Popular Content

Showing content with the highest reputation since 10/13/09 in all areas

  1. 6 points
    As announced earlier, we are changing our firewall strategy and will soon merge Emsisoft Internet Security with Emsisoft Anti-Malware, effective as of our next release in October. Instead of developing our own firewall module, we’re going to rely on the built-in Windows Firewall core that has proven to be powerful and reliable. Its only weak point is the fact that anyone can freely change the firewall configuration. In other words, if malware manages to run on the PC with sufficient administrator permissions, it’s able to allow itself to get through the firewall. To resolve this vulnerability, we’ve developed a new Firewall Fortification feature for Emsisoft Anti-Malware’s Behavior Blocker as part of our 2017.8 release. Firewall Fortification detects and intercepts malicious actions from non-trustworthy programs in real time before they can cause any damage. Behavior Blocker alert: Firewall manipulation All 2017.8 improvements in a nutshell Emsisoft Anti-Malware New: Firewall Fortification feature that blocks illegitimate manipulations of Windows Firewall rules. Improved: Forensics logging. Fixed: Rare program freezes on opening the forensics log, confirming of surf protection notifications and during malware detection. Fixed: Computer restart instead of computer shutdown executed, when set for a silent scan. Several minor tweaks and fixes. Emsisoft Enterprise Console Improved certificate handling to avoid connectivity issues. Several minor user interface improvements. Several minor tweaks and fixes. How to obtain the new version As always, so long as you have auto-updates enabled in the software, you will receive the latest version automatically during your regularly scheduled updates, which are hourly by default. New users please download the full installer from our product pages. Note to Enterprise users: If you have chosen to receive “Delayed” updates in the Update settings for your clients, they will receive the new software version no earlier than 30 days after the regular “Stable” availability. This gives you time to perform internal compatibility tests before a new version gets rolled out to your clients automatically. Have a great, well-protected day! View the full article
  2. 3 points
    It means that the tests done by AV-C and AV-T have a clear image of how they think AV software should work. The problem arises when your product doesn't fit the mould. Then you get penalized for not doing what everyone else does, even though what everyone else does may not be in the best interest of the user, to begin with. Best example: Snooping around in your encrypted connections, which literally every AV vendor screwed up at least once in the past and probably will continue to happen, exposing users to potentially greater risks than most malware does. For starters, the test sets aren't nearly as representative anymore. When we participated in AV-T and AV-C both tested with less than 200 samples a month on average. 200 samples out of literally tens of millions. The exact selection isn't clear and not representative of what users deal with either. None of them tests with PUPs for example, even though a simple look at any tech support community will tell you, that it is probably by far the biggest problem users are dealing with. So no, neither of those test scores represents real-life performance and it becomes blatantly obvious when you go to places like Bleeping Computer, GeeksToGo, Trojaner Board, Malekal, and all those other communities where people infected by malware show up for help and look at what products these victims used at the time they became infected. Then you will notice that a lot of these products with perfect scores don't look nearly as perfect in real-life conditions. The reason for this discrepancy is quite simple: Most AV vendors will specifically optimise their products for these tests. The most severe cases are where vendors end up outright cheating and detecting the test environments which then results in a change of behaviour of the product (think Dieselgate, but with anti-virus). But there are many ways you can game these tests. For example: you can try to figure out the threat intel feeds the companies use, then just buy those same threat intel feeds so you have all samples in advance you can track their licenses and supply different signatures to them or use your cloud to treat those test systems differently some particularly shady organisations literally also sell you their sample and malicious URL feed, so you can just outright buy the samples and URLs your product will get tested on later What you end up with as a result is a product that is optimised really really well for the exact scenario they are being tested under using the exact type of URLs and samples these testers use, but that is utterly useless when it comes to anything else. We just really don't want to create this type of product. So when we were asked whether we wanted to continue to participate this year, we discussed the matter internally, looked at what we get out of these tests (meaning: whether these tests have a discernable impact on our revenue) and decided that they are simply not worth it and that the tens of thousands of Euros we spent on them every year would be better spent on extending our team and building new ways of keeping our customers safe.
  3. 3 points
    Hello, a2guard.exe is the visible protection process (to put it simple, the Emsisoft icon you see in the system tray). However actual protection drivers start a lot earlier. For example epp.sys (the Emsisoft Protection Platform driver) starts very early in the Windows boot process in order to ensure a protected system even when no user is logged in yet and no other programs have been started.
