Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by haiku

  1. Hi -


    O/S system: Windows 7 Ultimate 64-bit. Browser is Internet Explorer 10. Online Armor is version Premium Edition.


    My machine - used mainly for browsing & email - is rebooted every morning.


    Unfortunately this has not prevented the machine from slowing down as the day progresses, frequently requiring a reboot if one is to "regain" the speed.


    This evening I decided to check using Task Manager and discovered that OAsrv.exe *32 was running at 50% CPU utilisation with no applications - other than IE and the window required to create this message - running.


    A search of the forum showed that this problem has been raised in the past, unfortunately with no definite resolution.


    Your assistance would be appreciated.




    -- haiku

  2. I am running Windows 7 Ultimate (64 bit) along with OA Premium version


    Banking mode worked successfully until a couple of months back when, as the result of another problem, I completely removed / reinstalled OA. Since then - despite several efforts to "teach" OA - I have been unable to use banking mode.


    The problem is simple (?). Whenever I attempt to log in to the bank I receive a 'Service Unavailable' message-box, along with the following message: "Online Armor can not validate the status of www.standardbank.co.za because the trusted DNS server is unavailable"


    BTW the built-in Windows Firewall is turned off.


    Any suggestions greatly appreciated.






  3. Try starting your computer in Safe Mode, and see if you can turn off Microsoft Security Essentials while in Safe Mode (there should be an option to turn off real-time protection in the settings in Microsoft Security Essentials). Online Armor's settings are not accessible while the computer is running in Safe Mode.


    Seems to be working now, though OAMine did crash my machine <sigh>


    Will test for a couple of days before closing ....


    Many thanks for the assistance.

  4. Hi Arthur -


    May I respectfully suggest that, when asking a customer to run OTL, you also provide the settings that you require. It would have saved me a couple hours in fruitless searching for a solution as to why a scan wasn't generating the requested Extras.txt.


    That said:


    1, I removed the existing installation of Online Armor.

    2. Rebooted etc.

    3. I downloaded and installed the latest version of Online Armor.

    4. I excluded the Online Armor files in the Microsoft Security Client.

    5. Clicking on Online Armor completed the installation i.e. entering the registration code & updating the files.

    6. Online Armor requested a reboot i.e. before I could add the Microsoft Security Client's files to Online Armor.

    7. The computer hung on start-up, i.e. as before.

    8. I rebooted into safe mode and uninstalled Online Armor, then rebooted.

    9. The computer started normally.

    10, I ran OTL which, with the corrected settings, generated the Extras.txt.

    11. The results of the scan are attached.


    I don't know if this relevant, but with Online Armor files installed but deactivated, MIcrosoft's VPN connections no longer work. I have to remove Online Armor before the VPN will work.




    -- haiku

  5. Lets get an OTL log, and see if it shows the cause of the issue. Please run OTL by following the instructions below:

    • Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
    • Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
    • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
    • Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.



    Hi -


    I downloaded and ran OTL. Unfortunately I was unable to generate an Extras.txt.


    After failing to generate the Extras.txt file [after the first scan] I ran through the following steps (as recommended elsewhere):


    1. Ran a CHKDSK. No errors reported.

    2. Downloaded and ran AdwCleaner. Nothing significant was reported (see attached log).

    3. Downloaded and ran JRT. Nothing significant was reported (see attached log).

    4. Cleared the Application & System logs.

    5. Re-ran OTL using the parameters attached. Still no Extras.Txt


    NB: I rarely use the FireFox browser mentioned in the logs.


    Many thanks

  6. If you can't start your computer, then please try following the instructions at this link to start your computer in Safe Mode, and then uninstall Online Armor. If you can start your computer normally after that, then we can go from there.


    The problem lies with Online Armor and not Emsisoft Anti-Malware.


    I disabled (using MsConfig) the following:


    1. Service: Online Armor;

    2. Service: Online Armor Helper Service;

    3. StartUp: Emsisoft Online Armor (oaui.exe);


    I also disabled the OA Helper Driver in the local area connection properties.


    The Emsisoft Anti-Malware was left as was, i.e. enabled. 


    I am now able to successfully re-boot the computer.

  7. My apologies - I forgot to supply the requested technical data:


    1. O/S: Windows 7 64-bit Ultimate with service pack #1 installed.

    2. All Microsoft patches are installed.

    3. I can't start the PC to obtain the Online Armor & Emsisoft Anti-Malware versions. Is there any other method ?

    4. The Emsisoft Anti-Malware 'Signatures' directory shows the most recent file to be 20130917.sig dated 2013/09/17 17h18.

    5. The Online Armor 'Logs' directory shows the most recent log entry to be the following:


    [17/09/13 18:03:24]  1572/624  Executable: C:\Program Files (x86)\Online Armor\oasrv.exe
    [17/09/13 18:03:24]  1572/624     Version:
    [17/09/13 18:03:24]  1572/624  Command Line:
    [17/09/13 18:07:24]  1572/624  Hash: A54B4FBC24C4EDE34BEB5F8D8974752A
    [17/09/13 18:07:24]  1572/624  OS  Version: 6.1, Build: 7601
    [17/09/13 18:07:24]  1572/624  CDS Version: Service Pack 1
    [17/09/13 18:07:24]  1572/624  Win Version: Windows 7/64
    [17/09/13 18:07:24]  1572/624  -- Logging level: Both


    6. The Windows Firewall is disabled.

    7. I am not running any other anti-virus or anti-malware software.

  8. I run both Online Armor & Emsisoft Anti-Malware on a PC running Windows 7 Ultimate.


    This PC is rebooted every day as part of the overnight maintenance routines.


