Popular Content

Showing content with the highest reputation since 01/19/14 in all areas

  1. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  2. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  4. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  5. 2 points
    Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  6. 2 points
    I think you have made your point of view crystal clear for everyone, iwarren. Do we really nede more posts?
  7. 2 points
    That would help in this particular instance (alerts during an uninstall), however every rule that exists can decrease performance, so rules are generally not kept if they are not needed.
  8. 2 points
    You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
  9. 2 points
    Good morning. Can we expect to get a fix for the updates not working soon, please? Having to disable the firewall to get updates seems an important bug to me. Thanks in advance and best regards, François
  10. 2 points
    I don't have any insight in the test-methodology apart from what the article states, but a few observations make me doubt the relevancy of this test: The test compares a number of different products: antirootkit scanners and anti-malware scanners. This makes no sense to me. TDSSkiller is an excellent Antirootkit scanner in my opinion, but it is a limited tool, you cannot compare this with a anti-malware scanner like EEK or MBAM because its simply a different product. The tested malware is for the most part very, very old and not seen in the wild anymore, even though the article states 2015 and "in the wild" in the title. To give a few examples: Alureon/TDL3/4 hasn't been around "in the wild" for at least 3 years (and thats estimating it very loosely) The article listed is from 2010 (!) http://contagiodump.blogspot.gr/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html?m=1 The same goes for ZeroAccess/Max++. The latest usermode version of that rootkit was active in 2013 and after the botnet was taken down for a large part, there has been no re-emergence of this malware. However, its kernelmode version was quite a bit older, this was last seen in 2011. Sure, its interesting to see how products perform against such rootkits, but how useful is it? Those rootkits were "retired" for a very good reason, they can no longer infected today's OS versions. Finally, I'm not one to make accusations, but I don't like "sponsored by..." tests. I'm fully willing to believe that Zemana was indeed the best product to remove all these infections, but I just think its not the best strategy for any testing lab to let a sponsor also participate in the tests, just to avoid any possible doubt as to the objectiveness of the test results.
  11. 2 points
    Derzeit bieten wir Email Support auf Deutsch, Englisch, Franzoesisch, Spanisch, Niederlaendisch, Russisch und Italienisch an.
  12. 2 points
    Hello, Jenn Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. Please change your user name to something that is not your email address. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  13. 2 points
    Hi und Herzlich Willkommen beim Emsisoft Support Forum! Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften) Starte jetzt FRST. Ändere ungefragt keine der Checkboxen und klicke auf Scan. Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop. Bitte beide Logfiles in der nächsten Anwort anhängen.
  14. 1 point
    The GUI in EAM doesn't display how many days remain on your license key when you have a subscription license (this type of license key isn't considered to have an expiration date since it will auto-renew). You should be able to see when it will automatically renew in My.Emsisoft.
  15. 1 point
    Some info on this here andrey https://borncity.com/win/2019/08/14/windows-updates-kb4512506-kb4512486-drops-error-0x80092004/ Do you have KB4474419 and KB4490628 installed?
  16. 1 point
    Hello, The main causes of laptop random reboots, list in order, are: Heat Faulty hardware Faulty drivers Software crashes Malware You logs show no Malware. Also I see no crash dumps in the FRST logs. The Event log shows that Chrome is misbehaving and an Intel Driver is crashing. There is an Alternate Data Stream that should be removed. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. Close Notepad. NOTE: It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. NOTE: If the tool warns you about an outdated version please download and run the updated version.
  17. 1 point
  18. 1 point
    I have received 2 phone calls regarding this issue. Is this legitimate?
  19. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  20. 1 point
    that's fun. firefox doesn't block code injection yet, but it's on their roadmap for q4 2018/q1 2019. i'd also expect opera to start doing it if they merge upstream changes from chromium. *EDIT* Opera is tracking Chromium 69 for Opera 56, and Vivaldi is tracking Chromium 69 for Vivaldi 2.x.
