GT500

Emsisoft Employee
  • Content Count

    11469
  • Joined

  • Days Won

    330

Everything posted by GT500

  1. Firstly, and more as an FYI than anything else, please note that you can ignore any advise given by MousePad. If you require any explanation about this, then please send me a private message. As for your issue, would you be willing to reinstall Emsisoft Anti-Malware 7 in order to assist us in gathering information to send to our developers?
  2. Lets take a look. Services.exe is indeed a part of Windows, however I would believe that the opening poster already knows this. Services.exe is the "Service Control Manager", which is a very important part of Windows. I would believe there are times that it will attempt to access the Internet, however it should still function properly even if Internet access is cut off. If services.exe is blocked from running, however, your computer will not continue to function. dllhost.exe is used to execute functions in certain DLL files, however not all DLL files that need to be executed via a separate program are executed by dllhost.exe (there's a lot more to dllhost.exe than just executing DLL files). Any system file can be replaced by an infection, or have malicious code injected into it. Modern rootkits don't actually need to resort to these methods, however, as they use even more advanced methods to perform their functions. Normally we do not recommend completely blocking any of these Microsoft programs from accessing the Internet, unless you want your computer to be completely isolated from all external networks (including your own home network). Blocking these programs from running will cause your computer to no longer function.
  3. svchost.exe is used for a lot of services. If you block it, you will block a lot more than just your browser's Internet access. For more information, Wikipedia has a fairly good article (although I do recommend checking Wikipedia's references to see where they are getting the information).
  4. Please uncheck the option to enable automatic updates, restart your computer, and then reenable it.
  5. In addition to those logs, our developers feel that it is possible that one or more of the services that Online Armor relies on may have been disabled, so we would like to see a log showing the status of each of those services. Please download the following file: This file is a ZIP archive that contains a batch file which will check the services and save the information to a text file that you can attach to a reply. Please extract this batch file from the ZIP archive and run it (if you are using Windows Vista or Windows 7 please right-click on it and select to Run as administrator). It will pop up a black window while it gathers the information (this process can take a few minutes), and when it is done the black window will disappear. Once it is done, you should find a text file named oa_service_status_log saved in the root of your C: drive (or whatever drive you have Windows installed on). Please use the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls, and then attach that oa_service_status_log file to a reply for us to review.
  6. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then verify that no active interfaces are found by Online Armor. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  7. It doesn't look like the scheduled updates are running (I don't see any "Automatic update" entries in the log). Please open Emsisoft Anti-Malware, go to Configuration in the menu on the left, go to the Automatic Updates tab, and make sure that Automatic Updates are enabled and that they are set to run at a specific interval, such as in the screenshot below (click to make it larger if you can't read it):
  8. I just checked my test setups, and none of them are having this issue. Could I see a copy of your update logs? You can save them as a text file by opening Emsisoft Anti-Malware, going to Logs in the menu on the left, going to the Update tab, and clicking the Export button. Please save a copy of the update logs on your desktop, and then attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  9. Currently there are no publicly available builds of Online Armor that support Windows 8, and we do not have an ETA on Windows 8 support.
  10. First, please allow me to apologize for taking so long to reply. I spent a few days away from the forums last week, which is why I haven't answered you in so long. I don't see that anyone has asked for logs, so lets do that so that Andrey can look at them, and hopefully gather some information on what might be causing the issue. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with Firefox and Online Armor. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  11. I would believe that an uninstall of EAM 7, a reboot of the computer, and then an install of EAM 6 would be all that you need to downgrade. Would it be possible for you to post the log from the scan? If EAM 7 deleted something that caused problems, then our research team should probably be informed about it.
  12. I will try testing this in a virtual machine as soon as possible. I assume that you have Service Pack 1 for Windows 7 installed?
