Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. Any program that you trust can be added to Online Armor as Trusted, or added to the exclusions in Online Armor to be ignored completely by the HIPS and the firewall. Please note that you will probably need to disable Online Armor when running any of the utilities that I post instructions for, as most of these utilities check things or do things that Online Armor can interfere with. How long it takes can depend on the computer and whether or not the security software is running at the time. I think I forgot to add that to the instructions I posted for you, so that's probably why it took so long. If you disable Online Armor and Emsisoft Anti-Malware then it should run faster.
  2. Our developers will need a copy of your firewall logs in order to see what might be wrong. Could you please ZIP the logs folder (usually C:\Program Files\Online Armor\Logs) and send it to me in a Private Message?
  3. I don't recall any discussion about options on the history page being redundant. May I ask what options have been made redundant?
  4. Is it working OK for everyone else?
  5. Thank you. I have passed your remarks on to our management, and we will consider these issues in future versions of Emsisoft Anti-Malware.
  6. I see an "extended trial" license associated with your Customer Center account. Has someone already assisted you with this, or do you still need some help with your license?
  7. No, the list contains only certain infections classified as 'spyware'. There are a lot more types of malware detected by Emsisoft Anti-Malkware than what are on that list.
  8. Please send me a private message with your license key (don't post it in a reply to this topic), and I will check and see if there is anything wrong with it.
  9. I merged both of these together because the first step in debugging the issues you reported is to disabled EAM completely and see if that makes a difference, and since your other topic was about how to do that it made sense to merge the two together. The first step is to right-click on the System Tray/Notification Area icon for Emsisoft Anti-Malware (should be somewhere in the lower-right corner of the screen to the left of the clock), and select to Shut down Guard. After that, please hold down the Windows key on your keyboard (normally in between the Ctrl and Alt keys, with the little Windows logo on it) and tap the R key to open the Run dialog. Type services.msc into the field, and then click OK. This will open a list of services that are installed on your computer. Please scroll down until you find the Emsisoft Anti-Malware Service, right click on it, and select Stop. This will completely turn off Emsisoft Anti-Malware, allowing you to check and see if it was the cause of the issues. To turn Emsisoft Anti-Malware back on, right click on Emsisoft Anti-Malware Service again and select Start, then click on the Start button, go to Programs, go to Emsisoft Anti-Malware, and click on Emsisoft Anti-Malware Guard.
  10. You can uninstall and then reinstall from the CD if you want, however it will still need to be updated to the latest version in order to provide you with the best protection, so we usually recommend that you download the latest version of Emsisoft Anti-Malware from this link. As for the license key, it should be OK, however if it is not then please let me know.
  11. Do you know where the file came from? Was it something that you downloaded, or does it appear to have been created by another program? Also note that, if you cannot access the file normally in Windows to copy it or upload it, then you should be able to do so from a bootable disk (UBCD4Win, BartPE, Windows PE, Linux, etc). UBCD4Win and certain Linux Live CD's (such as Kubuntu and the KDE edition of Fedora) will be the easiest to use, and the Linux downloads are the easiest because the bootable disks based on Windows (such as UBCD4Win) require that you have a Windows XP disk in order to build the boot disk from the files on the Windows CD, whereas the Linux Live CD's you simply download and burn to a CD. You can also try starting the computer in Safe Mode With Networking, and see if you can access the file that way. Here's a link to instructions on how to do that.
  12. I would need to see error logs to know more about what is going on. Reinstalling tends to be the quicker solution to this issue, although sometimes Emsiclean needs to be run after uninstalling to remove leftovers before a successful reinstall (depending on what actually caused the issue). If you don't want to reinstall, then first I will need to see any errors in the Windows Event Logs pertaining to the Emsisoft Anti-Malware Service (a2service.exe) or any other components from Emsisoft Anti-Malware. To open the Event Viewer on Windows 7, simply click on the Start button and type event viewer in the search field, then click on Event Viewer in the list of search results. You will need to double-click on Windows Logs in the list on the left to expand it (see the screenshot below), and then look under the Application and System for errors related to a2service.exe or a2guard.exe (errors will be easy to distinguish from other log entries as you scroll through the event logs, and everything is sorted by date and time by default). When you find an error related to an Emsisoft Anti-Malware component, then right-click on it and click Save Selected Events (please change the Save as type to Text (Tab delimited)). You can attach these individual events from the Event Logs to a reply by going to More Reply Options to access the attachment controls.
