Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by Lynx

  1. Hi H_D,

    Thanks and indeed, what you are saying is is a known fact

    At the same time, what was posted by RoyD

    Once I reboot the PC defaults back to a Deep Scan...

    , is not clear, because we are under impression that the next Scheduled Scan is a Deep Scan despite the Custom one was set. Opening GUI was not mentioned

    So, your observation, and accordingly the question is pretty much sharp (as usual ;) )

    Let's hope that RoyD will respond soon and all will be sorted out


    There may be a little confusion here.

    If you setup a scheduled scan with custom settings, the scheduled scan will use those settings each time it runs.

    When you open the scan page, though, it will always show Deep Scan as being the default scan.

    These are two different things.

  2. In addition to the above

    One of the best helpers here - ctrlaltdelete responded to my request & tested the scheduled scan setting including the Reboot - that worked fine

    ... but... he is running v5 (beta accepted) and that's what I was always using (currently

    Can you please:

    - tick "Use beta Updates"; (Configuration > Update Tab)

    - set the Custom Scheduled scan;

    - Reboot;

    - and post the result of such experiment

    That will be highly appreciated


  3. Hi RoyD, thanks for the reply

    Hi I can now create custom scans, thanks
    That's already good,

    ... but re:

    ... It works before I reboot. Once I reboot the PC defaults back to a Deep Scan.

    How do I make these custom scans run with the scheduler?

    This misbehaviour was never noticed before :unsure:

    Thanks for pointing that out.

    That has to be re-tested & I hope the developers (and users) will reply

    Rest assured - if that is kinda new bug introduced - it will be fixed quickly

    In addition I'll ask some Gurus here to test, since currently I am running full EAM internal beta (the next version) plus the Scheduler is currently disabled anyway

    My regards

  4. Hi shaqan, welcome to the forum

    This thread is pretty much old "December 2010"

    It seems like users solved their issues by contacting Customer Service as it was advised in several replies above

    Then, as it is posted here

    For Windows XP SP3 (32bit), Vista SP2 (32bit & 64bit) and 7 (32bit & 64bit)
    According to the image you've provided you are running XP Pro x64

    So, what is an actual question re:

    ...Win2003 Server OS
    and ..."added support for the Itanium 2 processor" and how that relates to the license as that was the subject of this thread?

    Please be more specific when providing information to the developers

    My regards

  5. Hi Guys,

    There are many rogue AV's out there.

    Thing is that any known one can be modified easily, so current "real AV" based on just signatures (+ heuristics) would miss them.

    Usually you have to download an execute the offered file to get hit by anything

    Correct, "usually",... but not necessarily

    You can be infected just by visiting sites.

    Drive-by installation will be performed without any users interaction whatsoever, because the code executes straight away whether it is Active X (the most dangerous) or Java applet

    ... At the moment Google image search is a real minefield, almost every popular search has a few of these hijacked images

    That is not a matter of "search" at all

    Any spelling mistake e.g. when typing the site in address bar can bring you to nowhere ... or ... in many cases - to the malicious site

    The images/pop-ups/fake scanning of the PC will appear - that is just an animation (pre-recorded GIF). That's when some users are confused thinking that their PC were indeed scanned

    But the latter is different to drive-by download & installation

    Therefore you need additional layers of security in place.

    Despite the latter still will not protect you (us) 100% it will decrease the number of accidents

    EAM provides Surf Protection (hosts management); and it has Behavioral Blocker

    Most of decent Firewalls have HIPS

    You have to consider using secure DNS

    You have to avoid using browsers like IE that employs ActiveX technology

    Use more secure browsers (e.g. FireFox) and in addition having security Add-Ons like NoScript / RequestPolicy / etc.