  21. 1 point
    We'll probably need a memory dump from a2emergencykit.exe. You can save one by using Process Hacker. When the Emergency Kit Scanner crashes, simply open Process Hacker and look for a2emergencykit.exe in the list (there's a search field to make it easier). If you right-click on a2emergencykit.exe and select Create dump file it will allow you to save the memory dump. Just be sure to do this before clicking anything in the dialog that tells you the Emergency Kit Scanner crashed, other wise Windows will unload a2emergencykit.exe from memory and you won't be able to find it in Process Hacker. Once saved, you can ZIP the memory dump, and send it to us. If it's too big to attach to a reply then you can use a file sharing service to send it (send me a link in a private message).
  22. 1 point
    Seems to me like it might be a bug with isthisfilesafe.com
  23. 1 point
    Hello, Thank you for reporting this issue. To see if this is caused by Emsisoft products, please disable all Emsisoft real time protection guards (right click the tray icon and select "pause protection" > "disable for 10 minutes"). If this fixes the issue then Emsisoft may be blocking the application. If this does not change anything this problem is likely not related to Emsisoft.
  24. 1 point
    With EAM it would normally be a2service.exe and EmDmp.exe (the latter being our crash report tool), however I would believe that depends on whether or not you use the Enterprise Console to manage EAM from another computer/server (CommService.exe is used when EAM is connected to the Enterprise Console).
  25. 1 point
    I thought it was an anti-keylogger (although it looks like they added more protection features over the years). Either way, I don't think it provides any protection that the Behavior Blocker in Emsisoft Anti-Malware doesn't already provide.
  26. 1 point
    A quick workaround, if you'd like to try it, would be to exclude the mpc-hc64.exe file in Emsisoft Internet Security. Here are instructions on excluding a process from scanning and monitoring: Open Emsisoft Internet Security. Click on Settings in the menu at the top. Click on Exclusions in the menu at the top. To the right of the list to Exclude from scanning, click on the Add file button. Navigate to the file you would like to exclude, click on it once to select it, and then click Open. To the right of the list to Exclude from monitoring, click on the Add file button. Navigate to the file you would like to exclude, click on it once to select it, and then click Open. Close Emsisoft Anti-Malware. Note: If a program you have excluded is running, then you will need to close it and reopen it for the exclusion to take effect. In some cases you will need to restart your computer before this will happen. I assume the file in question is in a folder such as one of the following: C:\Program Files\Media Player Classic C:\Program Files (x86)\Media Player Classic
  27. 1 point
    Yes you can delete them - delete the oldest ones. Logs should be in: C:\ProgramData\Emsisoft\Logs Names like: a2service_20170205003925(1116).log are named according to the part of the product that created the log (eg "a2service") then the yyyymmddhhmmss date and time they were first created, and the last bit in brackets is (I think) the process id. Just don't try to delete the log(s) that are being written to at the moment.
  28. 1 point
    I have studied the behavior of the decryption program (unlock.exe) and have noticed some aspects of the decryption key structure. To match ID and KEY: 1) At the beginning of the key is the ID in HEX followed by the character "_" (0x5F) 2) The last byte must be 0x00 3) If any byte is changed in the range between 0x5F and 0x00, the key is accepted. 4) If you delete bytes from this interval (shorten the key) the key is accepted. Considering these I produced a fake key corresponding to Id 1: ID: 1 KEY HEX 315F00 KEY ASCII 1_ (null) When we click on the "Unlock One" button, the error "Access violation at address 005CC02E in module" unlock.exe "is displayed. From here I have concluded that a minimum length is required. Let's extend the key and test it: ID: 1 KEY HEX 315F0000 KEY ASCII 1_(null) (null) When we click the "Unlock One" button, the key is accepted and we are invited to choose the encrypted file (whose original name we modified to match the id 1: testfile.txt.id_1_gebdp3k7bolalnd4.onion._) The content of the file is modified (decrypted with a wrong key), the extension is modified correctly in testfile.txt but the last 36 bytes from the end of the encrypted file are not deleted. The next test is the incremental addition of bytes in the key. From successive increments we reached the following key contents: ID: 1 KEY HEX 315F + 48x (0X00) + 2 * (0X00) 315F 00000000000000000000000000000000 00000000000000000000000000000000 00000000000000000000000000000000 0000 KEY ASCII 1_ + 48 x (null) + 2 x (null) This key is accepted and this time in the decrypted file the last 36 bytes are also removed, but obviously with the fake key the decryption is incorrect. I do not know if what I have exposed is helpful but I hope to help and encourage those more experienced than me.
