Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. Andrey mentioned that it doesn't make sense that kedit should be trying to access csrss.exe (you may have to ask the guys who made kedit why it's doing that). The only recommendation he made was adding exclusions to Online Armor fro kedit, and see if that resolves the issue.
  2. OK, I just sent Andrey the links via Skype. He'll take a look at them as soon as he can.
  3. Run Safer lowers the rights of an application to that of a limited user, and so the security advantage is no greater than logging on to your computer as a limited user. The UAC in newer versions of Windows has made the feature less necessary, as applications running under the UAC do not have the rights to change system settings without being given elevated permissions. Technically the technology is not completely obsolete, as Windows XP users do not have as easy of a system for reducing the rights of a running application like users of newer versions of Windows that include the UAC, and some users of newer versions of Windows prefer to completely disable the UAC in order to avoid being presented with that popup asking for permission to elevate the rights of a program that needs administrative rights on the computer. As for Banking Mode, both Online Armor and Emsisoft Anti-Malware contain mechanisms to protect your computer against the types of threats that would pose an issue when you are doing your online banking, so one could argue that Banking Mode is a bit redundant. As for whether or not it is obsolete, I'll have to leave that one to Fabian to answer.
  4. Here's instructions to uninstall ComboFix. Hold down the Windows key on your keyboard (it has the little Windows logo on it, next to the Ctrl key) and press R to open the Run dialog. Type ComboFix /Uninstall in the field (make sure to leave a space just before the /) and then click OK ComboFix should take care of the rest. Everything else you can just delete from your desktop.
  5. I'm glad you were able to find your answer. Please let us know if you have any more questions.
  6. I'm confused. I don't have a private message from you on the 16th of March, the last one I have from you was sent on May 26th and last replied to on May 28th, and I cannot find in my history of sent messages an e-mail to Andrey on March 18th or a message to him over Skype... I find this even more odd since I normally would send the logs before replying and saying that I had sent them... Do you still have a copy of the private message you sent me with the logs? I'll resend them and see if Andrey received them the first time.
  7. Please send me a private message with the license key, and I'll take a look at it in our system.
  8. When a new version of an application is released, then it won't have the same SHA1 hash, and thus would not be recognized as safe. As people allow or block the updated file, that will be reflected on our Cloud system for Mamutu, and once a large enough number of people have selected to either block or allow it, then an automatic decision will be made (unless you tweak to settings in Mamutu to prevent that).
  9. OK, lets get an OTL log and see if there might be something that Online Armor is conflicting with. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  10. According to Microsoft, Event ID 26 happens when "you log off from a server that has Terminal Server enabled in Windows Server 2003 SP1", but I don't think that has anything to do with this. does not appear to have information on that exact error message for that Event ID and Source. As for Event ID 592 with the Source 'security', says that this is just telling you that a process by the name a2guard.exe has been created, and these entires are only logged when the "Audit process tracking" audit policy is set to audit the creation of new processes. So, basically, this is just an informational report and not an error report. Event ID 528 / Source Security is just logging a successful logon, according to The only one you have to worry about is the first one, and I'd only worry about it if it was reproducible (if it isn't reproducible then we can't really debug it). It could have just been an odd fluke of some sort, since I am not aware of errors during updates that happen during startup. One thing you may want to do is check the Include subfolders box for the EAM exclusion in Online Armor. Since the database is stored in a subfolder, that could have had something to do with it.
  11. Please open Online Armor, click on Firewall in the menu on the left, look for chrome.exe on the list and make sure that it is not blocked. After that, click on Programs in the list on the left, and search for chrome.exe in the list. Make sure it is Trusted and Allowed. If you do not see it in the list, then uncheck the box below the list that says Hide trusted.
  12. Lets try this: Hold down the Windows key on your keyboard (the one with the little Windows logo on it, usually between the Ctrl and Alt keys) and tap the R key. Type control netconnections into the field and click OK. Right-click on your network connection (usually "Local Area Connection", unless it's wireless) and select Properties from the list. Make sure that OA Helper Driver is in the list. It will look like this (click on the picture to make it bigger): Let me know if that's there.
  13. That depends on when they can take a look at your logs. Hopefully it will be soon.
  14. Just uninstall it from the Properties of your network connection. When you click on it to highlight it in the list, you can click on the 'Uninstall' button below the list.
  15. I don't know of any reason why you should be concerned about iReboot having Internet access. Exclusions should be perfectly safe for that application, however you can mark it as Allowed and Trusted on the Programs list and Blocked on the Firewall list, which should achieve what you are wanting.
  16. It just means that the program performed a behavior that the Behavior Blocker in Emsisoft Anti-Malware will warn about. If you trust KeyScrambler, then you can allow the behavior that was detected, and you can select to Exclude it from protection in order to prevent it from being monitored again in the future.
  17. Lets try this: Uninstall Online Armor. Restart your computer twice. Look for the Online Armor folder in C:\Proram Files (x86), and delete it if it is there. Reinstall Online Armor while Windows is running in Safe Mode (instructions for starting Windows in Safe Mode are at this link).
  18. What happens if you uninstall the COMODO Internet Security Firewall Driver from the connection properties dialog?
  19. I don't think it did. Security software is often designed to shut down after other services, so it may have just been waiting on whatever was hanging to shut down.
  20. OK, assuming everything is working OK now, here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel. Click Uninstall a program. Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel. Click Uninstall a program. Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs. Click on Windows Update. Click Check for updates in the menu on the left (should be near the top). Once it is done checking for updates, click the Install updates button on the right. Make sure that if your computer wants to restart after the updates are done, that you allow it so. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.