Jump to content

Christian Mairoll

Emsisoft Employee
  • Posts

    1317
  • Joined

  • Days Won

    118

Everything posted by Christian Mairoll

  1. I can assure that we'll provide regular updates for the T3.dll as long as we get them from the vendor who makes it (Ikarus) or as long as they don't require us to make significant changes in the implementation.
  2. Usually after 50 missed update intervals (1-2 weeks) the changes have the same size as the full database. So there is by design no fix for that issue. The E2 engine signatures use a complex file format and the data is changed frequently. I'm sorry to not have any better news to you.
  3. You can avoid the full signature package download if you continously update your version at least every 3 days. Then it download just incremental small updates of less than 1 MB per day. Incremental updates are only available for the last 50 updater intervals. If you miss more than 50, you have to download the full package again.
  4. The latest T3.dll is now available in Online Armor's online update too. There was a delay of a few days because we needed to verfiy that it works correctly before publishing. I'm sorry for the extra waiting time.
  5. Short answer: YES Emsisoft Anti-Malware is a full antivirus package. Including 3 layers to stay protected from all types of malware: Surf protection to block known dangerous websites, file guard that scans all downloads and new files in realtime with the dualengine and a behavior blocker that monitors live the behavior of all active programs. Why our product is called "Anti-Malware": Malware is the covering term for all types of viruses, trojans, bots, rootkits. It describes malicious software in general. Viruses are just 5% of total dangers today. However, during the last years the name Anti-Malware became more and more a synonyme for specialized removal software that is limited to the hard to remove cases. Malwarebytes e.g. claims that it is a complementary tool to classic antivirus programs and therefore it can't be directly compared with Emsisoft Anti-Malware. MalwareResearchGroup's test included real time protection. That means they tried to run a number of brand new viruses, trojans and rootkits and watched if the candidates were able to block them successfully. This is what Emsisoft Anti-Malware is specialized in and the test results confirm that.
  6. The Emsisoft malware research team has discovered a new outbreak of the System Fix rogue. Emsisoft Anti-Malware detects this malware as Rogue.Win32.SystemFix. System Fix is a rogue application, another variant of System Restore, Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AllUsersProfiles%Application Data[random] %AllUsersProfiles%Application Data[random].exe %AllUsersProfiles%Application Data[random].exe %AllUsersProfiles%Application Data~[random] %AllUsersProfiles%Application Data~[random] %AllUsersProfiles%Local SettingsTemp37dbffa0005fc824.exe %AppData%MicrosoftInternet ExplorerQuick LaunchSystem Fix.lnk %UserProfile%DesktopSystem Fix.lnk %Temp%36.tmp %Temp%ulN4aaevqp3o76.exe.tmp %Temp%smtmp %Temp%smtmp1 %Temp%smtmp2 %Temp%smtmp4 %UserProfile%Start MenuProgramsSystem Fix %UserProfile%Start MenuProgramsSystem FixSystem Fix.lnk %UserProfile%Start MenuProgramsSystem FixUninstall System Fix.lnk Create/modify registry entries: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionPoliciesExplorerRun [random]: %AllUsersProfiles%Local SettingsTemp37dbffa0005fc824.exe HKEY_CURRENT_USERControl Panel nsreg: 0010C24E bin: 43003A005C0044006F00630075006D006500… HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem DisableTaskMgr: 0×00000001 HKEY_CURRENT_USERSoftware 75fa38b7-8b94-4995-ad32-52e938867954: BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00… HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain Use FormSuggest: “Yes” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings WarnonBadCertRecving: 0×00000000 CertificateRevocation: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop NoChangingWallPaper: 0×00000001 HidNoChangingWallPaperden: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer NoDesktop: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov; .mp3;.m3u;.wav;.scr;” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments SaveZoneInformation: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun %random%: “%AllUsersProfile%Application Data%random%.exe” HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload CheckExeSignatures: “no” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced Hidden: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced ShowSuperHidden: 0×00000000 HTTP Requests: ld2repgnifnmgfk.com 85.121.39.27 galaxyadvanta.com pubidviseron.com subishiphil.com Screenshots: To register and uninstall this rogue application, you can try the following serial number, and enter any email: 1203978628012489708290478989147 How to remove the infection of System Fix (Rogue.Win32.SystemFix)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Data Restore Adware Removal Instructions System Restore Adware Removal Instructions Data Recovery Adware Removal Instructions System Recovery Adware Removal Instructions PC Repair Adware Removal Instructions View the full article
