GT500

Emsisoft Employee
  • Content Count

    11593
  • Joined

  • Days Won

    337

Everything posted by GT500

  1. As an addendum to what I just posted, I spoke to Andrey about this, and he mentioned that KAV has a network filter driver (I think it acts as a sort of proxy) that prevents third-party firewalls from filtering network traffic, which is why OA did not warn you about the leaktest trying to access the network.
  2. My apologies for the confusion. My implication was more along the lines of pointing out that the HIPS in Online Armor attempted to block the leak test, which is technically a pass (since OA did detect it and did offer to prevent it from running). My question was intended to demonstrate that, had you selected to block it from running, that Online Armor would have protected you. As for why the firewall didn't warn you about the leak test, I would need to know more about this leak test before I knew why it wasn't blocked. (see below for explanation)
  3. Please hold down the Windows key on your keyboard (normally in between the Ctrl and Alt keys, with the little Windows logo on it) and tap the R key to open the Run dialog. Type services.msc into the field, and then click OK. This will open a list of services that are installed on your computer. Please scroll down until you find the Emsisoft Anti-Malware Service, right click on it, and select Properties. Make sure that the Startup type is set to Automatic, and then restart your computer. If that does not help, then please let me know.
  4. That will happen if you do not have administrative rights. To elevate the Task Manager to administrative rights, then you would need to click on the button in the lower-left of the Task Manager's Processes tab that says Show processes from all users.
  5. You don't need to disconnect the battery to shut it down when it is frozen. Just hold down the power button for about 4 or 5 seconds, and the vast majority of modern computers will immediately shut off. This function is intended as a bypass to the normal shutdown procedure, and should only be used when absolutely necessary, such as in the case of a system freeze where you cannot shut the computer down or continue to use it normally. As for causing problems with the log, that happens when the system freezes. There is a possibility that the log will not contain the information that our developers would need to debug the issue, however there should have been enough time to log the cause of the freeze before everything froze up completely. Since the log file is being replaced with a blank one, you can try starting your computer in Safe Mode With Networking (instructions at this link) after the scan causes the freeze and you shut your computer off, and see if that prevents the log from being overwritten.
  6. May I ask how you know that EAM was able to connect and get a license key? I don't see it saying anywhere in your video that it succeeded.
  7. OK, are you able to open Emsisoft Anti-Malware from the icon on your desktop, or from the Start menu? If so, then on the Security Status screen (which is normally the first one you see when you open Emsisoft Anti-Malware) it will list the status of Emsisoft Anti-Malware, and when you hold your mouse over File Guard, Behavior Blocker, and Surf Protection you will see an option to turn them off. They will turn red when they are off. If you have any trouble with that, then just follow the instructions at this link to start your computer in Safe Mode With Networking, and you should be able to run ComboFix in Safe Mode With Networking. Please note that ComboFix will need to download an update when it runs, as there will have been numerous updates to ComboFix since you first downloaded it. Please allow it to download the update.
  8. Our developers will most likely need to see an Engine Debug Log, which will tell them more information about what is going on. Here's another ZIP archive, which contains two batch files. One is named engine_enable_debug_output and the other is named engine_disable_debug_output. Please download this ZIP archive, extract the batch files, and run the engine_enable_debug_output file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click and select to Run as administrator): After running the batch file, please restart your computer, and try your scan again. Once the computer freezes, please restart it,and then check the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) and there should be a file named ScanEngineDebug.log (the files should be listed in alphabetical order). Please ZIP this file (if you do not have a program such as WinZip, 7-Zip, or WinRar then please right-click on the file, go to Send To, and select Compressed (zipped) folder) and make sure to save the ZIP archive on your desktop to make it easy to find. After that, please attach the ZIP archive with the ScanEngineDebug.log file in it to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  9. I would believe that the only way to do this is to manually add the file to the whitelist. Hopefully, if the feature request I submitted is implemented, it will add a way to do that directly from the results list.
  10. EAM will attempt to contact our license servers when you select the 30-day trial option, and if there are problems with the connection then that can cause the issue you experienced.
  11. Is there a little Emsisoft Anti-Malware icon in the lower-right corner of your screen, to the left of the clock somewhere? If so, then right-click on it, go to Guard state, and select to Disable all guards. You should be able to run ComboFix after that.
  12. I'm glad to hear that you were able to resolve your issue. Also, please note that, if you update to the latest version of Online Armor, that that should also resolve the issue if you were to experience it again.
  13. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  14. This appears to be a behavior based detection, and Online Armor is warning that it is attempting to "get screen content". If you trust this behavior in this module, then you can select to trust it in Online Armor. I talked with our developers about this, and they recommend checking the Programs list in Online Armor to see if this wscui.cpl file is listed there. Please open Online Armor, go to Programs in the menu on the left, unselect the option at the bottom to Hide trusted, and then you should be able to find it in the list. If it is there, please remove it from the list, and let us know if Online Armor notifies you again.