  29. 1 point
    Hello forum, i can confirm that cry36 is not so harmfull as few ransomware before, if your files is super important, it can be fixed by having some knowlage, remove some bytes form back of file, and try to use 10kb of file in start of file (can confirm that it encrypt only 10kb of file in start) so basically if your data files is databases ,some big xls/doc , Theorically its possible to recreate it by using analogues p.s. need more analysis but seems first and last lines of encrypted files is same (so easy to determinate encryption type)
  30. 1 point
    Glad we could be of assistance.
  31. 1 point
    Lets try getting a diagnostic log. You can find the instructions and download at this link. When it's done, it will open a log in Notepad (as explained in the instructions). Please save this log somewhere easy to find, such as on your Desktop or in your Documents folder, and then send it to me in a Private Message so that I can take a look at it. Important: Don't post the log publicly. It contains a copy of your a2settings.ini file, which contains encrypted license information. If someone were to figure out how to break that encryption, then someone else could use your license key.
  32. 1 point
    Hi Siketa, I have reproduced a similar behavior. Well it is expected to open File Guard section, then it is definitively a bug. I added to our tracker and it will be fixed soon. Thank you, Orlando
  33. 1 point
    Hallo, die neue Version ist noch nicht veröffentlicht, daher ist der Fehler noch nicht behoben. Sie können das ändern der Logeinträge ignorieren. Wichtig ist das die Signaturen-Updates funktionieren und korrekt eingespielt werden.
  34. 1 point
    Unless you are having problems, it is time to do the final steps. Now to remove most of the tools that we have used in fixing your machine: Download Delfix from here and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to:Create registry backup Purge system restore Click the Run button. When the tool is finished, a log will open in notepad. I do not need the log. You can close Notepad. Empty the Recycle Bin Download to your Desktop: - CCleaner Portable UnZip CCleaner Portable to a folder on your Desktop named CCleanerRun CCleanerOpen the CCleaner Folder on your Desktop and double-click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit) Click "Options" and choose "Advanced" Uncheck "Only delete files in Windows Temp folders older than 24 hours" Then go back to "Cleaner" and click the "RunCleaner" button. Exit CCleaner. You can delete and uninstall any programs I had you download, that you do not wish to keep on the system. Run Windows Update and update your Windows Operating System. Articles to Read: How to Protect Your Computer From Malware How to keep you and your Windows PC happy Web, email, chat, password and kids safety 10 Sources of Malware Infections That should take care of everything. Safe Surfing!
  35. 1 point
    Is it just automatic updates that are failing, or are manual updates failing as well? If you right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock) you can select Update now from the list.
  36. 1 point
    It was probably just the Photos app creating thumbnails. I don't know much about the way it works, but since they did implement a service that pre-caches the contents of folders to make searches faster in (I would believe) Windows Vista, it makes sense that they would eventually add a service to create thumnails on-the-fly for new pictures so that it's faster to open the photo viewer.
