what you see attached. Hopefully that doesn't mess anything up for your analysis. I believe people are dubbing this one Cry128? I caught the trojan in the act and turned off the machine, so I'll likely be able to provide the virus files tomorrow. Where should I submit those? I've tried the Cry9 and CryptOn decryptors and neither worked. The former complained about the 68 bytes as others have posted, the latter gave a popup saying I need to drag both files at the same time (but I definitely did). More info... ransom notes are -DECRYPT-MY-FILES.txt and are *not* in every directory. Possibly because like I said I caught it "mid-stream". They make no mention of the culprit (e.g. citing the nemesis decryptor), however I safely visited the url given in the note and it said clearly at the top, "NEMESIS Ransomware". Also, in some threads I've been reading, some people have noted no size difference. I've checked several of my files by removing the new extension to bring it back to its original file name, and several of the files were still accessible, i.e. not encrypted. Perhaps if you're seeing no file size difference you should try the same. For me, the files that were apparently unencrypted still had the extra 36 bytes though. I can provide these kinds of files too if desired. Along with the virus exe and supporting files, I will be looking for new/altered user accounts, altered local/group security policies, and checking logs for port accesses and anything else that stands out. Let me know if I should look for anything else. And definitely let me know whatever I can do to help this effort. I'm reposting this on bleepingcomputer.com forum now - https://www.bleepingcomputer.com/forums/t/636865/nemesis-ransomware-support-help-topic/page-4 Many thanks to everyone spending their well-earned free time on cracking down on these <expletive deleted>. -DECRYPT-MY-FILES.txt mc-generated_tgp1_tbp1_tsr0.667_tmc9_trainset.txt.unified.desc mc-generated_tgp1_tbp1_tsr0.667_tmc9_trainset.txt.unified.desc.id_1726307421_fgb45ft3pqamyji7.onion
  27. 1 point
    I would stay away from IObit products, and I would also stay away from "System Optimization" suites. These aren't needed at all on your system and if anything, can mess it up in the long run. I've never heard of that website for security products reviews, so I would take what is posted there in a grain of salt. Personally, I don't know how to answer you, since I don't see myself giving recommendations about other products on the forum of a "competing" product. The protection is added only if you update the outdated software it reports. So if you know to keep your Adobe Flash Player, Adobe Reader, Java, VLC, Windows, etc. up to date, there's no need for Heimdal (unless you want it to automate everything). The "protection" you're referring to is to not run outdated software that can be exploited (via EK for instance).
  28. 1 point
    Nothing should be able to delete files in the EIS folder while EIS is running. Application Rules are created automatically in EIS for trusted programs, so this is a sign that it recognized the digital signature and allowed it.
  29. 1 point
    Hallo, Ich habe mit Emsiclean die Reste entfernt und neu installiert. Nun funktioniert wieder alles.
  30. 1 point
    You can add the BatchGotAdmin batch code to the beginning of your batch file as a workaround for this issue. It may require some editing to pass the path of your file to be scanned to the VBS file (I haven't tested whether passing parameters to a batch file that uses BatchGotAdmin will be preserved after the batch file is reopened by the VBScript).
  31. 1 point
    Not working in sales, sorry. I have full trust in Thomas though
  32. 1 point
    EIS isn't actually intended to be "more powerful" than Online Armor was. It's intended to be easier to use. It isn't going to show alerts when a program runs, but can do so when a behavior that EIS monitors for is performed (depending on your Application Rules).
