GT500

Emsisoft Employee
  • Content Count

    11529
  • Joined

  • Days Won

    334

Everything posted by GT500

  1. I've been running EAM 7 alongside MBAM, and there are no issues. I also installed the 1.65.0.1000 beta of MBAM last night, and updated EAM 7 to the latest beta version today. So far everything is working just like it did in EAM 6.x with previous versions of MBAM. As far as I can tell, the switch from the Ikarus engine to BitDefender's engine has not caused any changes in compatibility with other AV software (or at least it hasn't impaired it any). No actual installer has been created for EAM 7 yet (at least not that I am aware of). Right now the easiest way to get EAM 7 beta is to install EAM 6.6 and enable beta updates.
  2. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  3. Here are some instructions on adding Avira to the Exclusions list in Online Armor: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options' in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the Avira Desktop folder (usually C:\Program Files\Avira\AntiVir Desktop), click on it to highlight it, and then click OK at the bottom. Close the Online Armor window.
  4. I would believe that version 4.0 would need to be removed in order to install 5.5, and your settings would not be retained.
  5. OK, our developers have taken a look at the message you posted for them, and they will look into a fix as soon as possible.
  6. Elise mentioned that SUPERAntiSpyware has been known to recreate some registry entries after they have been deleted, so it might be possible that one of your security softwares could be automatically restoring the entries after they are deleted. I know that Spybot Search & Destroy's TeaTimer used to do that as well.
  7. This user has opened a ticket on our helpdesk, so I will assist them there. Since I will be assisting them via the helpdesk, and since this user did not request malware removal assistance, I am closing this topic. Moose, please note that Arief, ShadowPuterDude, stapp, and myself can all reopen this topic if you need us to. If you want it reopened, then just let us know via a private message, or let me know via the helpdesk and I'll take care of it.
  8. It is not abnormal for popular e-mail providers to be difficult to get support from, and Microsoft is no exception. As for a key logger, it is a malicious program that logs every key you press on your keyboard, and reports it all back to whoever created it. On the subject of talking to Bill Gates, I am fairly certain that he retired a few year ago, although even if he did still work there it is doubtful that a company that large would allow the average customer to talk to their CEO.
  9. I've informed our developers of this, and they will take a look as soon as they are able to.
  10. GMER does not appear to be showing anything malicious or strange. I do not think there is an infection. I have a feeling that the behavior you are experiencing is most likely due to your security software. You can test this by disabling them one at a time to see if that resolves the issues you are experiencing.
  11. There are numerous ways that someone could have gained access to your account. It is fairly easy to replicate the look of the Microsoft MSN, Hotmail, LIVE, etc. login pages and fish for passwords. It is also possible that, if you tend to reuse the same password for multiple accounts, that someone who found your password for another service tried it on your e-mail account and got in. It is also possible that they were able to randomly guess your password, or even the answer to your security question. Of course, it is also possible that a key logger was responsible, however you should have been notified by the Behavior Blocker in Emsisoft Anti-Malware even if our real-time scanner does not detect it.
  12. The SHA256 hash looks correct to me, so I don't think the file has been modified. Lets assume for a moment that there is some sort of rootkit that is not being detected (and I have my doubts that this is the case). Please download GMER from this link. Note that the file will have a random name, so make note of the file's name and save it to the root of your C: drive. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file. Click on this link to see a list of programs that should be disabled while running GMER (please try to avoid the advertisements on that page). Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator") Allow the driver to load if asked. You may be prompted to scan immediately if it detects rootkit activity. If you are prompted to scan your system click "No", save the log and post back the results. If not prompted, click the "Rootkit/Malware" tab. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked. Select all drives that are connected to your system to be scanned. Click the Scan button to begin. (Please be patient as it can take some time to complete) When the scan is finished, click Save to save the scan results to your Desktop. Save the file as Results.log and please attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply (you may need to ZIP the log by right-clicking on it, going to Send to, and clicking on Compressed (zipped) folder before you can attach it). Exit the program and re-enable all active protection when done.
  13. Are there rules for Firefox to allow those ports?
  14. Are you referring to Symantec's PGP Desktop Home / PGP Desktop Professional?
  15. I am not seeing those entries created when running KillSwitch. The KillSwitch EXE appears to be about 7MB in size, so you can upload it to VirusTotal for analysis. Please do that, and then post the link for me so that I can take a look at it.
  16. According to System Lookup, those Tencent registry entries are created by "TencentAddressBar aka TCent adware - bundled with the Tencent QQ instant messaging client". It is not beyond the realm of possibility that COMODO might bundle toolbars with their products (I know they have in the past bundled them with their installers), however I don't think that they would bundle this particular toolbar. Where did you obtain this particular copy of COMODO's KillSwitch?
  17. Paranoid Mode causes Mamutu to ignore the digital signature from Microsoft, and report all behavior regardless of whether or not the file is known to be safe. In this case, since Process Explorer deleted the 64-bit executable while it is closing, you could try copying it to another folder, and then you would have a backup of the file that doesn't need to be extracted from the 32-bit EXE every time you run it.
  18. The context menu entry works OK with Windows Explorer, so there shouldn't be anything wrong with it. I'll ask our developers if they might know the reason for this.
  19. May I ask what software you used to create the virtual drive?
  20. I don't see anything in your logs that would suggest that there is a serious infection. That's because the registry entries are profile-specific, and OTL does not scan multiple profiles at once. Assuming the entries are exactly the same for each profile, then the fix should be able to remove it from each profile if you run it in each profile separately. Please run OTL again while Windows is running in Safe Mode, and attach the log to a reply. I want to see if it looks different when Windows is running in Safe Mode.
  21. The infections in question are persistent, unless something else is physically removing and recreating them. Technically, they are just registry entries that define addons for Internet Explorer, so if the files do not exist then there is no danger from the registry entries. They would just be useless leftovers, and not capable of causing any harm.
  22. Such technologies can cause problems with using your flash drive. You may wish to avoid such things. If there is an infection on a USB drive, then the behavior blocker in Emsisoft Anti-Malware should warn you if it attempts to run.
  23. Well, SystemLookup says that it is malicious, so lets see if we can verify that they have been deleted. Here's another OTL_Script: Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  24. Thank you. I will make sure that our developers are aware of this, and they will take a look at your log as soon as they are able to.
  25. Yes, the soso.com search is easy to remove. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.