  4. 2 points
    https://www.bleepingcomputer.com/news/google/google-will-block-third-party-software-from-injecting-code-into-chrome/ Our Surf Protection works by filtering DNS requests made by running applications. Since EAM doesn't use network filter drivers, it has to achieve this using code injection. Now that Chromium is blocking code injection by third-party applications, our Surf Protection will not work with it until we are able to make some changes. My recommendation is to install uBlock Origin and uBlock Origin Extra (both work in Google Chrome and Vivaldi) to supplement until we can get our Surf Protection working in Chrome again. uBlock Origin is a free content blocker that not only blocks ads, but also used the extensive blacklists of malicious domains available from Malware Domain List and Malware Domains to block malicious content. Note: Vivaldi 1.15 (the current stable version) is based on Chromium 65 with backported security fixes from Chromium 66, 67, and 68. Vivaldi 2.0 is based on Chromium 69, and is currently available in testing builds. Anyone with the stable version of Vivaldi installed will not be effected by this issue. Anyone using a Vivaldi 2.0 snapshot will also experience this issue with Surf Protection. Also note: Due to the added protection of an ad blocker, we recommend uBlock Origin (with uBlock Origin Extra for Chromium based browsers like Google Chrome, Vivaldi, and Opera) regardless of whether or not our Surf Protection is working with your web browser. Anti-Virus/Anti-Malware does not block ads by default (doing so can break some websites), and the companies that sell online advertising do not do a good enough job of preventing their ads from being abused by their clients, and there have been many cases of serious threats in advertisements even on legitimate websites. Please be aware that there is another content blocker called "uBlock". This is not the same thing as uBlock Origin, and is not recommended. The main reason for recommending uBlock Origin is due to its performance and memory usage being better than popular ad blockers (AdBlock, Adblock Plus, AdGuard, etc). If you wish to use one of those instead, then please feel free to do so, however I do not know if they are configured to use Malware Domain List and Malware Domains by default and recommend checking their configuration to ensure they are offering the same level of protection as uBlock Origin. If they are not configured to use these lists of malicious websites, then you should be able to add them through FilterLists.com. Note that this site was down at the time I posted this, so I was not able to check and verify that, however this site lists almost every popular filter list for ad and content blockers and it should include important blacklists like these.
  5. 2 points
    According to several reports, the latest Windows 10 Update pushed on Jan. 3rd is supposed to address the "Meltdown" security problem. However, due to changes to Windows kernel, Microsoft didn't make the update available to users without the "ALLOW REGKEY", and directed users to confirm with AV vendors if their products are compatible with the latest update. So is the current version of EAM compatible with this update?
  6. 2 points
    Emsisoft Anti-Malware is compatible with the Windows update. We also just published an update that sets the compatibility flag for all users of the beta, stable and delayed update feed. Keep in mind, that Microsoft uses the same flag for all anti-virus vendors. That means if you are using multiple anti-viruses or anti-malware applications, you are risking one of those products, like Emsisoft Anti-Malware, flagging the system as compatible, even though one of your other products is not compatible. There is, unfortunately, nothing we can do to prevent this as Microsoft does not account for the scenario of multiple security products being installed on the same system. This is the perfect example why we are recommending against using multiple security products in parallel. For further information, feel free to stop by our blog.
  7. 2 points
    Local is your machine, "this end" of a conversation. Remote is whatever machine's at the other end.
  8. 2 points
    I think you have made your point of view crystal clear for everyone, iwarren. Do we really nede more posts?
  9. 2 points
    That would help in this particular instance (alerts during an uninstall), however every rule that exists can decrease performance, so rules are generally not kept if they are not needed.