  37. 1 point
    Hello, If you could attach copies of a clean and encrypted file, along with the email message and its malicious attachment, that would be extremely helpful. The following, targets the infection for removal. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-2267958575-3383068860-2487277251-1208\...\Run: [Eztion] => C:\Users\RochelleBeukes\AppData\Local\Eztion\2550232.exe [131952 2016-06-06] () HKU\S-1-5-21-2267958575-3383068860-2487277251-1208\...\Run: [UXmedia] => regsvr32.exe C:\Users\RochelleBeukes\AppData\Local\UXmedia\cjqkixdl.dll <===== ATTENTION HKU\S-1-5-21-2267958575-3383068860-2487277251-1208\...\Run: [Ummedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\RochelleBeukes\AppData\Local\Eztion\hqckucpc.dll HKU\S-1-5-21-2267958575-3383068860-2487277251-1208\...\Run: [Crypted] => C:\Users\RochelleBeukes\AppData\Local\temp\a.txt [1336 2016-06-09] () <===== ATTENTION HKU\S-1-5-21-2267958575-3383068860-2487277251-1208\...\Run: [**slgnhigb<*>] => mshta javascript:YQwBu3MBA="rbgMjTgWlt";R7L=new%20ActiveXObject("WScript.Shell");qyj13Miyj="WJwRO";XcHY39=R7L.RegRead("HKCU\\software\\avcard\\jbwa");ap7sRoDsU="NOUP";eval(XcHY39);EtVIT4J="ueWSTUx"; <===== ATTENTION (Value Name with invalid characters) HKU\S-1-5-21-2267958575-3383068860-2487277251-1208\...\Run: [**ldwbofpjld<*>] => "C:\Users\RochelleBeukes\AppData\Local\9fdc6\65dbe.lnk" <===== ATTENTION (Value Name with invalid characters) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) CHR Profile: C:\Users\RochelleBeukes\AppData\Local\Google\Chrome\User Data\Default[UpdateUrl: hxxps://clients2.google/service/hdnjmejjndcgedcnfmcldfnaplgjbhdl] <==== ATTENTION 2016-06-09 08:04 - 2016-06-09 08:04 - 00000000 ____D C:\Users\RochelleBeukes\AppData\Roaming\bf9f6 2016-06-09 08:04 - 2016-06-09 08:04 - 00000000 ____D C:\Users\RochelleBeukes\AppData\Local\9fdc6 2016-06-06 09:17 - 2016-06-06 09:12 - 00750320 ___SH (AutoIt Team) C:\Users\RochelleBeukes\AppData\Roaming\hFKbVbXGFgZEbFHOcIEWL.exe 2016-06-06 09:17 - 2016-06-06 09:12 - 00216080 ___SH C:\Users\RochelleBeukes\AppData\Roaming\RUNWSNYYcGVY 2016-06-06 09:17 - 2016-06-06 09:12 - 00029566 ___SH C:\Users\RochelleBeukes\AppData\Roaming\hFKbVbXGFgZEbFHOcIE 2016-06-06 05:35 - 2016-06-06 05:35 - 00069632 _____ C:\Users\RochelleBeukes\AppData\Roaming\Linker.dll 2016-05-19 16:25 - 2016-05-19 16:25 - 00085554 _____ C:\ProgramData\1463660585.bdinstall.bin 2016-05-19 13:21 - 2016-05-19 13:21 - 00083315 _____ C:\ProgramData\1463660491.bdinstall.bin 2016-05-19 13:20 - 2016-05-19 13:20 - 00000921 _____ C:\ProgramData\1463660362.4708.bin 2016-05-19 13:19 - 2016-05-19 13:22 - 00081400 _____ C:\ProgramData\1463660362.1664.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 00048806 _____ C:\ProgramData\1463660362.3988.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 00028149 _____ C:\ProgramData\1463660362.3980.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 00006251 _____ C:\ProgramData\1463660362.3992.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 00004141 _____ C:\ProgramData\1463660362.4264.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 00001950 _____ C:\ProgramData\1463660362.3996.bin 2016-05-19 13:19 - 2016-05-19 13:19 - 00009150 _____ C:\ProgramData\1463660362.508.bin 2016-05-19 13:19 - 2016-05-19 13:19 - 00004292 _____ C:\ProgramData\1463660362.1256.bin 2016-05-19 13:19 - 2016-05-19 13:19 - 00001039 _____ C:\ProgramData\1463660362.524.bin 2016-05-19 13:18 - 2016-05-19 13:18 - 00047265 _____ C:\ProgramData\1463660281.bdinstall.bin 2016-05-19 13:15 - 2016-05-19 13:15 - 00044382 _____ C:\ProgramData\1463660121.bdinstall.bin 2016-05-19 13:13 - 2016-05-19 13:13 - 00044380 _____ C:\ProgramData\1463660010.bdinstall.bin 2016-05-19 13:12 - 2016-05-19 13:12 - 00044380 _____ C:\ProgramData\1463659907.bdinstall.bin 2016-05-18 09:04 - 2016-05-18 09:04 - 00095335 _____ C:\ProgramData\1463558467.bdinstall.bin 2016-06-06 09:17 - 2016-06-06 09:12 - 0029566 ___SH () C:\Users\RochelleBeukes\AppData\Roaming\hFKbVbXGFgZEbFHOcIE 2016-06-06 09:17 - 2016-06-06 09:12 - 0750320 ___SH (AutoIt Team) C:\Users\RochelleBeukes\AppData\Roaming\hFKbVbXGFgZEbFHOcIEWL.exe 2016-06-06 05:35 - 2016-06-06 05:35 - 0069632 _____ () C:\Users\RochelleBeukes\AppData\Roaming\Linker.dll 2016-06-06 09:17 - 2016-06-06 09:12 - 0216080 ___SH () C:\Users\RochelleBeukes\AppData\Roaming\RUNWSNYYcGVY 2016-05-18 09:04 - 2016-05-18 09:04 - 0095335 _____ () C:\ProgramData\1463558467.bdinstall.bin 2016-05-19 13:12 - 2016-05-19 13:12 - 0044380 _____ () C:\ProgramData\1463659907.bdinstall.bin 2016-05-19 13:13 - 2016-05-19 13:13 - 0044380 _____ () C:\ProgramData\1463660010.bdinstall.bin 2016-05-19 13:15 - 2016-05-19 13:15 - 0044382 _____ () C:\ProgramData\1463660121.bdinstall.bin 2016-05-19 13:18 - 2016-05-19 13:18 - 0047265 _____ () C:\ProgramData\1463660281.bdinstall.bin 2016-05-19 13:19 - 2016-05-19 13:19 - 0004292 _____ () C:\ProgramData\1463660362.1256.bin 2016-05-19 13:19 - 2016-05-19 13:22 - 0081400 _____ () C:\ProgramData\1463660362.1664.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 0028149 _____ () C:\ProgramData\1463660362.3980.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 0048806 _____ () C:\ProgramData\1463660362.3988.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 0006251 _____ () C:\ProgramData\1463660362.3992.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 0001950 _____ () C:\ProgramData\1463660362.3996.bin 2016-05-19 13:19 - 2016-05-19 13:20 - 0004141 _____ () C:\ProgramData\1463660362.4264.bin 2016-05-19 13:20 - 2016-05-19 13:20 - 0000921 _____ () C:\ProgramData\1463660362.4708.bin 2016-05-19 13:19 - 2016-05-19 13:19 - 0009150 _____ () C:\ProgramData\1463660362.508.bin 2016-05-19 13:19 - 2016-05-19 13:19 - 0001039 _____ () C:\ProgramData\1463660362.524.bin 2016-05-19 13:21 - 2016-05-19 13:21 - 0083315 _____ () C:\ProgramData\1463660491.bdinstall.bin 2016-05-19 16:25 - 2016-05-19 16:25 - 0085554 _____ () C:\ProgramData\1463660585.bdinstall.bin 2015-08-13 08:08 - 2015-08-13 08:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl C:\Users\RochelleBeukes\AppData\Local\temp\a.txt C:\Users\RochelleBeukes\AppData\Local\temp\2550231.exe C:\Users\RochelleBeukes\AppData\Local\temp\2550232.exe C:\Users\RochelleBeukes\AppData\Local\temp\a1.exe C:\Users\RochelleBeukes\AppData\Local\temp\a2.exe Task: C:\Windows\Tasks\EPSON WF-5620 Series Invitation {C1953C24-201A-4E6E-BDC7-B195192E56A1}.job => Task: C:\Windows\Tasks\EPSON WF-5620 Series Invitation {E3FC35DC-20D3-49FE-8C32-393224EAFB41}.job => Task: C:\Windows\Tasks\EPSON WF-5620 Series Update {C1953C24-201A-4E6E-BDC7-B195192E56A1}.job => Task: C:\Windows\Tasks\EPSON WF-5620 Series Update {E3FC35DC-20D3-49FE-8C32-393224EAFB41}.job => Shortcut: C:\Users\RochelleBeukes\AppData\Local\9fdc6\65dbe.lnk -> C:\Users\RochelleBeukes\AppData\Local\9fdc6\92ff8.bat () 2016-06-06 09:18 - 2016-06-06 09:17 - 00131952 _____ () C:\Users\RochelleBeukes\AppData\Local\Eztion\2550232.exe HKU\S-1-5-21-2267958575-3383068860-2487277251-1208\Software\Classes\10b53: mshta "javascript:bqGCvWFh92="OBg";Hi47=new ActiveXObject("WScript.Shell");gFW6xw6B="yfV";MP5lH=Hi47.RegRead("HKCU\\software\\avcard\\jbwa");H4RuxiJq="HRrWBa";eval(MP5lH);bPzJnz5="KRsJ5";" <===== ATTENTION C:\Users\RochelleBeukes\AppData\Local\Eztion\2550232.exe C:\Users\RochelleBeukes\AppData\Local\Eztion\2550232.exe C:\Users\RochelleBeukes\AppData\Local\Eztion\hqckucpc.dll C:\Users\RochelleBeukes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOGJ9PCG\87b6d4790c1d2416[1].png C:\Users\RochelleBeukes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOGJ9PCG\9127[1].png C:\Users\RochelleBeukes\AppData\Local\temp\2550231.exe C:\Users\RochelleBeukes\AppData\Local\temp\2550232.exe C:\Users\RochelleBeukes\AppData\Local\UXmedia\cjqkixdl.dllClose Notepad.NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  38. 1 point
    You're welcome. Hopefully it won't be long before our developers are able to take a look at the issue.