  33. 1 point
  34. 1 point
    Close all programs and disconnect any USB or external drives before running the tool. Double-click RogueKiller.exe to run the tool again (Vista or 7 users: Right-click and select Run As Administrator). Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished".Click the Registry Tab and select the following items:[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SPDriver : .\JSDriver\\jsdrv.exe -> Found [PUP] (X64) HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\Software\Microsoft\Windows\CurrentVersion\Run | SPDriver : .\JSDriver\\jsdrv.exe -> Found [PUP] (X86) HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\Software\Microsoft\Windows\CurrentVersion\Run | SPDriver : .\JSDriver\\jsdrv.exe -> Found [PUP|VT.Generic6.TYQ] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPBIUpd (C:\Program Files\Common Files\ShopperPro\spbiu.exe /service) -> Found [PUP|VT.Generic6.TYQ] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBIUpd (C:\Program Files\Common Files\ShopperPro\spbiu.exe /service) -> Found [PUP|VT.Generic6.TYQ] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SPBIUpd (C:\Program Files\Common Files\ShopperPro\spbiu.exe /service) -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found Click the Tasks Tab and select the following items:[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskMachineUA.job -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found [Suspicious.Path] \GoogleUpdateTaskMachineUA -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Found Click the Delete button. Attach the RogueKiller report to your next reply.The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex) The highest number of [X], is the most recent Delete
  35. 1 point
    Do the following: Download AdwCleaner and save it on your desktop. Close all open programs and Internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer. Download Junkware Removal Tool and save it on your desktop.Run the tool by double-clicking it. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Copy the below code to Notepad; Save As fixlist.txt to your Desktop.HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\MountPoints2: E - E:\setup.exe HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\MountPoints2: {21a1ecea-bb71-11e4-92f9-001fd0914874} - F:\setup.exe HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\MountPoints2: {e5753c7b-7933-11e4-96c3-001fd0914874} - E:\Autorun.exe HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2012-06-13] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs-x32: 0 => "0" File not found BootExecute: autocheck autochk * 愀甀琀漀挀栀攀挀欀 琀甀爀攀最漀瀀琀 GroupPolicyScripts: Group Policy detected <======= ATTENTION GroupPolicyScripts\User: Group Policy detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-1757470469-641696451-1101771346-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Plugin HKU\.DEFAULT: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X] U3 SecureAPlusService; No ImagePath S1 zoksagaictyil5; system32\drivers\zoksagaictyil5.sys [X] 2015-07-20 15:21 - 2015-07-20 15:21 - 04787392 _____ C:\Windows\install1480516.exe 2015-07-20 15:21 - 2015-07-20 15:21 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2015-07-19 17:30 - 2015-07-19 17:30 - 54641120 _____ () C:\Windows\bdbrowserSetup-7.5.502.1764-ftn_1000010293.exe 2015-07-19 17:30 - 2015-07-19 17:30 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA% 2015-07-21 13:15 - 2015-07-25 18:42 - 0015313 _____ () C:\Users\Jenya\AppData\Roaming\1.zip 2015-07-21 13:15 - 2015-07-25 18:42 - 0007196 _____ () C:\Users\Jenya\AppData\Roaming\2.txt 2015-05-08 20:34 - 2015-07-30 14:28 - 0000615 _____ () C:\Users\Jenya\AppData\Roaming\burnaware.ini 2015-06-18 12:42 - 2015-06-18 12:42 - 0009950 _____ () C:\Users\Jenya\AppData\Roaming\ENG_5600.zip 2015-04-05 20:57 - 2015-04-05 20:57 - 0000000 _____ () C:\Users\Jenya\AppData\Roaming\gdfw.log 2015-04-05 20:57 - 2015-06-06 14:07 - 0004674 _____ () C:\Users\Jenya\AppData\Roaming\gdscan.log 2003-04-09 06:28 - 2003-04-09 06:28 - 0233472 ____R () C:\Users\Jenya\AppData\Roaming\MafiaSetup.exe 2015-05-25 19:06 - 2015-05-25 19:14 - 0000032 _____ () C:\Users\Jenya\AppData\Roaming\mbam.context.scan 2015-07-21 18:42 - 2015-07-21 18:42 - 0000036 _____ () C:\Users\Jenya\AppData\Local\housecall.guid.cache 2015-06-13 11:49 - 2015-06-13 11:49 - 0007605 _____ () C:\Users\Jenya\AppData\Local\Resmon.ResmonCfg 2015-06-30 13:10 - 2015-06-30 13:10 - 0000262 _____ () C:\ProgramData\fontcacheev1.dat 2015-04-23 13:56 - 2015-04-23 13:56 - 0012591 _____ () C:\ProgramData\mptmqteo.hmi C:\ProgramData\fontcacheev1.dat C:\Users\Все пользователи\fontcacheev1.dat Reg: reg delete "HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f Reg: reg delete "HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f AlternateDataStreams: C:\ProgramData:NT AlternateDataStreams: C:\ProgramData:NT2 AlternateDataStreams: C:\Users\All Users:NT AlternateDataStreams: C:\Users\All Users:NT2 AlternateDataStreams: C:\Users\Все пользователи:NT AlternateDataStreams: C:\Users\Все пользователи:NT2 AlternateDataStreams: C:\ProgramData\Application Data:NT AlternateDataStreams: C:\ProgramData\Application Data:NT2 AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 AlternateDataStreams: C:\Users\Jenya\Application Data:NT AlternateDataStreams: C:\Users\Jenya\Application Data:NT2 AlternateDataStreams: C:\Users\Jenya\AppData\Roaming:NT AlternateDataStreams: C:\Users\Jenya\AppData\Roaming:NT2 AlternateDataStreams: C:\Users\Public\DRM:احتضان AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT2 AlternateDataStreams: C:\Users\Все пользователи\TEMP:1CE11B51Close Notepad.NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  36. 1 point
    It doesn't matter what you said, you are not going to change their mind. Emsisoft is not only vendor out there that are using BitDefender engine alongside its engine, GData,F-Secure,Lavasoft Ad-AWare,and Microworld EScan are using BitDefender engine plus their own engine. Also, i forgot to mention 360 Total Security that use BitDefender and Avira engine as well. But i still don't know Why you are still fighting over this topic? As long one of them is detect the threats and prevent them harmful actions that all we want. Nobody wants virus and malware runs wild on their machine, and a lot of us doesn't care whether is Emsisoft detect the threat or BitDefender detect the threats. As long they are not running or slip into our computer that's all they care.
  37. 1 point
    Delta5470, apparently they were pushing out something (beta release?) that tied up their servers because my computers couldn't connect for a good 6-8 hours. I see that the update finally occurred a few minutes ago. As to your new problem with licensing, I'd suggest posting a new thread asking about that so your question/problem doesn't get lost.
  38. 1 point
    Glad things are working great on your system . If you run into any unforeseen issues or if you have any further questions, don't hesitate to contact us again.
  39. 1 point
    Copy the below code to Notepad; Save As fixlist.txt to your Desktop. Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-4177830183-913142164-1211949298-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X] C:\Users\Neil\AppData\Local\temp\dllnt_dump.dllClose Notepad.NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  40. 1 point
    Hello, can anyone please provide a set of debug logs? Instructions of how to create such logs can be found here: http://support.emsis...ity-debug-logs/ Just follow the instructions to enable the logs and reboot. After the reboot you can capture the logs as described in the article. You can send them to [email protected] Please make sure to include a reference to this link to make your submissions easier to track. After you got the logs for me, disable debug logging again as those logs can get quite large if you keep them enabled over a longer period of time
  41. 1 point
    Hello, Would it be possible to get access to your system via remote desktop solutions like TeamViewer to further debug the problem?
  42. 1 point
    Currently it isn't possible to switch between engines. Even if you could enable or disable the engines, the engine would still be loaded into memory, so it isn't really worth doing it (it would just reduce protection). I've asked a developer to take a look at your topic for the other questions.
  43. 1 point
    Windows 8 introduced a few additional changes to the way Patch Guard works. As a result it is no longer possible to prevent screen, key, and clipboard grabbing the same way it was previously possible. We are already working on it but we don't have an ETA for an update yet. That being said, actual malware performing key, screen, or clipboard logging will still be detected and blocked for other reasons as it will exhibit a lot more and different behaviors. For example installing autoruns, accessing the internet, installing itself in the system etc.. So beside leak tests who are purely artificial and therefore harmless the actual real life threat for one's computer is negligible and almost purely theoretical.
