Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please proceed with the instructions below for AdwCleaner and Junkware Removal Tool. Please download AdwCleaner and save it on your desktop. Close all open programs and internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Please attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer. Please download Junkware Removal Tool and save it on your desktop. Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Please attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Once you have run both of those tools, go ahead and run OTL again, and click the Run Scan button to get me a fresh OTL log, and attach that to a reply the same way you attached the other logs.
  2. I don't notice any major slowdown issues in my 64-bit testing environments. Does the same slowdown issue happen if you right-click on the Malwarebytes' Anti-Malware icon in the System Tray and uncheck the "Start with Windows" option?
  3. I have forwarded your logs on to our developers. Actually, we can't download those logs. It says "Download permission denied by uploader. (0b67c2f5)"
  4. May I ask what happens if you try to launch the Guard manually? You can do this through the Start menu, by going to All Programs, going to Emsisoft Anti-Malware, and then selecting the Emsisoft Anti-Malware Guard.
  5. After merging your two topics together, the forums are no longer allowing me access to download your attachments. If you still have the logs, could you please attach them to a reply again by using the More Reply Options button to the lower-right of where you type in your reply?
  6. It shouldn't be possible to exploit your computer or personally identify you with the SID number, so it is safe to post of the forums.
  7. You're quite welcome. Please let me know if you have any further issues.
  8. These look like legitimate GoogleUpdate.exe files, so I don't think there's anything to worry about here.
  9. A traditional anti-virus is still recommended, simply because it would help reduce the risk by supplementing with signature based detection. You are correct that any behavior that could be exhibited by a malicious software should be picked up by Mamutu, and as long as you answer the prompts correctly it will block any malicious process from performing those action.
  10. Your license should be fixed now. Also, if you ever have trouble receiving e-mails from our helpdesk, then you can log in at this link and check your tickets to see if there has been a reply.
  11. I see that Christian Peters has already replied to your e-mail through our helpdesk. I left a note for him that you also have a topic on the forums.
  12. Since attempting to assist more than one person in the same topic can cause us to inadvertently overlook someone, I have split your post into a new topic. We also ask that, in the future, you create a new topic on the forums when asking for assistance so that it is easier for us to assist you. I have found an Emsisoft Anti-Malware license associated with your account in our Customer Center, and I have sent an e-mail to our Sales Manager about this. Would you prefer that we reply to you here on the forums, or via the helpdesk?
  13. OK, I have a little bit more information. The detection was from BitDefender's engine, and I have been told that they have fixed this in their database. You will see this be resolved as soon as you get the BitDefender database update that resolves the false positive.
  14. I'm talking with the research team about this right now. They do have a fix for the false positive, and they hope to have that fix available as an update soon.
  15. That depends on where you saw this GoogleUpdate.exe in HiJackFree. In most of the 'Autoruns' categories, you can right-click and select to edit the autorun in order to see the full path to the file.
  16. Do you actually have an archive of some sort that is greater than 64MB which contains an infected file?
  17. The Fiddler log showed that Emsisoft Anti-Malware was able to connect to our update servers and download the list of updates, which means that the update should be working. We're going to need a DebugView log to determine what is going on. Before we can get that, we'll need to set a registry entry that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator): After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Before running DebugView, you will need to add a process exclusion to Emsisoft Anti-Malware to prevent crashing issues. Here are the instructions: Please go ahead and open Emsisoft Anti-Malware from the icon on the desktop. click on Guard in the menu on the left. Go to the File Guard tab. Click on the Manage whitelist link on the left, just above 'Alerts'. On the left, under where it says Type, click on where it says File and change it to Process. Click in the white space to the right of where you just changed 'File' to 'Process', under where it says Item, and a little button with three dots on it will appear to the right. Click on the button with the three dots. Navigate to the folder where DebugView is saved (this should be on your desktop), select the Dbgview file, and click the Open button in the lower-right. Click OK at the bottom to save the settings, and then close Emsisoft Anti-Malware. Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). After selecting the options in the 'Capture' menu, click on the 'File' menu and select "Log to File As" and create a file on your desktop for it to save the log to. Try the update in Emsisoft Anti-Malware. After the update fails, restart your computer (you may need to hold down the power button for about 4 or 5 seconds to shut it down first), and make sure that the log was saved on your desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Send to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  18. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt)Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  19. May I ask what error message you are getting when you try to import them?
  20. Currently the majority of our translations are maintained by volunteers, and if we are lacking a translation then that usually means that we do not have a volunteer who maintains a translation for that language.
  21. You're quite welcome, and thank you for the compliment.
  22. That could be the legit GoogleUpdate, or it could be part of an infection. I'd need to see the full file path, and perhaps a VirusTotal analysis of the file in question before I could say for sure.
  23. You may have to add exclusions for Mamutu to Avira's anti-virus. We have an old set of instructions written back in March for adding exclusions. I don't know if anything has changed in regards to this process in the latest versions of Avira's anti-virus, however you can try them anyway and see if they work: Open the Avira Control Center from the icon on the desktop. In the menu on the left, under PC protection, click on Realtime Protection. In the upper-right corner, click on Configuration. If it asks you to enable expert mode, then click Yes. In the menu on the left, under Realtime Protection, click the little [+] icon to the left of Scan to reveal more options, and then click on Exceptions. Under Processes to be omitted by the Realtime Protection click on the ... button (the one that has three dots and no name). Navigate to the Mamutu main folder (normally C:\Program Files\Mamutu). Select the file to be excluded, and click on the Open button. Click the Add>> button just to the right to add the file to the list of excluded items. Repeat the last four steps until you have added each of the following files: a2service.exe mamutu.exe After adding all three files, click Apply at the bottom. Click the X button in the upper-right corner to close the Configuration window. Close Avira Antivirus Premium.
  24. Wikipedia's explanation is rather good, although a bit on the technical side. It is basically a fake network interface that your computer uses to redirect traffic back to your computer. The "loopback interface" is used when you type 'localhost' into your browser, or when you attempt to visit the address "" in your browser. Of course, the loopback interface works for all programs that can make use of your network/Internet connection. Some malware will act as a proxy server, and set the proxy settings in your browser to 'localhost' or "" in order to cause things such as search redirects, or prevent you from searching for help on the Internet.