  39. 1 point
    You can add the BatchGotAdmin batch code to the beginning of your batch file as a workaround for this issue. It may require some editing to pass the path of your file to be scanned to the VBS file (I haven't tested whether passing parameters to a batch file that uses BatchGotAdmin will be preserved after the batch file is reopened by the VBScript).
  40. 1 point
    You are right, basically EIS would be sufficient - I have added a little extra (MBAM), but, admittedly, I don't know if on top this combo another tool is necessary (like MBAE). MBAM was highly recommended to me, some time ago. But I confess - EIS + MBAM or EIS + MBAE of EIS + MBAM + MBAE which combination would be the best, I wouldn't know... so, to avoid possible conflicts or slowdowns, I assumed... EIS/MBAM would be sufficient. This combo is doing fine and MBAM has an active dedicated forum. =
  41. 1 point
    Not working in sales, sorry. I have full trust in Thomas though
  42. 1 point
    @Alexstrasza Read AGAIN! I disabled EIS Firewall and tried other options to find out what the problem with EIS STANDALONE is. It's the firewall part. It's having issues.
  43. 1 point
    Hello, Sorry you're having troubles with EIS. And thank you for attaching the minidumps. I will investigate this asap.
  44. 1 point
    Dear Captain, Our licensing system allows up to five hardware changes withing every 24 hours. As the generated machine key changes if you change specific hardware components or re-install/upgrade OS our system will count a hardware change in such cases. So you could change hardware or OS up to five time each day without any problems. Please let us know if we can assist any further.
  45. 1 point
    Can you post a screenshot of the error, or tell us what it says?
  46. 1 point
    Download RogueKiller from one of the following links and save it to your desktop: Link 1 Link 2Close all programs and disconnect any USB or external drives before running the tool. Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator). Once the Prescan has finished, click Scan. Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything! Attach the RogueKiller report to your next reply. The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex) The highest number of [X], is the most recent Scan
  47. 1 point
    When we changed our product name, we didn't change a lot of the file names, so most of them still start with a2 (such as a2service.exe, a2start.exe, a2guard.exe, a2wizard.exe, etc).
  48. 1 point
    Um die Hilfe zu zitieren: Also einfach das Setup mit dem /DIR Parameter starten und den Ordner angeben, in den man installieren möchte. Empfehlenswert ist es allerdings nicht. Insbesondere wenn man auf andere Partitionen als der Bootpartition installiert.
  49. 1 point
    Hello, can anyone please provide a set of debug logs? Instructions of how to create such logs can be found here: http://support.emsis...ity-debug-logs/ Just follow the instructions to enable the logs and reboot. After the reboot you can capture the logs as described in the article. You can send them to [email protected] Please make sure to include a reference to this link to make your submissions easier to track. After you got the logs for me, disable debug logging again as those logs can get quite large if you keep them enabled over a longer period of time
  50. 1 point
    They are the same. Just without the Firewall references and the Internet Security changed to Anti-Malware. As we said countless time before, as long as Online Armor continues to pay for its own development, we don't see a reason to discontinue it. Both do work fine together. You just can't run Emsisoft Internet Security and Online Armor in parallel.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up