  10. 2 points
    You must have had Beta Updates enabled as EIS 11 is still beta, and that kind of problems can happen with Betas Remedy. Uninstall 11 and then install 10 again and make sure that "Beta Updates" is disabled (unchecked)
  11. 2 points
    Good morning. Can we expect to get a fix for the updates not working soon, please? Having to disable the firewall to get updates seems an important bug to me. Thanks in advance and best regards, François
  12. 2 points
    I don't have any insight in the test-methodology apart from what the article states, but a few observations make me doubt the relevancy of this test: The test compares a number of different products: antirootkit scanners and anti-malware scanners. This makes no sense to me. TDSSkiller is an excellent Antirootkit scanner in my opinion, but it is a limited tool, you cannot compare this with a anti-malware scanner like EEK or MBAM because its simply a different product. The tested malware is for the most part very, very old and not seen in the wild anymore, even though the article states 2015 and "in the wild" in the title. To give a few examples: Alureon/TDL3/4 hasn't been around "in the wild" for at least 3 years (and thats estimating it very loosely) The article listed is from 2010 (!) http://contagiodump.blogspot.gr/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html?m=1 The same goes for ZeroAccess/Max++. The latest usermode version of that rootkit was active in 2013 and after the botnet was taken down for a large part, there has been no re-emergence of this malware. However, its kernelmode version was quite a bit older, this was last seen in 2011. Sure, its interesting to see how products perform against such rootkits, but how useful is it? Those rootkits were "retired" for a very good reason, they can no longer infected today's OS versions. Finally, I'm not one to make accusations, but I don't like "sponsored by..." tests. I'm fully willing to believe that Zemana was indeed the best product to remove all these infections, but I just think its not the best strategy for any testing lab to let a sponsor also participate in the tests, just to avoid any possible doubt as to the objectiveness of the test results.
  13. 2 points
    Derzeit bieten wir Email Support auf Deutsch, Englisch, Franzoesisch, Spanisch, Niederlaendisch, Russisch und Italienisch an.
  14. 2 points
    Hello, Jenn Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. Please change your user name to something that is not your email address. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  15. 2 points
    Hi und Herzlich Willkommen beim Emsisoft Support Forum! Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften) Starte jetzt FRST. Ändere ungefragt keine der Checkboxen und klicke auf Scan. Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop. Bitte beide Logfiles in der nächsten Anwort anhängen.
  16. 1 point
    I know it's not quite the same thing, but there is an "Add file" button in the quarantine that you can use to delete pretty much any file (files that are in use may require a reboot). Anyway, I'll go ahead and pass on your suggestions.
  17. 1 point
    All Emsisoft decrypters https://www.emsisoft.com/decrypter/ There will be a message in my article, if I lucky to live to such a significant event.
  18. 1 point
    Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2019-06-25 15:25 - 2019-06-25 15:25 - 000000000 _D C:\Users\klime\Desktop\umowy 2019-06-24 19:00 - 2019-06-24 19:27 - 000000000 __D C:\Users\klime\AppData\Roaming\vrguqgoqzs 2019-06-24 15:59 - 2019-06-24 15:59 - 000000000 ____D C:\WINDOWS\SysWOW64\tmumh 2019-06-24 15:59 - 2019-06-24 15:59 - 000000000 ____D C:\WINDOWS\system32\tmumh 2019-06-20 22:15 - 2019-06-20 22:15 - 000000048 ____H C:\Program Files (x86)\k5wlusm0mk.dat 2019-06-18 11:55 - 2019-06-18 11:55 - 000001024 C:\WINDOWS\SysWOW64\%TMP% ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak pliku ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Brak plikuClose Notepad.NOTE: It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemRun FRST64 and press the Fix button just once and wait.If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.NOTE: If the tool warns you about an outdated version please download and run the updated version.
  19. 1 point
  20. 1 point
    [!] No keys were found for the following IDs:[*] ID: kdKoug7mCqSlGVQyBnLCBiCVzGFqKASgYnaVFcph (.roldat )Please archive these IDs and the following MAC addresses in case of future decryption:[*] MAC: 8C:16:45:3D:C1:B6[*] MAC: B2:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:23[*] MAC: B0:FC:36:27:0F:24This info has also been logged to STOPDecrypter-log.txt
  21. 1 point
    You are dealing with two different ransomware. ID Ransomware picked up on the "second layer" of STOP Djvu with the .adobe extension. No way to determine what the first ransomware was without the malware or ransom note from it. Support topic for STOP Djvu: https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-tro-djvu-rumba-openmetxt-support-topic/
  22. 1 point
    Please upload an encrypted file or ransom note to ID-Ransomware and copy/paste the results here for one of the experts to look at. https://id-ransomware.malwarehunterteam.com
  23. 1 point
    Likewise: Start with Windows was turned off for me as well as dont update while in invisible mode. Also, in the new Protection panel, hovering the mouse pointer over the "i" icon produces no tooltip for: BB's "Suspicious programs" and File Guard's "Only scan...".
  24. 1 point
    That is possible, however keep in mind that Cry36 has been around for some time without any real progress being made in decryption, so please note that it may take a little while for security researchers and/or law enforcement to finally get their hands on the private keys to decrypt your files.
  25. 1 point
    So... is that specific webpage meant to show no file name, no file size etc?