  7. I'll have a look into the defaul naming procedure. Thanks for letting me know.
  8. The Emsisoft malware research team has discovered a new outbreak of the AV Security 2012. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVSecurity2012. AV Security 2012 is a rogue application. This is another variant of System Security 2011, AV Protection Online, Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %SystemRoot%system32AV Security 2012v121.exe %AppData%ldr.ini %AppData%[random] %AppData%[random] %AppData%[random]AV Security 2012.ico %AppData%[random] %UserProfile%DesktopAV Security 2012.lnk %UserProfile%Local SettingsTempB.tmp %UserProfile%Start MenuProgramsAV Security 2012 %UserProfile%Start MenuProgramsAV Security 2012AV Security 2012.lnk Create new registry entry: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRun “[random]=%SystemRoot%system32AV Security 2012v121.exe” Screenshots: To register and uninstall this rogue application, you can try the following serial number: 9992665263 How to remove the infection of AV Security 2012 (Adware.Win32.AVSecurity2012)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Security Guard 2012 Adware Removal Instructions System Security 2011 Adware Removal Instructions Security Sphere 2012 Removal Instructions AV Protection Online Adware Removal Instructions Guard Online Adware Removal Instructions View the full article
  9. The Emsisoft malware research team has discovered a new outbreak of the Privacy Protection. Emsisoft Anti-Malware detects this malware as Adware.Win32.PrivacyProtection. Privacy Protection is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AllUsersProfiles%Application Dataprivacy.exe %AllUsersProfiles%DesktopPrivacy Protection.lnk %Temp%6C.tmp Create new registry entries: HKEY_CURRENT_USERSoftwareEFF9375FC10561A906A809B93DD5038F FRun=”0″ O`ld=”Qshw`bx!Qsnudbuhno” Q`ui=”B;]Enbtldour!`oe!Rduuhofr]@mm!Trdsr]@qqmhb`uhno!E…” HKEY_CURRENT_USER|SoftwareMicrosoftWindowsCurrentVersionRun Privacy Protection = %AllUsersProfiles%Application Dataprivacy.exe Screenshots: How to remove the infection of Privacy Protection (Adware.Win32.PrivacyProtection)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Security Protection Adware Removal Instructions Security Sphere 2012 Removal Instructions Protection Center Adware Removal Instructions AV Protection Online Adware Removal Instructions Cloud Protection Adware Removal Instructions View the full article
  10. Welchen Leuten? Wenn ein 10er Paket mit dem entsprechenden Rabatt gekauft wird, ist das für einen Kunden mit 10 PCs gedacht. Nicht für Sammelbestellungen eines ganzen Vereins zB. Da kommt ein anderes Rabattmodell zum Tragen. Es gibt jedoch die Möglichkeit, die Lizenzen nachträglich in 10 individuelle zu zerteilen. Bitte dafür unseren Kundendienst unter [email protected] kontaktieren.
  11. Bei der erstmaligen Verwendung des Codes werden die Lizenzen auf dem Benutzerkonto aktiviert. Bei den anderen Installationen muß dann nur noch mit dem Benutzerkonto eingeloggt werden. Eine erneute Eingabe des Schlüssels ist nicht notwendig.
  12. Tritt das Problem dauerhaft auf? Wenn ja, bitte die Datei c:\program files\Emsisoft Anti-Malware\Logs\logs.db3 an [email protected] schicken.
  13. Kannst du bitte deine logs.db3 Datei an [email protected] schicken? Sie befindet sich normalerweise auf c:\Program files\Emsisoft Anti-Malware\Logs\ Vielen Dank!
  14. The Emsisoft malware research team has discovered a new outbreak of the System Security 2011. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemSecurity2011. System Security 2011 is a rogue application. This is another variant of AV Protection Online, Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %SystemRoot%system32[random].exe %AppData%ldr.ini %AppData%svhostu.exe %AppData%[random] %AppData%[random] %AppData%[random] %AppData%[random]System Security 2011.ico %AppData%[random] %UserProfile%DesktopSystem Security 2011.lnk %UserProfile%Local SettingsTempB.tmp %UserProfile%Local SettingsTempsvhostu.exe %UserProfile%Start MenuProgramsSystem Security 2011 %UserProfile%Start MenuProgramsSystem Security 2011System Security 2011.lnk Create new registry entries: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRun (String) [random] = %SystemRoot%system32[random].exe (String) [random] = %AppData%svhostu.exe Screenshots: To register and uninstall this rogue application, you can try the following serial number: 9992665263 How to remove the infection of System Security 2011 (Adware.Win32.SystemSecurity2011)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: AV Protection Online Adware Removal Instructions Cloud Protection Adware Removal Instructions Guard Online Adware Removal Instructions Security Guard 2012 Adware Removal Instructions AV Guard Online Adware Removal Instructions View the full article