  13. Aside from a lot of custom group policy settings, I am not seeing anything odd in that log. I'll assume that you changed those group policy settings yourself, and will ignore them for now. We will probably need a scan engine debug log to see what is going on. I have attached a ZIP archive to the message which contains two batch files. One is named engine_enable_debug_output and the other is named engine_disable_debug_output. Please download this ZIP archive, extract the batch files, and run the engine_enable_debug_output file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click and select to Run as administrator): After running the batch file, please restart your computer, and try to reproduce the performance issue when opening programs. After that, please check the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) and there should be a file named ScanEngineDebug.log (the files should be listed in alphabetical order). Please ZIP this file (if you do not have a program such as WinZip, 7-Zip, or WinRar then please right-click on the file, go to Send To, and select Compressed (zipped) folder) and make sure to save the ZIP archive on your desktop to make it easy to find. After that, please attach the ZIP archive with the ScanEngineDebug.log file in it to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  14. Unfortunately I am not able to speculate on why a particular file was or was not removed unless I can take a look at the file, and perhaps forward it on to our researchers and dev team for analysis. Would it be possible for you to upload the file to VirusTotal and send me the link to the analysis, or perhaps ZIP the file and send it to me in a private message?
  15. I just got a little more information about the Yahoo! issue, and it may just be a false positive. If this was just an accident on the part of one of our researchers, then they should have it fixed soon.
  16. That seems a bit odd, however I'd need to see the line from the log to know more. Since you are experiencing some odd issues, lets try a more generic system repair tool, and see if it helps: Please download Windows Repair (all in one) from this link. Install the program then run it. (note that it will occasionally need to restart your computer as you run through the steps below) Go to Step 2 and allow it to run CheckDisk by clicking on Do It button: Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button: (for Windows XP, if you do not have your Windows XP CD, then you will need to skip this step) Go to Step 4 and under "System Restore" click on Create button: Go to Start Repairs tab and click Start button. You don't want it to run through every fix in the list, so please ensure that ONLY items seen in the screenshot below are selected as seen in the screenshot (they're all checked by default, so uncheck the ones that are not checked in the screenshot below): If there are any fixes in the list that are not in the screenshot above, then please uncheck them as well. Click on box next to the Restart/Shutdown System When Finished (leave it set to Restart System just below that). Then click on Start to begin the repair process.
  17. Our developers are looking into this. Thank you for reporting it.
  18. Microsoft's EMET sounds like it was designed for use in corporate networks, however it also sounds like it would be usable by the average person (this is just an assumption based on the description on Microsoft's website, however, as I have not used it). As for whether or not it is needed, if it truly does what it claims, then it sounds like it would be useful at helping prevent infections. However, please note that this will not prevent infections that spread by "social engineering" (making you think the infection is something that you actually want to run on your computer).
  19. Were any of you able to get logs?
  20. I wasn't able to reproduce this on my computer (the tooltip looks normal to me). May I ask what version of Windows your computer is running?
  21. My apologies for the slow response. The issue could just be that the settings on the Emsisoft Anti-Malware Service were changed from Automatic Start, however the easiest solution is simply to reinstall Emsisoft Anti-Malware. Please go ahead and download the latest version from here and save it on your desktop, then uninstall Emsisoft Anti-Malware and restart your computer. After restarting, you should be able to reinstall from the file you saved on your desktop.
  22. Lets get some more information. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  23. Lets try ComboFix in Safe Mode With Networking one more time. Here's he link to instructions on starting your computer in Safe Mode With Networking. Here's a link to download the latest ComboFix. If it works this time, then attach the log to a reply. If not, then restart the computer in Safe Mode (as opposed to Safe Mode With Networking), and hold down the Ctrl key then tap the R key to open the run dialog. Type ComboFix /nombr and then click OK and see if ComboFix works OK that way.
  24. We have not been able to replicate this in our own testing, so our developers are going to need information and logs from computers where this is happening. They will need to see the settings file (C:\Program Files\Emsisoft Anti-Malware\a2settings.ini) and the logs (C:\Program Files\Emsisoft Anti-Malware\Logs\logs.db3) as well as DebugView and Fiddler logs. Instructions for DebugView and Fiddler logs are below. If you do have a chance to collect this information, then please send it to me via a private message rather than posting it publicly on the forums. The following instructions assume that you are collecting the information after the System Tray/Notification Area icon has disappeared, and before running the wizard. Please review both sets of instructions before trying them, as they will both need to be done at the same time, and I have not combined the instructions to account for that. DebugView Log Before running DebugView, a registry entry will need to be created that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator): After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Please make sure that Fiddler is ready before proceeding (steps 1-6 in the Fiddler log instructions below), as you will need to follow the instructions to set up a proxy in the Emsisoft Anti-Malware Wizard before running through the Wizard. After geting Fiddler ready and setting up the proxy settings in the Wizard, proceed through the Wizard normally. After you have finished with the Wizard, and see the Emsisoft Anti-Malware icon back in the System Tray/Notification Area you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. You can go ahead and send this log to me in a private message. Note: You may need to ZIP the log file in order to attach it to a message. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply. Fiddler Log Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch the Emsisoft Anti-Malware Wizard from the Emsisoft Anti-Malware icon on the Desktop. Click on the Connection settings link in the lower-left corner. Check the box that says Use proxy server. Enter localhost in the Proxy server field, and then enter 8888 in the port field. Click 'OK'. Continue with the Wizard normally. After completing the Wizard, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Please send the log to me in a private message.