    Yesterday (Tuesday the 17th September) the PC refused to boot, hanging shortly after entry of the login password.


    The problem was eventually resolved by disabling both the Online Armor & Emsisoft Anti-Malware services.


    Given that the problem surfaced on Tuesday - i.e. no problems were experienced on Monday morning - I can only presume that the problem was caused by an update loaded during Monday.


    Your assistance would be appreciated.


    Kind regards.




    Enabling Beta updates is at your own risk! Beta updates may cause some unforseen issues, that's the reason why we're testing the Beta updates :)

    If you want to enable Beta updates you have to enable them in Configuration > Update settings.


    Thanks - will give it some consideration ...

  10. haiku,

    The information you're asking for should be available in the scan logs.


    1. Unless I am missing something - and I hope that I am - the scan logs unfortunately do not include information on when a scan was run e.g. date & time, scan type & results; and
    2. How do I configure the automatic action to be taken when malware is detected ?


    Many thanks

  11. I used the following instructions (posted in the forum) to create a custom scan for my daily scheduled scan.



    Please Open Emsisoft Anti-Malware and press Scan PC in the left menu. Now select Custom Scan. Configure the scan objects and settings you want.


    Now save the settings to a scansetting file.

    Now go back to the section Security Status. Press Configuration in the left menu and go to the tab Scheduled Scans. Enable the Option Use silent mode for scan process. Select your scansetting file with the open file dialog and press OK.


    Now the scheduled scan runs the scan configured in the scansetting file.



    My custom scan settings included the option "Scan for Tracking Cookies" which (I presume) should detect and remove unwanted cookies.


    After running the scheduled scan (last night) I re-ran the scan manually this morning and found that the manual scan reported 65 cookies, all rated "medium risk".



    1. How can I confirm that the scheduled scan ran (last night) as a "custom scan" using the correct scan settings file ?
    2. Why were the cookies not removed ?


    Many thanks

  12. When I originally purchased OA++ I purchased 2x licenses.

    Cleverbridge's document only included one reference number: Cleverbridge reference number <removed>.


    Product Name



    Online Armor ++ Firewall [1 Year]

    1 license - Including all software and signature updates


    It is now time to renew and so I would like to purchase two renewal licenses for a period of three years.

    Unfortunately the renewal 'wizard' refuses to allow me to change the quantity from one to two.

    Your assistance would be appreciated.

    EDIT: Can I use this opportunity to change to Internet Security Pack at the same time ?


  13. Hi -

    I re-ran OTL as per your request - please see attached log.

    I then updated the virus signatures and performed a full scan. The virus warnings were still present (see attachment PossibleViruses02.docx)

    I then took two of two completely different versions of sqlncli.msi - one from work and one from home, one 32-bit the other 64-bit, neither reporting a virus - and placed them on a USB drive.

    I then tested the two files using my 'main' PC - the PC exhibiting the problem.

    Both were immediately flagged as being infected.

    (This basically duplicates my previous experiment of restoring the files from a backup of my hard drive. The files, which were previously flagged as being OK by OA++, are now flagged as infected)

    I am reasonably sure that this is a false positive, but since my PC's are used in generating my income, I don't wish to take a chance.

    Incidentally, I am running Windows 7 64-bit Ultimate: could this cause any problems ?

    Kind regards

    -- rowan

  14. Hi -

    I copied your script into OTL.exe, then ran OTL. The program freaked (HTML in text box not good) so I transferred the script to a text editor, reformatted the text and reposted into OTL, then re-ran OTL. NB: I did not run the script specifically as administrator.

    OTL executed 100%, then rebooted - all OK.

    I then ran the OA++ virus scan: it reported all the previously infected files as still being infected.

    I am not sure where to find the scan logs, so I have archived all files marked with to-day's date: please see attached. Please let me know if I have the wrong files - with my luck ... 8)

    Kind regards

  15. I will follow your instructions when I return home from work this afternoon.

    Last night I recovered one of the files reported with a virus from a one month old backup, i.e. long before the infection was reported. A file compared showed that the existing & recovered files were identical. Last night's scan reported both files as infected. I am wondering if this is a false positive ?


    Run OTL.exe

    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O33 - MountPoints2\F\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launch.exe
      [2011/06/19 14:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
      [1 C:\Users\Rowan\*.tmp files -> C:\Users\Rowan\*.tmp -> ]
      [start Explorer]

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Attach the new log produced by OTL (C:\_OTL).

    Attach the scan log from OA++ as well. Screen shots though helpful for seeing what is going on, are not all that useful when composing malware removal fixes.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

  16. I am a registered user of Online Armor ++.

    On Sunday morning I awoke to find my overnight scan reporting two files infected with Virus.Win32.Tanatos!IK, my first virus in around two years.

    I took a screenshot of the AV Scan results screen (see attachment PossibleViruses.docx in the Virus Scares zip) then went about confirming that the files were in fact infected. This included:

    1. Scanning the files on an individual basis using Online Armor in right-click mode.

    2. Scanning the files with two opposition products.

    3. Performing a full scan using the EmsisoftEmergencyKit.

    All products reported zero infections.

    I eventually zipped the infected files, then went to bed 8).

    This morning my overnight scan reported five files as being infected: the two original files plus the three zips (see attachment Virus Check Number 2.docx in the Virus Scares zip). This makes sense it that it is unlikely that the virus signatures would have become compressed.

    So today I repeated the full scans using the EmsisoftEmergencyKit and OTL (see attached) and ask for your assistance.

    Kind regards

    -- haiku

    PS At no time has it been possible to quarantine the files. Is this always so ?

  • Create New...