    You may consider using link scanners whether those are real-time or Off-line, so you can check the link/site before clicking. Many of those will scan the site for an embedded malicious code

    Several latter mentioned measures definitely reduce fun of free surfing, but that's users choice

    That is impossible to cover all within this thread. Most discussions would be OffTopic,... speaking of which, for a change please read this ;)


    p.s. {added} forgot to mention few things

    - using Limited User Accounts Account instead of Admin


    - using Software like Run Safe (OA)

    - any Software like "Drop My Rights" (DMR) / or similar by SysInternals (PsExec)

    - sure do not forget Software like SandBoxie

  6. Hi RoyD, welcome to the forum

    Currently the default scan is Deep Scan (it was the Smart one in the past)

    The Smart Scan will do the following (in current version)

    Scan type: Smart Scan
    Objects: Memory, Traces, C:\WINDOWS\, C:\Program Files
    Scan archives: Off
    Heuristics: Off
    ADS Scan: On

    So, you can use Configuration > Scheduled Scan Tab > "Scan Setting File" option. See Help File (8.2)

    If you have explicitly specified a configuration file for the scanner then it performs a Smart Scan by default. To reduce the scan time this only scans the most important directories on the hard drive and not all files.

    You can also specify your own custom configuration file. To do this, click the "..." button and select a scan settings file (.a2s). You can create scan settings files using the Scanner. To do this, start the Scanner, select "Custom Scan" and then click the "Scan" button. Select the desired scan options and then click the "Save settings" button...

    Please ask if you have further questions

    My regards

  7. Hi Baserk,

    1st thing to check is whether you changed anything regarding permissions for "the user" ( Settings > Permissions Tab)

    Are there differences regarding options compare to "admin" account"?

    Then, if you search this forum for "EMET" you will find few discussions(e.g. this one) meaning - potentially there could be conflicts

    Therefore you may consider tweaking EMET as suggested in Configuration Guidelines

    My regards

  8. Hi Gib,

    The message you described was discussed/solved previously, but that applied to the installed version of EAM and or a2-free in the past and were related to incorrect or rather failed installation/uninstallation procedures carried by users

    There were never complains about EEK regarding the matter, since the latter doesn't need to be installed

    At the moment I would suggest that you follow the instructions by ShadowPuterDude in the "Malware Removal" section

    When that is resolved and your PC is in shape, we can return to the EEK/"a2framework.dll cannot be found" issue

    When and if you will return to this discussion, please:

    - answer the question as above : "Are you running emergencyscanner.bat from USB Stick or ?...";

    - do you have EAM installed as well?;

    - sure have a look whether a2framework.dll is present in \Run\ subdirectory;

    - Please provide more detailed information about your System Environment as in Forum Posting Rules #2)

    My regards

  9. Hi Gib

    Are you running emergencyscanner.bat from USB Stick or ?...

    There is no problem here

    As H_D pointed if you look into the said <>. bat

    cd Run
    start a2emergencykit.exe

    all it does is changing the directory (cd) to the \Run\ directory within the main EEK folder, where a2emergencykit.exe resides ... and it works

    My regards

    P.S. Just tested running it from the folder created on hard drive - again - there were no issues

    In addition what happens if you would run start.exe and choose EEK from the GUI?

  10. Hi qq543069760, welcome to the forum

    Sometimes there are temporary failures when servers are overloaded or it can be due to maintenance of the servers (again that's temporary)

    Try later

    Please provide more detailed information about your System Environment as in Forum Posting Rules #2)

    As soon as we can see all details we can provide more help

    1st thing to check is the rules created by your Firewall

    Remove all existing rules and recreate them - "Allow" as soon as you are asked

    Sure, it is important to know in addition whether you are using proxies... and so on

    At the moment there are no issues with updates from this location and with my current security settings

    My regards

  11. H_D, Thank you for the clarification. I saw that "Exit" in system tray pop-up, and thought it would just close the pop-up (based on the mind-set that Mamutu had no "off"). OK, now the whole Captcha-thing makes sense. My thanks to you and Lynx for your posts.

    You are welcome, Koosharem

    Just a few comments though regarding you system setup presented

    - major point - you should not rely on a native Windows Firewall (FW). Please choose decent 3rd party one: Emsisoft's OA / Outpost/ Comodo (I'm talking about FW only in this context)

    - You can still use SpyBot's immunization (only);

    - you can add SpywareBlaster to the set;

    - As for the AV - MSE is not the best candidate (my own opinion) despite its detection rate was improved a bit lately ... other comments would be Offtopic here ;)

    My regards

  12. Hi Koosharem, welcome to the forum

    Both features actually belong to protection techniques implemented in the Software in order to fight against unauthorized termination.