  44. 1 point
    Let's double check that those items were actually deleted. Run a fresh scan with OTL, attach the new OTL log to your next reply.
  45. 1 point
    There was a poster here who had a similar issue with Eset. May not help I know, but it was so similar I had to let you see it http://www.sevenforums.com/hardware-devices/142246-more-than-100-unknown-devices-network-adapters.html
  46. 1 point
    Finally an answer I can pretty well live with for now. WAC having issues with EAM/A2 have been around for MANY years, and it upset me when they said- It's low priority next version fix you don't need WAC AV notifications yada, yada... I was a Security programmer(Dev) with the Feds for 30 years, and had "cosmetic" incompatibility issues such as this... If my users screamed too much, I'd just disable the message in our OS- Such is surely Not the case with MS allowing EAM to tweak Windows to recognize it (Muhamed went to the Mountain...). EAM would probably have to do a complete rewrite for this pesky little issue, and that's not likely to happen anytime soon? Maybe EAM having a different architecture from the rest of the AV pack, is the reason they have the #1 detection rate!? I had no problems with EAM/WAC in the last last version- I finally just disabled notifications in this version, and have learned to live with it. Hopefully the next version will have it fixed? ~~~~~~~~~~~~ If this Really bugs you, and want to help get it fixed- Become a beta tester, and submit some debugview logs to EAM's Devs...
  47. 1 point
    Hallo ¥akuza112, sie können solche Seiten oder Malwaredateien an [email protected] übermitteln. Die entsprechenden Daten bzw. Signaturen werden dann schnellstmöglich in unsere Datenbanken aufgenommen. Unser Malware-Analyst wurde über die entsprechende Phishingseite informiert. Sollten weitere Fragen bestehen kontaktieren Sie uns bitte erneut.
  48. 1 point
    oa.cat, oa.hlp, oa.srv, oa.gui those 4 processes is always running, start taskmanager (right-click on the taskbar or start taskmgr.exe) and take a look. anyway, i have been using OA & EAM together for years without any exclusions, and i have never had any problems. now i have those 4 excluded in all my antivirus-programs, just in case.... EAM exclusions in OA: a2service.exe. a2guard.exe, a2start.exe
  49. 1 point
    Hi bob77, Basically, from my experience of many years using "beta updates" within available version (currently v5) was (is) pretty much safe. At the same time, since you are new user it would be better: - to stick to the stable version; - check requests/ report issues if any; - be aware of "Changelogs" Sometimes you may be advised to test things which are currently in beta , but not yet merged into the stable release, but again that is your personal choice ... any betas potentially may bring some instabilities As for v6 - that is not public beta release yet. Wait for official announcement Cheers!
  50. 1 point
    Hi Cokaric, welcome to the forum That is really strange and unusual to hear about such a delay as you reported (up to 10 minutes). The only "substantial" delay during the Startup of the previouse a2 version that was discussed in our old forum was around 45sec to 1min. And that was (from my personal experience ) noticed on very old PC(s) – Pentium III with just 256MB of RAM (Windows 2000 Pro at that time). Currently the statrup takes 2.5-3sec maximum here on XP Pro 32bit and on win7 x64, where beta5 is tested currently The XP has the similar characteristics except it has 2GB of RAM & win7 is Quad with 8GB. The only thing I may suspect that you are running “something else” like a game or something (?) when you are firing up a2. I don't mean the programs/services that are listed in your post. Some of them can be actually disabled, but that is different discussion. The “suspects” at the moment are and your total memory being just 512MB, but I am not completely sure about those parameters being so crucial for startup's delay.Probably developers will add to that The thing is - when a2 just starts the total memory used by a2free and the a2service in combination is jumping up to 155-160MB During the scan the max memory used can be up to 202MB But again I don't have an idea at the moment what can cause up to 10 (!!!)min delay of a2 Startup unless, as I said something really memory/CPU hungry is running at the same time. I hope we'll have some ideas eventually My regards. p.s. As an as side note – you cannot consider a2-Free edition as your full AV solution -it's just an on-demand scanner. But sure - the best one on the market.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up