GT500

Emsisoft Employee
  • Content Count

    11469
  • Joined

  • Days Won

    330

Everything posted by GT500

  1. The ZeroAccess infection persists. ComboFix may be required to remove it, although there is a possibility that since we already tried to use OTL that ComboFix may not be able to remove the entire infection. There should be a way to run ComboFix without it freezing. Please disable your anti-virus software (and any third-party firewall or anti-spyware software you have installed) and then hold down the Windows key on your keyboard (normally between the Ctrl and Alt keys, with the little Windows logo on it) and then tap the R key to open the Run dialog. Type ComboFix /nombr (note that there is a blank space in between 'ComboFix' and '/mrb' even though it might not look like it) into the field and then click OK, and make sure to allow the update. If it works this time, then please attach the log to a reply for me to review.
  2. Could you remove any rules/exclusions/etc that you have manually created for Sandboxie, and then get us some logs from a reboot where OA blocks Sandboxie from starting? You can create the logs by opening Online Armor, going to Options in the menu on the left, clicking the little check box to enable debug mode, restarting your computer, and then trying to reproducing your problem with Sandboxie. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  3. Does it change when there is a successful update?
  4. There's more wrong here than just an issue with EAM 7. Something other than EAM is preventing the dump from being saved. The disk check also should have worked fine. Do you have a blank CD and a CD burner installed in this computer? I also want to see some more information on your computer's software configuration, just in case something else is conflicting with EAM. Please run OTL by following the instructions below to get me a log: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  5. External drives would need to be scanned with a virus scanner, such as the Emsisoft Emergency Kit or Emsisoft Anti-Malware. After things are looking cleaned up I will also have you run a scan with a third-party anti-virus tool, just to make sure that we haven't missed anything, and this same tool can be used to scan your external drives. Yes, even if the databases for the two scanning engines in Emsisoft Anti-Malware do not contain definitions for the infection, the Behavior Blocker should warn you if a program is attempting to do something that is suspicious or dangerous. As for the OTL log, it looks much better. I am still seeing some signs of ZeroAccess, so lets try one more script and see if that takes care of it. Here's another cleanup script and the instructions again (please download the latest version of OTL from this link, even if you still have the one you downloaded previously). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  6. Have you checked to see if Sandboxie was trusted in Online Armor automatically? Did you install Sandboxie before you installed Online Armor, or after?
  7. May I ask what version of Online Armor you had this issue with? Was it Online Armor 5.5, or the new Online Armor 6?
  8. Please follow the instructions at this link to check your hard drive for errors, and let me know if that helps. You will most likely need to restart your computer to run the disk check.
  9. OK, I think I have enough information now. I have written a cleanup script for OTL (please download the latest version of OTL from this link, even if you still have the one you downloaded previously). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  10. Did you encounter this issue when installing Emsisoft Anti-Malware from a version 6.6 installer? Apparently, when the version 6.6 wizard downloads the verion 7 updates, it will also cause this issue where the protection doesn't activate and you need to run through the wizard again.
  11. That GMER log looks rather odd to me, and there's a ZeroAccess Check in your original OTL log that shows what I am certain is a ZeroAccess rootkit infection. The ZeroAccess Check information in the OTL log should be verifiable with Malwarebytes' Anti-Malware, so please run a scan with Malwarebytes' Anti-Malware by following the instructions below: Please download and install Malwarebytes' Anti-Malware from one of the three mirrors listed below (beware of excessive advertising on some of the download pages): Download From TechSpot Download From CNet's Download.com Download From MajorGeeks [*] When first running Malwarebytes' Anti-Malware, it will ask you if you want to operate it in a free trial mode. You can say no to this (the trial can be unlocked again at a later time if you want to try it). [*] Make sure to go to the Update tab and click the Check for Updates button to get the latest database. [*] Switch back to the Scanner tab and run a Quick Scan. [*] When it is done, please do not remove anything it detects for now. I want to see the log before I ask you to delete anything. [*] Whether or not it finds anything, you should be presented with a log in Notepad, which you should save to your desktop. [*] Attach the log you saved on your desktop to a reply for me to take a look at. You can attach files to a reply by clicking the More Reply Options to the lower-right of where you type in your reply. When the page loads, there will be a button right below the box to type in (on the left side) that says Choose Files... which will allow you to select the log file to attach it.
  12. Aside from some occasional issues with Google Chrome and SRWare Iron when running in a sandbox on Windows 7, there are normally no issues with Sandboxie and Online Armor.
  13. Thank you for confirming that, and please let us know if you have any more issues.
  14. Did adding exclusions to Online Armor help, or did it just improve on its own? Are you using any security software other than Emsisoft Anti-Malware, Online Armor, and WinPatrol?
  15. With admin rights, you shouldn't be seeing an "access is denied" error, unless something else is blocking it (or unless there's an issue with your hard drive). Please try shutting down Online Armor before trying to save the memory dump. You can do this by right-clicking on the Online Armor icon in the lower-right corner of the screen (somewhere to the left of the clock), and selecting to "close and shutdown" Online Armor.