  15. The Emsisoft malware research team has discovered a new outbreak of the AV Protection Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.AVProtectionOnline. AV Protection Online is a rogue application. This is another variant of Guard Online and Cloud Protection. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %SystemRoot%system32[random].exe %AppData%[random] %AppData%[random] %AppData%[random] %AppData%[random] %AppData%[random]AV Protection Online.ico %AppData%ldr.ini %AppData%svhostu.exe %UserProfile%DesktopAV Protection Online.lnk %UserProfile%Local SettingsTempsvhostu.exe %UserProfile%Local SettingsTempB.tmp %UserProfile%Start MenuProgramsAV Protection Online %UserProfile%Start MenuProgramsAV Protection OnlineAV Protection Online.lnk Create new registry entries: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRun (String) [random] = %SystemRoot%system32[random].exe (String) [random] = %UserProfile%Local SettingsTempsvhostu.exe Screenshots: To register and uninstall this rogue application, you can try the following serial number: 9992665263 How to remove the infection of AV Protection Online (Adware.Win32.AVProtectionOnline)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Guard Online Adware Removal Instructions Cloud Protection Adware Removal Instructions AV Guard Online Adware Removal Instructions Security Guard 2012 Adware Removal Instructions Security Protection Adware Removal Instructions View the full article
  16. Der Detailscan beginnt mit einem Rootkit Scan. Bei diesem werden Bootsektoren sowie das Windows Treiber Verzeichnis mit aktiviertem direkten Festplattenzugriff gescannt. Danach wird das reguläre Dateisystem aller lokalen Festplatten ohne direkten Festplattenzugriff gescannt. Archiv-Scan ist dabei auch aktiv. Wir raten davon ab, den direkten Festplattenzugriff zum Scannen von ganzen Festplatten zu aktivieren, da diese Methode nur unnötig lange dauert und sich Rootkits in erster Linie in Treibern verstecken bzw. diese ersetzen.
  17. The traces scan checks for known paths where spyware/adware, etc. installs by default. It uses the system-wide placeholders to identify the default "Program files" folder, windows folder and user profiles. Scanning is always done using relative paths from these.
  18. Beim Detailscan werden die TrackingCookies nicht gescannt. Diese sind für die Sicherheit nicht direkt relevant, d.h. es handelt sich dabei mehr um ein Privacy- bzw. Datenschutz-Feature. Daher ist es nur im eigenen Scan optional zuschaltbar.
  19. The Emsisoft malware research team has discovered a new outbreak of the Cloud Protection. Emsisoft Anti-Malware detects this malware as Adware.Win32.CloudProtection. Cloud Protection is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %ProgramFiles%Internet ExplorerBE.tmp %SystemRoot%system32%random%.exe %AppData%svhostu.exe %AppData%ldr.ini %AppData%%random% %AppData%%random% %AppData%%random% %AppData%%random%Cloud Protection.ico %AppData%%random% %UserProfile%DesktopCloud Protection.lnk %UserProfile%Local SettingsTempBF.tmp %UserProfile%Local SettingsTempC1.tmp %UserProfile%Local SettingsTempsvhostu.exe %UserProfile%Start MenuProgramsCloud Protection %UserProfile%Start MenuProgramsCloud ProtectionCloud Protection.lnk %UserProfile%Start MenuProgramsStartupcrss.exe Create new registry entries: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRun “%random%=C:WINDOWSsystem32%random%.exe” “%random%=%UserProfile%Local SettingsTempsvhostu.exe” Screenshots: To register and uninstall this rogue application, you can try the following serial number: 9992665263 How to remove the infection of Cloud Protection (Adware.Win32.CloudProtection)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Guard Online Adware Removal Instructions Security Guard 2012 Adware Removal Instructions AV Guard Online Adware Removal Instructions Protection Center Adware Removal Instructions Security Protection Adware Removal Instructions View the full article
  20. I'm sorry but I can't see any open unanswered tickets in our ticket system right now. Please send me a PM with your email adress and license key so I can have a closer look at your user account. Alternatively you can always send us an email to [email protected] too. Correct, that's because AV isn't disabled anywhere and there is absolutely no relation between your observed problem and the announcement. And therefore it wouldn't make sense to post it more prominently than here. If you'd have read carefully (sorry again to say this, no offense ), you'd have realized that there is no relation. You have either found a bug in the software (which has to be fixed asap) or your subscription simply ended. However, I can't say anything more in detail without knowing your email address or your license key. Not really. It's simply because our forum server is located in Germany with central european summer time which may be different to your time zone. But you can set your preferred time zone in your forum user profile settings to make it show the timestamps correctly.