    1st, you can read about common use of "Captcha" here

    So, stopping/exiting the Software has to be confirmed by entering a code generated by the Software. That will identify you as a human ;) , who is deliberately stopping it

    The "Activate self protection" option protects the Software from being terminated or deactivated by Malware

    My regards

  13. Well, I'm translating the Mamutu to Polish language so I would like to see the translation results in Security Wizard (these steps: http://www.mamutu.com/en/kb/articles/tec080308/#2.1)...

    1st, thank you for the reply , Gienek & most importantly for you help with the translation

    Now, I must uninstall Mamutu, reboot the computer and once again install to see Security Wizard

    It seems like you have to do that , but I'm sure that will not stop you ;)

    You work is much appreciated



    Jeszcze Polska nie zginela,

    Kiedy my zyjemy...

  14. ...Is it possible to run Security Wizard in Mamutu 3 after the install?

    Hi Gienek,

    I'm not aware of such feature & personally for a long time of using EAM & Mamutu that was not needed

    There were just a few times for many years that I needed to Clean Reinstall due to using betas & experimenting "too much" :), and that always went fine ..., but that's it

    Can you please clarify the matter , meaning -

    Why would you think that the Wizard may be needed after the said Software is already in place?

    Any specific scenario?

    Please share your thoughts

    My regards

  15. In addition to the above

    Sure the "C:\Documents and Settings\" folders were not scanned

    thumb_8938496Files_to_be_flagged.png I copied few files that must be flagged by EAM/CLS into the C:\Documents and Settings\Administrator\ folder

    thumb_5935290CLS_SmartScan.png the Smart Scan finished

    The extract from the report:

    Emsisoft Commandline Scanner v.

    © 2003-2010 Emsi Software GmbH - www.emsisoft.com

    Emsisoft Commandline Scanner - Version 5.1

    Last update: 28/04/2011 10:04:07 PM

    Scan settings:

    Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\PROGRAM FILES

    Scan archives: Off

    Heuristics: Off

    ADS Scan: On

    Scan start: 29/04/2011 10:35:45 AM

    [664] C:\WINDOWS\system32\ntdll.dll




    Files: 114226

    Traces: 457444

    Cookies: 26

    Processes: 41


    Files: 0

    Traces: 19

    Cookies: 0

    Processes: 0

    Scan end: 29/04/2011 11:36:44 AM

    Scan time: 1:00:58

    What you may have in your report are records like this

    ... [3820] C:\Documents and Settings\.....\Application Data\Mozilla\Firefox\Profiles\........\libs\cooliris.dll

    But those are the processes, since /M parameter was used


    records related to the Registry where Traces were scanned , like

    ... c:\documents and settings\all users\... Menu.lnk...

    , since /T was used

    I can attach whole report, if you want ;)

    but basically, the WhiteList file you've created would better fit and to be tested with the Deep Scan, since the set of folders as in you post are not included into the Smart Scan type

    I hope that users and the developers will add some info (and/or correct me)

    My regards

  16. Hi HurlingMalware, welcome to the forum

    1st, please search the forum using keywords like "White List"/ "Whitelist" or alike

    You will find many discussions including using the feature with Command Line Scanner (CLS) or "a2cmd"

    e.g.: '>this one and some subsequent links inside

    Then the set of the parameters you've posted

    /memory /traces /cookies /smart /riskware /ntfs /quarantinelist

    does not include /WL=FoldersToIgnore.txt (the name of WhiteList is just a generic example)

    Finally, I have to refresh my memory , but I am not sure that "C:\Documents and Settings\..." are included into the Smart Scan

    The common report header of the latter says:

    Scan type: Smart Scan
    Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
    Scan archives: Off
    Heuristics: Off
    ADS Scan: On

    If I am wrong - I'll be corrected

    I'll try to run the latest version of CLS again and see what's going on

    Meanwhile you can fix the parameters and in addition produce a report , so the developers can see that the folders were scanned despite being present in the WhiteList. The easiest way is to place some files inside those folders that are definitely flagged by EAM like Eicar or TrojanSimulator

    In order to save report you can use redirection "> D:\AnyFolder\CLSreport.txt" at the end of the parameters set (where D is just any drive letter of your choice)

    My regards

  17. In that directory I see a2service.elf (24-Apr-2011, 1.614 KB) and A2SERVICE.old (29-Mar-2011, 2.794 KB), but NO a2service.exe...