  16. I will send you a private message with a new 30-day license key. Also, please note that the new version should have installed via the built-in updater. If it does not, then you should be able to start the update manually from within Emsisoft Anti-Malware.
  17. Unfortunately, that is one of the issues that we run into on an Internet forum. I have moved the off-topic post to its own topic. This suggests that it could be a filesystem issue, and perhaps checking the disk for errors might resolve it. It would be difficult to find the file without a full path, but if you are able to then you might want to try running a scan on just that file and see what happens.
  18. Are you getting any notifications from Emsisoft Anti-Malware or Online Armor while doing it? Do you have any security software installed other than Emsisoft Anti-Malware and Online Armor (other anti-virus, anti-spwyare, system settings protection, WinPatrol, etc)?
  19. TDSSKiller says there's no rootkit (at least none that it is capable of detecting). Lets get a scan from GMER, because I don't think I believe what TDSSKiller is saying. Please download GMER from this link. Note that the file will have a random name, so make note of the file's name and save it to the root of your C: drive. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file. Click on this link to see a list of programs that should be disabled while running GMER (please try to avoid the advertisements on that page). Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator") Allow the driver to load if asked. You may be prompted to scan immediately if it detects rootkit activity. If you are prompted to scan your system click "No", save the log and post back the results. If not prompted, click the "Rootkit/Malware" tab. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked. Select all drives that are connected to your system to be scanned. Click the Scan button to begin. (Please be patient as it can take some time to complete) When the scan is finished, click Save to save the scan results to your Desktop. Save the file as Results.log and please attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply (you may need to ZIP the log by right-clicking on it, going to Send to, and clicking on Compressed (zipped) folder before you can attach it). Exit the program and re-enable all active protection when done.
  20. Technically, EAM isn't removed, it's just that the System Tray icon hasn't appeared and the protection hasn't started. As for a 'fix', it might be possible to change the behavior of the wizard so that some notification of the communication failure is mentioned, and thus you know that there was an issue. I'll have to run it by our developers and see what they think.
  21. Please try uninstalling Emsisoft Anti-Malware, and then download Emsiclean from this link (save it on your desktop) and follow the instructions below: When running Emsiclean, you will first be presented with a disclaimer. You will need to accept this disclaimer to continue. Emsiclean will scan your computer for leftovers after the uninstall, and give you the option to remove what it finds. Please do not allow it to remove anything at this time. In the lower-right corner will be a button that says Close Emsisoft Clean. Click on that button to close the program without making any changes to your computer. Emsiclean will save a log on your desktop as it closes (it may take a moment for the log file to appear). Please attach that log to a reply for me to review (you can access the forum's attachment controls by clicking on the More Reply Options button to the lower-right of where you type in your reply).
  22. If there is an infection, then that could be the cause. It could also be a conflict with something else you have installed. It isn't possible to accurately answer this question until we are certain that your computer is clean. By default, Windows will hide icons that it considers inactive. There should be a little button to click to show the hidden icons, and you should find that button just to the left of where those icons are normally located. As for ComboFix scanning for 2 hours, note that it should not normally take more than 10 or 15 minutes, and for it to go for longer than 30 minutes is abnormal. At that point, you can assume that something is interfering with ComboFix, and go ahead and close it and restart your computer. I don't see any security software other than Emsisoft Anti-Malware in your OTL log, so I am fairly certain that there is a rootkit interfering with ComboFix, and TDSSKiller's log should let me know if that is the case. It is normal for the Emsisoft Anti-Malware icon to not appear when Windows is in Safe Mode, because most services and startup items (which includes the ones for Emsisoftt Anti-Malware) do not run in Safe Mode. This is because Safe Mode is a special diagnostic mode intended for repairing issues with your computer, and it is not expected for you to use your computer normally while Windows is running in Safe Mode. If that is happening while Windows is running in Safe Mode, then it might just be because the service isn't running. If it is happening while Windows is running normally, then it is a problem, and assuming that I am correct about a rootkit then it is probably just another symptom of that infection. Virtual Memory errors are not uncommon with some infections, so this could just be another symptom of that. Technically, it is always a problem when seeing Virtual Memory errors, however since I'm fairly certain that your computer is infected with a rootkit then we merely need to verify that that is the case, and then do what is necessary to get rid of it. Assuming Windows was running in Normal mode, and assuming I am correct about a rootkit infection, then that could simply be the rootkit interfering with Emsisoft Anti-Malware. Part of the function of modern rootkits tends to be to disable anti-virus and anti-spyware software, or at least fool them into thinking that the computer is not infected. The main purpose of a rootkit is to keep an infection from being removed, so the rootkit itself is not normally the main infection, but is just being used to prevent you from doing anything about the infection.
  23. I'll address your questions in another post. First, I want to give you some instructions for getting me a TDSSKiller log: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.