  21. The Emsisoft malware research team has discovered a new outbreak of the Guard Online. Emsisoft Anti-Malware detects this malware as Adware.Win32.GuardOnline. Guard Online is a rogue application. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %ProgramFiles%Internet Explorer5C.tmp %SystemRoot%system32%random%.exe %AppData%ldr.ini %AppData%%random% %AppData%%random% %AppData%%random%Guard Online .ico %AppData%%random% %UserProfile%DesktopGuard Online .lnk %UserProfile%Local SettingsTempDX5B.tmp %UserProfile%Local SettingsTempDX5B.tmp.exe %UserProfile%Local SettingsTemp5D.tmp %UserProfile%Start MenuProgramsGuard Online %UserProfile%Start MenuProgramsStartupcrss.exe Create new registry entry: HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionRun “%random%=%SystemRoot%system32%random%.exe” Screenshots: To register and uninstall this rogue application, you can try the following serial number: 9992665263 How to remove the infection of Guard Online (Adware.Win32.GuardOnline)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: AV Guard Online Adware Removal Instructions Security Guard 2012 Adware Removal Instructions Win 7 Antispyware 2011 Adware Removal Instructions Security Sphere 2012 Removal Instructions Data Recovery Adware Removal Instructions View the full article
  22. The Emsisoft malware research team has discovered a new outbreak of the System Restore adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.SystemRestore. System Restore is a rogue application, another variant of Data Restore, Data Recovery, System Recovery, Master Utilities, PC Repair, HDD Repair and System Repair. A rogue application tries to trick you by displaying false positive or misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Create new files: %AllUsersProfiles%Application Data~%random%r %AllUsersProfiles%Application Data%random%.exe %AllUsersProfiles%Application Data%random%.exe %AllUsersProfiles%Application Data%random% %AllUsersProfiles%Application Data~%random% %UserProfile%DesktopSystem Restore.lnk %UserProfile%Local SettingsTempsmtmp %UserProfile%Local SettingsTempsmtmp1 %UserProfile%Local SettingsTempsmtmp2 %UserProfile%Local SettingsTempsmtmp4 %UserProfile%Start MenuProgramsSystem Restore %UserProfile%Start MenuProgramsSystem RestoreSystem Restore.lnk %UserProfile%Start MenuProgramsSystem RestoreUninstall System Restore.lnk Create/modify registry entries: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem DisableTaskMgr: 0×00000001 HKEY_CURRENT_USERSoftware 75fa38b7-8b94-4995-ad32-52e938867954: BD: 43 00 3A 00 5C 00 44 00 6F 00 63 00 75 00 6D 00 65 00 6E 00 74 00 73 00 20 00 61 00… HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain Use FormSuggest: “Yes” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings WarnonBadCertRecving: 0×00000000 CertificateRevocation: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop NoChangingWallPaper: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer NoDesktop: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAssociations LowRiskFileTypes: “.zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov; .mp3;.m3u;.wav;.scr;” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesAttachments SaveZoneInformation: 0×00000001 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun %random%: “%AllUsersProfile%Application Data%random%.exe” HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerDownload CheckExeSignatures: “no” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced Hidden: 0×00000000 HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced ShowSuperHidden: 0×00000000 Screenshots: To register and uninstall this rogue application, you can try the following serial number, and enter any email: 1203978628012489708290478989147 How to remove the infection of System Restore (Adware.Win32.SystemRestore)? To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine. Related Posts: Data Restore Adware Removal Instructions Data Recovery Adware Removal Instructions System Recovery Adware Removal Instructions PC Repair Adware Removal Instructions Master Utilities Adware Removal Instructions View the full article
  23. Please calm down and read the initial announcement carefully. It doesn't state anything that the current installations are being modified or trimmed down at all. It just said that we'll not continue to do changes on the ++ edition anymore. What you describe sounds like a critical bug, which could be caused by wrong license handling or your ++ subscription for the AV part simply ended. In such a situation it disables the AV and switches to premium mode. However, our customer support will help you to solve the problem asap.
×
×
  • Create New...