  26. 1 point
    I see,I will check out the link. Customer service here is top notch! Thanks again Elise
  27. 1 point
    Won't we have to turn on Windows Firewall when the conversion takes place? How will we know when to do that?
  28. 1 point
    the issue seems to be fixed and will be available in the 2017.8 beta release
  29. 1 point
    Thanks hjlbx. I guess I will try to install the update after a fresh os install offline then and see if that works, that was my next guess but have a bunch of stuff reinstalled on this now, thinking support here would have a bright idea and I wouldn't have to reinstall windows 3 times to get my virus software to work! But as stands after 5 years with emsisoft on 5 + pc's and multiple devices for my self and countless other recommendations to people, I wont be renewing with the current support for this issue.. It always erked me that if I forgot to download the none standard patch after setting up a new pc, it would go to the boot loop and hang issue if I was putting this on a windows 7 box for people, but the product and support out weighed the inconvenience. but right now I have to go even further out of my way to install this software by the looks of things, on what is still the best "microsoft update supported" available windows operating system, don't try to force me to use windows 10. you guys really need to come together with Microsoft to get your product to work out of the box. because if you put all your eggs in one basket getting your software to work for just windows 10, I'm afraid I got bad news for you guys. they are always making another piece of crap os version to out do the last and they use it for years while they fix the next piece of crap they release. I miss online armor and the old virus software you guys had.
  30. 1 point
    We're aware of the issue. Some parts of Windows 10 seem to detect that Emsisoft Internet Security's firewall is active, and some do not.
  31. 1 point
    If you are concerned about PowerShell: Uninstall it. Most people don't need it anyway. It's one less infection vector to worry about.
  32. 1 point
    It was a false positive caused by BitDefender's anti-virus engine (which we use along with our own anti-virus technology to increase effectiveness). The false positive was fixed by BitDefender, and when the update was downloaded Emsisoft Anti-Malware offered to restore the falsely detected file from the quarantine. There should be no harm in doing this. As for the logs, I don't see anything wrong in them. Here's a couple of things you can try, and see if you get different results: Disable all of your extensions and see if Walmart.com works normally. If it does, turn your extensions back on one at a time, trying Walmart.com after each one until it works, until you find the offending extension. Try another web browser to see if Walmart.com works in it (Vivaldi for instance is a Chromium-based browser that can install Google Chrome extensions).
  33. 1 point
    I've confirmed the issue, collected some debug information, and am sending it to our QA Manager.
  34. 1 point
    Actually, the hotfix says that it was CorelDRAW and other applications. Those applications included: Internet Explorer, AutoCAD, Orthotrac, QuickBooks, KeyDepot and a couple of SAP applications. Since every Windows user has Internet Explorer and a large number of applications rely on it working properly, as they use IE internally, everyone gets the hotfix. Signatures are program code as well. A significant portion of the signature database contains executable code. Code that relies on the applications using it to behave a certain way. That is why we don't allow to only update one or the other. Both have to be updated at the same time. Or just switch to the delayed update feed that gets updates with hotfixes included a couple of weeks later.
  35. 1 point
    You are right, basically EIS would be sufficient - I have added a little extra (MBAM), but, admittedly, I don't know if on top this combo another tool is necessary (like MBAE). MBAM was highly recommended to me, some time ago. But I confess - EIS + MBAM or EIS + MBAE of EIS + MBAM + MBAE which combination would be the best, I wouldn't know... so, to avoid possible conflicts or slowdowns, I assumed... EIS/MBAM would be sufficient. This combo is doing fine and MBAM has an active dedicated forum. =
  36. 1 point
    Hi Yes I Confirm it This is Bug Thanks
  37. 1 point
    go to custom scan -> filter for file extensions
  38. 1 point