  15. I assume you've checked to make sure that consent.exe is not already in the list? If it is, then you should be able to click on the rule, and change it to 'Allowed' by clicking on the Allow button below the list.
  16. Please pardon my confusion, but it sounds like Online Armor passed the leak test. In a real-world situation, would you have clicked 'Allow' for an unknown application that seemed suspicious?
  17. My apologies, I just read a private message from someone letting me know that I posted the wrong set of instructions. I have edited my post, and it now has the correct instructions. If you followed my previous instructions, then you can simply remove the files you added to the Pirewall and Programs exceptions and then follow the new instructions.
  18. Assuming that you have not yet turned on Debug Mode in Online Armor, please put Online Armor in Advanced Mode, and in the Firewall options select Enable logging, Additional debug info, and All activity like in the screenshot below (if it's too small to read then you can click on it to make it bigger): After that, please restart your computer, and then try to reproduce your DNS issue again. Once you are confident that it has been successfully reproduced, please ZIP the logs folder and attach it to a private message for me to send to our developers. If you had already enabled Debug Mode, then please disable it, restart the computer, and delete the contents of the logs folder before following the instructions above. If you are not able to delete the contents of the logs folder, then you can shut down Online Armor to release any file locks that are preventing you from deleting files.
  19. Is it set to Allowed in the Firewall settings and Trusted in the Programs settings?
  20. Our developers have reviewed your logs, and they said that while the logs do indicate a slow startup time, they do not indicate the cause. They are suggesting that you exclude all of your other security software (including WinPatrol) from Online Armor, and that you exclude Online Armor from the rest of your security software. While I don't have instructions for each vendor's security software, I can give you a set of basic instructions for adding exclusions to Online Armor: Click on the 'Start' button, go to "All Programs", go to "Online Armor", and click on the Online Armor icon to open it. Click on 'Options' in the menu on the left. Go to the 'Exclusions' tab. Click on the 'Add' button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder that you wish to add to the exclusions list, click on it to highlight it, and then click 'OK' at the bottom. Close the Online Armor window.
  21. Is this happening for everyone on Windows 7? If so, then when the scan freezes, please open the task manager (either with Ctrl+Alt+Delete or Ctrl+Shift+Esc), switch to the Processes tab, make sure to click the button at the bottom that says Show processes from all users, and then find a2service.exe in the list. Once you find a2service.exe please right-click on it, and select Create Dump File. This will save the scanner's memory to a dump file in one of your temporary folders. When it is done, a message will pop up telling you where it was saved. Please make a note of the path to this file, and then click the Start button, go to Computer, and navigate to the folder that contains the dump file (there will probably be a lot of other stuff in there as well, however it should all be listed in alphabetical order). You can cut and paste (or drag and drop) the dump file onto your desktop, and then ZIP it (if you don't have WinZip, WinRar, or 7-Zip then you can right-click on it, go to Send To, and select Compressed (zipped) folder). Please upload this zipped dump file to a website such as RapidShare/DepositFiles/BayFiles/etc. and then copy and paste the link to download the file into a reply (you can also send it to me in a private message), and I'll pass it on to our developers.
  22. I talked with our developers about this, and the cause is simply that Emsisoft Anti-Malware was unable to get license information from our license servers. This can be caused by an unreliable Internet connection, another program (such as a firewall) blocking the connection to our license servers, or even potentially (although very rarely) an issue with our license servers. In this cause, I would believe that Pars is correct, and that it is simply an issue with the Internet connection, since it appears to work correctly when run a second time.
  23. I assume you are doing it by logging in to our Customer Center? If not, please try logging in at this link and then go to Manage Licenses in the navigation menu on the left. If you license is not already registered with your Customer Center account, then you can register it from the Manage Licenses page. Please let me know if you have any trouble renewing via our Customer Center.
  24. The item detected in the log shows a small partition related to the TDSS rootkit. This partition can be removed by Kaspersky's TDSSKiller, however doing to can be dangerous, and there is a possibility that your computer may not start up properly after running the fix. Before I ask you to do this, I highly recommend that you make sure that you have current backups of all of your files (documents, pictures, etc). Also, I'm going to want to see a log from TDSSKiller to make sure that there are not other parts of the rootkit still on your computer. Here are the instructions for getting me the log: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  25. The logs are not showing any indication that Online Armor is interfering with DNS, nor are the showing anything to suggest that Online Armor is interfering with Virtual Box's networking drivers. Andrey says that the logs show ICMP packets passing through the firewall, as well as UDP packets on port 53 (which would be your DNS). Are you currently experiencing this issue with your fresh install of Online Armor?