  13. We'll probably need a DebugView log to see what is going on. Before we can get that, we'll need to set a registry entry that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file eam_enable_debug_output.zip contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file: After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Do whatever it is you need to in order to replicate the issue. After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  14. Quite true. While browser-based blocking does tend to slow down your browser a little bit, it can also be quite effective, and I am not aware of any issues where it would be a needless redundancy. Of course, please don't forget that you have the option to import rules into EAM in the form of a HOSTS file (which, for those who want the protection of hpHosts or MVPS HOSTS without the disadvantages of installing a large HOSTS file in Windows, then you can simply import it into EAM and use it to supplement our own rules). You should also be able to use this to block advertising sites rather than using a browser-based ad blocker, however I have never testing this to see if there would be any less impact on browsing performance.
  15. There is no official ETA yet for the final release of EAM 7 (at least none that I am aware of). Right now, our developers are working very hard to get it done as soon as possible, so hopefully it won't be too long of a wait.
  16. I've been trying to test this (my virtual machines have been offline for a few days due to a power outage, but they did run for a couple of days before I had to shut them down. I'm firing them back up right now, and I'll see if any of them are showing the same issue. Since you never told me what version of Windows you are encountering this issue on I have been testing this on Windows XP Service Pack 3, Windows Vista Service Pack 2 (32-bit), Windows Vista Service Pack 2 (64-bit), Windows 7 Service Pack 1 (32-bit), and Windows 7 Service Pack 1 (64-bit) just to make sure that I was covering everything (well, everything except Windows 8, which I don't have the spare hard drive space to install right now). I will also need to know if you see any errors when you try to check for updates manually. We may need to have you send us a Fiddler log to see what is happening.
  17. If you need assistance cleaning up an infection, then please follow the instructions at this link (you can skip the part to run the EEK if you are not able to do so), and one of our malware removal experts will take a look at your logs.
  18. Doesn't avast! install a toolbar or some other browser extension in Firefox? That could be the source of the problem. Please check your Firefox extensions, and see if there is anything related to avast! in the list. You should be able to disable any extensions related to avast! in order to test this. Here's a link to instructions on how to check for and disable extensions in Firefox.
  19. No, it would not be redundant. The Surf Protection in Emsisoft Anti-Malware is based on domain names, while the IP blocking in Malwarebytes' Anti-Malware is based on IP addresses of servers known to harbor malicious content (so they block entire servers while we only block websites that are known to be malicious). Both technologies work in different ways to protect you, and both technologies are compatible. I use Malwarebytes' Anti-Malware (with real-time protection and IP blocking enabled) alongside Emsisoft Anti-Malware 7 and there are no issues that I have ever encountered. Just an FYI: Steven Burn of hpHosts has worked for Malwarebytes for several years, and he is the one who maintains their IP Block List.
  20. Just an FYI: Updated signatures should be available soon. Let us know if you don't start receiving database updates sometime tonight.
  21. Normally, downloading and installing Service Packs manually will work, even if your computer already has most of the updates contained in the Service Pack (and even if your computer already has the Service Pack installed). Here are the download links, since Microsoft has not made it easy to find the right ones (unless you know the operating system version number, which in this case is 6.1): Windows 7 x86 (32-bit) Service Pack 1 Windows 7 x64 (64-bit) Service Pack 1
  22. Yes, 1.4GB is a little on the large side, and I don't think there's a free file sharing service that would allow you to upload something that large. Fortunately, our developers are aware of the issue, and they are working on finding the cause of the crash.
  23. Does EAM say when the last successful update was? The opening post mentions that it says it was 4 days ago, however the rest of you seem to be concerned with the last modified date of the signature files. Just to verify, is everyone posting here actually experiencing the same issue that was reported in the opening post (where the "Last update" time listed on the Security Status screen is several days ago), or are the rest of you only seeing an issue with the last modified date of the signature files themselves?
  24. Yes, it should automatically disable the Windows Firewall, as the Windows Firewall is not compatible with third-party firewalls.
  25. We'll need a copy of the memory dump to be able to analyze it and determine what happened. Normally the file would be C:\WINDOWS\Memory.dmp however it will most likely be rather large in size, so you might need to use a service such as RapidShare, DepositFiles, BayFiles, or another similar website if your prefer, and then send me the link in a private message so that I can pass it along to our developers.