    Do the following: Download AdwCleaner and save it on your desktop. Close all open programs and Internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on the Scan button. After the scan has finished, click on the Clean button. Confirm each time with OK. You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.NOTE: If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer. Download Junkware Removal Tool and save it on your desktop.Run the tool by double-clicking it. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Copy the below code to Notepad; Save As fixlist.txt to your Desktop.HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\MountPoints2: E - E:\setup.exe HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\MountPoints2: {21a1ecea-bb71-11e4-92f9-001fd0914874} - F:\setup.exe HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\MountPoints2: {e5753c7b-7933-11e4-96c3-001fd0914874} - E:\Autorun.exe HKU\S-1-5-21-1757470469-641696451-1101771346-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2012-06-13] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs-x32: 0 => "0" File not found BootExecute: autocheck autochk * 愀甀琀漀挀栀攀挀欀 琀甀爀攀最漀瀀琀 GroupPolicyScripts: Group Policy detected <======= ATTENTION GroupPolicyScripts\User: Group Policy detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-1757470469-641696451-1101771346-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Plugin HKU\.DEFAULT: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X] U3 SecureAPlusService; No ImagePath S1 zoksagaictyil5; system32\drivers\zoksagaictyil5.sys [X] 2015-07-20 15:21 - 2015-07-20 15:21 - 04787392 _____ C:\Windows\install1480516.exe 2015-07-20 15:21 - 2015-07-20 15:21 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2015-07-19 17:30 - 2015-07-19 17:30 - 54641120 _____ () C:\Windows\bdbrowserSetup-7.5.502.1764-ftn_1000010293.exe 2015-07-19 17:30 - 2015-07-19 17:30 - 00000000 ____D C:\Windows\SysWOW64\%LOCALAPPDATA% 2015-07-21 13:15 - 2015-07-25 18:42 - 0015313 _____ () C:\Users\Jenya\AppData\Roaming\1.zip 2015-07-21 13:15 - 2015-07-25 18:42 - 0007196 _____ () C:\Users\Jenya\AppData\Roaming\2.txt 2015-05-08 20:34 - 2015-07-30 14:28 - 0000615 _____ () C:\Users\Jenya\AppData\Roaming\burnaware.ini 2015-06-18 12:42 - 2015-06-18 12:42 - 0009950 _____ () C:\Users\Jenya\AppData\Roaming\ENG_5600.zip 2015-04-05 20:57 - 2015-04-05 20:57 - 0000000 _____ () C:\Users\Jenya\AppData\Roaming\gdfw.log 2015-04-05 20:57 - 2015-06-06 14:07 - 0004674 _____ () C:\Users\Jenya\AppData\Roaming\gdscan.log 2003-04-09 06:28 - 2003-04-09 06:28 - 0233472 ____R () C:\Users\Jenya\AppData\Roaming\MafiaSetup.exe 2015-05-25 19:06 - 2015-05-25 19:14 - 0000032 _____ () C:\Users\Jenya\AppData\Roaming\mbam.context.scan 2015-07-21 18:42 - 2015-07-21 18:42 - 0000036 _____ () C:\Users\Jenya\AppData\Local\housecall.guid.cache 2015-06-13 11:49 - 2015-06-13 11:49 - 0007605 _____ () C:\Users\Jenya\AppData\Local\Resmon.ResmonCfg 2015-06-30 13:10 - 2015-06-30 13:10 - 0000262 _____ () C:\ProgramData\fontcacheev1.dat 2015-04-23 13:56 - 2015-04-23 13:56 - 0012591 _____ () C:\ProgramData\mptmqteo.hmi C:\ProgramData\fontcacheev1.dat C:\Users\Все пользователи\fontcacheev1.dat Reg: reg delete "HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLETASKMGR" /f Reg: reg delete "HKEY_USERS\S-1-5-21-1757470469-641696451-1101771346-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM" /v "DISABLEREGISTRYTOOLS" /f AlternateDataStreams: C:\ProgramData:NT AlternateDataStreams: C:\ProgramData:NT2 AlternateDataStreams: C:\Users\All Users:NT AlternateDataStreams: C:\Users\All Users:NT2 AlternateDataStreams: C:\Users\Все пользователи:NT AlternateDataStreams: C:\Users\Все пользователи:NT2 AlternateDataStreams: C:\ProgramData\Application Data:NT AlternateDataStreams: C:\ProgramData\Application Data:NT2 AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 AlternateDataStreams: C:\Users\Jenya\Application Data:NT AlternateDataStreams: C:\Users\Jenya\Application Data:NT2 AlternateDataStreams: C:\Users\Jenya\AppData\Roaming:NT AlternateDataStreams: C:\Users\Jenya\AppData\Roaming:NT2 AlternateDataStreams: C:\Users\Public\DRM:احتضان AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT AlternateDataStreams: C:\Users\Все пользователи\Application Data:NT2 AlternateDataStreams: C:\Users\Все пользователи\TEMP:1CE11B51Close Notepad.NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  39. 1 point
    It doesn't matter what you said, you are not going to change their mind. Emsisoft is not only vendor out there that are using BitDefender engine alongside its engine, GData,F-Secure,Lavasoft Ad-AWare,and Microworld EScan are using BitDefender engine plus their own engine. Also, i forgot to mention 360 Total Security that use BitDefender and Avira engine as well. But i still don't know Why you are still fighting over this topic? As long one of them is detect the threats and prevent them harmful actions that all we want. Nobody wants virus and malware runs wild on their machine, and a lot of us doesn't care whether is Emsisoft detect the threat or BitDefender detect the threats. As long they are not running or slip into our computer that's all they care.
