GT500

Emsisoft Employee
  • Content Count

    10989
  • Joined

  • Days Won

    315

Everything posted by GT500

  1. After some testing, it looks like the the Flash plugin's BHO (Browser Helper Object) is loading as a randomly named temp file. I was able to stop it from popping up, however. I selected the checkbox to remember my decision, and I clicked the Allow button. I had to do that about 5 times before it stopped warning me about the temp file, however it no longer pops up now that I have done that.
  2. OK, I'll do some testing, and see if I can learn some more about this issue. It doesn't sound like it is related to an update, so I want to see if I can figure out why the Flash plugin is creating and running a randomly named temp file every time it loads. Theoretically, when the update is released to Online Armor that resolves the issue with installing/updating the Flash plugin, it should fix this as well. I will let you know more once I have had a chance to test this. BTW: Is your Windows Vista 32-bit or 64-bit?
  3. We like to think our software offers good protection, and there are a lot of reviewers who agree. As for detection rate, that can depend on where you get your samples from. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel . Click Add or Remove Programs . Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs . Click on Windows Update . If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it. Once it is loaded, click on the Express button. It will check for available updates, and once it is done you can click the Install Updates button. It may ask you to accept a license agreement before it installs, so make sure you say Yes . When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart. Note that the update process can take a while, and you may need to run it several times before all of the updates get installed. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on My Computer Select Properties from the list. In the window that pops up, click on the System Restore tab. Click the check box to Turn off System Restore . Click the Apply button at the bottom-right, and answer Yes to the question. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it. Click the check box to Turn off System Restore again and click OK to turn the System Restore back on. Click on the Start button again. Go to All Programs . Go to Accessories . Go to System Tools . Click on System Restore . Select Create a restore point on the right, and click Next at the bottom. Enter a description for the restore point, and click Create . Click Close to finish the process.
  4. Do you have the latest version of Adobe Flash installed?
  5. The largest file that Emsisoft Anti-Malware will not scan a file that is more than 64MB.
  6. That log looks pretty good. Lets get a virus scan just to make sure that I'm not missing something. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  7. Go ahead and run a scan with Emsisoft Anti-Malware (make sure to get all updates before running a scan), and let me know if it detects anything.
  8. OK, go ahead and scan with Emsisoft Anti-Malware (make sure to run the update first), and let me know if it detects anything.
  9. OK, we'll need to delete some of those detected files. I have written a script that will tell ComboFix which files to delete. Here are the instructions on what to do with the script again: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7831-i-have-malwarewin32amn/ KillAll:: Folder:: C:\Program Files (x86)\iMesh Applications [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). [*] Close Notepad and verify that the CFScript file is saved on your desktop. [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  10. If your topic gets closed, then just send me a private message, and I can reopen it.
  11. I've split this off into a new topic, since this looks like it is a different issue. I noticed this morning that Adobe added a new update mechanism here recently, and that must be what is being blocked. Please try downloading the latest version of Adobe Flash from this link, and let me know if installing it makes the notifications stop.
  12. Could you please take a screenshot of the issue, and attach it to a reply by using the More Reply Options button? Here's a link to instructions on taking a screenshot.
  13. That log didn't show any infections. Lets get some more information. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  14. OK, lets delete some of those files: 1. Please download The Avenger from this link, and make sure to save it on your Desktop. Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop 2. Copy all the text contained in the CODE box below, and it will be pasted into The Avenger in a later step (if you do not know how to copy and paste, then there are instructions at this link): Files to delete: C:\ProgramData\zmrykr0pwa.exe C:\Users\All Users\zmrykr0pwa.exe C:\Users\user\Desktop\t\Download\Utilitarios\unlocker1.8.7 (instalar para poder borrar directorios que se resisten al borrado normal).exe C:\Users\user\Downloads\SoftonicDownloader_para_any-video-converter.exe C:\Users\user\Downloads\SoftonicDownloader_para_bit-che.exe Note: the above code was created specifically for the person requesting assistance in this forum topic, and it is based entirely on the logs they supplied from their computer. No one else should attempt to run The Avenger with this script, as it may damage their computer! 3. Now, open the avenger folder on your desktop and start The Avenger program by double-clicking on its icon. Please paste the contents of the CODE box above (which you should have already copied) into the white box in The Avenger (see example picture below). Click on the Execute button in the low-right corner (see example picture below). Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please copy/paste the content of c:\avenger.txt into your reply, and we will go from there.
  15. As long as you have some sort of USB flash drive to copy your data to once you start your computer up off of the disk, then yes, that's all you need.
  16. That's just a file in the System Restore. I'll tell you how to empty the System Restore once we're certain your computer is clean.
  17. A flash drive or an external hard drive would still be needed to back up your data to. The Linux and UBCD4Win disks just provide your with an environment where you will be able to copy your data to a backup drive.
  18. You've never seen that "Open File - Security Warning" message before?
  19. Did you mark the Flash installer as an installer? So far, everyone else has said that marking it as Trusted and as Installer has resolved the issue, and you're the first to mention that the temp file isn't trusted.
  20. That's normal when you download an executable file using Internet Explorer. Just go ahead and click Run.
  21. High CPU usage during scanning is not abnormal. The amount of CPU usage can depend on how many cores your CPU has, and how quickly your CPU processes data.
  22. The log from the emergency scanner can be helpful, however if you could at least export the log from Emsisoft Anti-Malware showing the detection and attach it to a reply using the More Reply Options button, then that would be helpful as well.
  23. It looks like ComboFix cleaned up most of the infection on its own. Lets get a second opinion just to make sure. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  24. I like Linux, however UBCD4Win has so many utilities built into it that it can be an indispensable boot disk. In this case, Linux would have been easier, since it's just a free download. UBCD4Win is a version of Windows that Microsoft calls Windows PE, and the program that creates a UBCD4Win disk requires a Windows XP or Windows 2003 disk in order to create a UBCD4Win disk (it needs to be able to use the files that are on a Windows XP or Windows 2003 disk), so if you don't have a Windows XP or Windows 2003 disk then you will not be able to create a UBCD4Win disk.
  25. OK, that log looks better. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.