Jump to content

Rob R.

  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Rob R.

  1. Version 7 Beta setup file is available now on the download page
  2. Mousepad, If you're not sure, why do you answer the question? kupo, I suggest reading this; http://onlinearmorpersonalfirewall.blogspot.nl/2009/06/online-armor-best-practices-1.html
  3. Emsisoft and Ikarus were in the top 5 for a long time at CRDF. One day i noticed Emsisoft disappeared from the list and a-squared was there with 0% score. I notified them and they fixed it. It happened again I gave up. The detected InstallCore files are most likely downloads from cnet or similar download sites with their own 'extra's'. Guess you can check what files were detected if you saved the log. Check custom scan options for the option to scan zip files.
  4. pds324, Please click the "More Reply Options' to be able to attach images or other files that are allowed. It may look like nothing changed, but there are more options available if you do. An application or a rule in your hosts file blocks a connection with piratebay. It's not really blocked but redirected to your localhost ( and a connection with piratebay is not possible. So, there's no connection made with the real piratebay host/server/website. That information (piratebay.org = is stored in your DNS cache. That's the same as = piratebay.org) If another application like Firefox or Roboform connects with your localhost (, and that's a common behaviour, Online Armor grabs the DNS information from cache. DNS cache will say that = piratebay.org or piratebay.org = and that domain is shown in the popup. While a connection with ip leads to nowhere except your own PC. For that reason you'll see piratebay.org mentioned as domain name in the popup. Your PC can't connect to the real piratebay.org server, it's blocked, redirected to your own system. If you trust a program, please mark it as a trusted program if the program wasn't trusted automatically. Just allowing a program to start doesn't make a program a trusted program, it would most likely generate more popups from Online Armor for every action that this still unknown program wants to perform. Whenever you change the default settings of Online Armor you should be prepared for a lot of popups. That's not a bug in Online Armor, it's your own choice. If Firefox and Roboform were trusted programs in Online Armor, the popups mentioned above would never show, unless other default options were changed.
  5. pds324, You may ignore the domain mentioned there (tracker.thepiratebay.org) if it's a connection with your localhost. Please read the information in this topic, that explains why you're seeing a domain like (tracker.thepiratebay.org) mentioned in that popup.
  6. Just checked with Emergency Kit and it seems the issue with the Ikarus update server is fixed.
  7. emc82, You don't need Mamutu. Mamutu is the same as the behavior blocker that is used by Emsisoft Anti-Malware.
  8. RickyTar, That weird autorun entry is indeed created by Adobe reader installer. More info here almost at the end of the page. It's easy to make a typo with those weird names and find no information at all. Better search for a partial file name like "CC!ReaderProgramFiles" and check if the results match.
  9. Queenslander, Open Options > License and click "To activate another key click here" Select Premium and that's it.
  10. I didn't find a real connection between soluto and cpuz135_x64.sys in a web search, just noticed both are mentioned a lot in the same logs and that's why i asked if Soluto is or was installed. If Soluto is still installed, i suggest to uninstall Soluto and check if this issue is solved by uninstalling Soluto. If you like to keep using Soluto, keep it You could check with Autoruns ( http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx ) why and how cpuz135_x64.sys (drivers tab?) is loaded.
  11. Is or was a program named Soluto installed? Does cpuz135_x64.sys show up in Online Armor Autoruns? If so, what information is shown if you rightclick the file and choose "Show file information"? Does cpuz135_x64.sys show up in Online Armor Programs? If so, what information is shown if you rightclick the file and choose "Show file information"? Did you search your hard drive for "CPUID" or for "cpuz135_x64.sys" ?
  12. DrBB01, Open Online Armor history. Find the line about "C:\Windows\ temp\cpuz135\cpuz135_x64.sys" wants to load. There is a (?) behind "C:\Windows\ temp\cpuz135\cpuz135_x64.sys" Press the (?) to find more information about this file in Emsisoft Anti-Malware Network. Copy the url from the webpage with information about the file, or copy the MD5 hash and paste it in your next reply.
  13. CLRS530, I think those popups are caused by a slow connection between your system and Emsisoft Anti-Malware Network. If the the community based alert reduction is enabled (enabled by default) and the information lookup takes a bit longer than usual, the popup appears. A second later or 0,3 seconds later the information from the community based alert reduction reached your machine and a rule is applied based on the settings and the popup disappears. You may check if this is the case by deselecting both "Create a rule to..." options from the community based alert reduction. The popup should not disappear automatically once both "Create a rule to..." options are deselected.
  14. It's a False Positive in HiJackFree only. If you copy the MD5 hash or SHA-1 hash and check it here: http://www.isthisfilesafe.com/ you'll most likely see that the program is OK.
  15. Seems like a False Positive, i see the same on my XP machine.
  16. ams963, If you rightclick a program in OA Programs and choose 'Open safer' it will only RunSafer once. There's no indication in OA Programs shown for that. If you select a program and click the "RunSafer" button, the program will RunSafer every time and the color will change to blue in OA Programs. In Advanced mode there's also a RunSafer recommendation for several programs.
  17. Hi Katoa, Welcome on Emsisoft forums. Please check this image, the freeware option is marked with a red arrow;
  18. Nick, DDA (Direct Disk Access) is used by default during the rootkit scan. Certain system areas including the MBR will be scanned with DDA enabled. There's no need to enable the Direct Disk Access for other parts of the harddisk, it will actually slow down the scan process and it's unlikely that malware is hidden in system areas that are not checked by the rootkit scan. I've seen the same behavior (DMA mode set to PIO mode by Windows) on an old test PC i use. I manually entered the fix as described at the end of the Microsoft webpage mentioned above and that fixed the issue on the old test PC. Make sure you have a backup of your registry before you try the fix as described on the MS webpage.
  19. Nick, Could you please check the harddisk DMA mode. It's possible that it is changed by Windows (without informing you about it) after time-outs or CRC errors. More information here: http://support.microsoft.com/kb/817472/en-us
  20. rc91 If a host is blocked and you're sure it shouldn't be blocked, edit the host rule for the domain. Open Guard > Host Rules 1. Select the built in list 2. Enter part of the domain name in the search field 3. Doubleclick the host (or select the host and use the 'Edit rule' button) 4. Choose the desired action Press OK The edited host rule for that domain is now removed from the built in list an can be found in your own host rule list.
  21. Are all the necessary Windows updates installed, including service pack 1?
  22. Elroy, I've sent you a PM (Personal Message).
  23. Trik, Did you test this several times? I didn't test on Windows 7 x64, but on my XP system CyberGhost works just fine with or without the "Filter Invalid MAC Address (According to IEEE OUI Listing)" option checked.
  • Create New...