    ...What might have caused this? A failed updated, or an attack by malware?

    Hi XIII,

    I've tested that on win7 x64 as promised

    There were no issues whatsoever EAM just updated automatically to v5.1.0.11

    That was definitely not "an attack by malware" - no doubts

    As for the failure of updating :rolleyes: - most likely

    <>.ELFs as far as I know, are crash report(s)

    Have you got any displayed , so you can send it to the developers?

    My regards

  18. XIII,

    Does OA History shows anything regarding the a2service ?

    Hi Guys!


    "OA History?" what do you mean by that?

    You probably know (or remember from previous posts) that XIII is running OA

    There is no info about his system. I see that he is running win 7 from what he'ev posted

    I will have access to win 7 x64 in about half an our (no OA there)

    Full EAM beta is in place . Will report back ...


  19. Hi elbasha bisso

    The problem here in the 1st place is - you did not provide the precise set of security you are running as it was asked in #2

    Sure, you have to run AV + decent 3rd party Firewall like OA

    As for "+ antimalware" , well EAM is full AV solution & anti-malware & behavioral blocker/ etc.

    "alot to try" as in "Other:" is quite unclear. At least please make all needed mutual exclusions involving AV(s) and OA..., have only one AV with real-time resident present, so your multiple security are not monitoring each other. You can avoid subsequent conflicts/clashes

    You did not answer the question by H_D #9

    Then, what Download manager in particular you are using?

    The answer by Malwarebytes is not convincing answer by any means (at least for my taste)

    Furthermore, as in you previous post you stated that you found that OA is responsible

    ...after i have installed online armor the problem backed to me...

    That is very unclear. Do you mean that in case Malwarebytes is uninstalled / or it's real-time protection is disabled you have some kinda new trouble related to you Download Manager(again which is what?) and OA?

    If so, please post into OA section of the forum.

    Considering that you will provide all information you were asked about here - you'll get professional help re: alleged conflict between OA and the mysterious Download Manager

    Anyways, again with Adobe site mentioned you should not have any troubles uninstalling/installing the latest Flash without using Download Manager, as H_D suggested. Please test that

    My regards

  20. Hi Georg, sorry for the delayed response

    1st I'm very glad that the matter was sorted out

    ...In the meantime I got an answer from Emsisoft... *Update: Got an answer - They removed the 2 Traces from their database*
    As posted above
    ...One of the cases where the detections of the Traces can be fired is When & IF the Software creates Registry Entries in some particular places known to be used by mal/spy-ware in the past. Sometimes that can be revised by the developers, sometimes it will stay "as is"

    The "highlighted happened" this time ;)

    you are really putting so much time and work into this. Thank you so much!
    You are welcome

    You were persistent in order to find the truth and you've got the result, That's laudable.

    Any help from volunteers would be practically impossible without user's right attitude, which eventually helps other users and the Software itself


  21. Hello again , elbasha bisso

    No <>.GIf was attached, but anyway as in my reply and in the post by H_D - please be more specific about what software is flagging Flash Update and attach the report, please

    What are you trying to download from FileHippo?

    That is quite reliable site, but anyway Flash updates can be and rather be downloaded from Adobe site, which actually was posted initially

    {added} I can see the GIF now, when using "Quote"

    That's Malwarebytes that is flagging it.

    In addition you are using real-time of MBAM as far as I can see. Sure it does not matter which browser is in place

    Please post that as False Positive request to MBAM developers in order to resolve the matter

    My regards

  • Create New...