  40. 1 point
    Fabian, Would you ask the team to look into creating an option that allows us to not prompt for reboots during a specified time period? For my business clients I need to NOT have it request a reboot during the day when they are working. Most of my clients are in the healthcare industry, and asking for a reboot when they are working with a patient is a BIG problem. If you click on Close when it prompts for a reboot, it pops back up within a coupe of minutes asking for a reboot again.
  41. 1 point
  42. 1 point
    Hello Fish, Thanks for the update . If you run into any other issues, please don't hesitate to contact us again.
  43. 1 point
    Hello, Would it be possible to get access to your system via remote desktop solutions like TeamViewer to further debug the problem?
  44. 1 point
    If the EAM and OA licenses don't expire at the same time, then I would probably average some time between them for the expiration date on the EIS license. I'll ask one of our sales representatives to clarify exactly where in between the two expiration dates it should be set.
  45. 1 point
    Hello, Москвич Welcome to the Emsisoft Support Forums. My name is Kevin, and I will be helping you fixing your problems. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread also read the Emsisoft Support Forums Terms of Use To Highlight a few:
  46. 1 point
    I think I have an alternate solution. Create an account at this link, and then let me know once you've done that. Once you have an account, I can create a 5-day Online Armor Premium license for you in our system, and that should give you enough time to backup your settings, reinstall Online Armor, and then restore your settings.
  47. 1 point
    You can simply restore all quarantined files from the EAM quarantine. That should fix any troubles caused by this false positive. We already provided emergency updates about 2 hours ago that fixed this particular issue as well.
  48. 1 point
    Hi G11, I changed the settings from OpenDNS to ClearCloud and did not experienced any issues with manual update neither with EAM Free not with Mamutu on XP Which was this update 2011-02-05 00:54: Whitelist signatures (revised) Signatures for known good applications You always can check recent changelog Then I changed to ClearCloud on Win7 x64, where full EAM Suite is installed. At the moment I don't see any issues as well. The Software is communicating with its server(s) correctly There were no updates since the last one mentioned above, so we have to wait I will report back when auto-update will deliver signatures or and/or modules Can you please perform this test when ClearCloud DNS is set? Download Ikarus signatures (t3sigs.vdb) from here No need to download all - just start and then cancel download if any That's working here as well with ClearCloud being set My regards P.S. all changes regarding DNS were made manually. I did not use their Utility, but that must not be an issue, since that one allegedly just provides convenience re: changing settings... and I am sure that you checked those by visiting TCP/IP Properties
  49. 1 point
    Thanks H_D. Sure that will better work with CLS rather than with EAM. In addition to mentioned Net you can use SC (see descriptions by issuing >SC /?) and How to create a Windows service ============== I still don't see the way in order to use anything like that (delays) with EAM. The reasons were explained above We have to be able to exit EAM, which was left unattended (additional action) and being aware of the result. Leaving that aside, and if we may abstract away from this issue - there are several tricks that can be used regarding stopping staring the service or process. Delaying using "approximated time" before & after is not a proper way to do that. If you are using programming language/advanced scripting and alike that is possible by employing APIs As for the more simplistic implementations like batches you can do the following For approximate delays when you want to wait a certain amount of time you can use: 1) Sleep.exe, which can be found in MS Resource Kit; 2) tricky-sneaky method, which would simply ping your PC "for nothing" like PING -n 11 > NUL in this case the batch file will pause for 10 seconds In order to determine more precisely whether the process is still running 3) quite interesting and rather better trick - a combination of Tasklist & Find commands command here :DELAY tasklist | find /i "procName.exe" > NUL if not %errorlevel%==1 goto :DELAY next command here Cheers!
  50. 1 point
    The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems. ----------------------------------------------------------- Using Add or Remove Programs in the Control Panel; uninstall the following: ----------------------------------------------------------- I highly recommend that you uninstall the following: Coupon Printer for Windows ----------------------------------------------------------- Your logs show no malware. The a-squared log is showing System Restore Points. Simply disable system restore to clear all Restore Points and then enable system restore to create a new Restore Point for your computer.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up