GT500

Emsisoft Employee
  • Content Count

    13194
  • Joined

  • Days Won

    406

Everything posted by GT500

  1. OK. Please let me know if you have any further issues.
  2. OK, lets get some debug logs from Emsisoft Anti-Malware. In order to do this, you will first need to run a batch file to enable debug logging. This batch file is contained in the ZIP archive at the this link (this ZIP archive also contains a batch file to disable debug logging). Please save that ZIP archive on your desktop, extract its contents, and then follow these instructions: Run the enable_debug_output batch file (if your computer has Windows Vista, Windows 7, or Windows 8 then please right-click on the batch file and select Run as administrator). You will see a black window pop up, and then disappear very quickly. After that happens, please restart your computer. Reproduce the issue you are having with the Host Rules list not populating. Once you have reproduced the issue, hold down the Windows key on the keyboard (the one with the Windows logo on it, usually in between the Ctrl and Alt keys) and tap the R key to open the Run dialog. Type the following into the Run dialog, and then click OK: %ALLUSERSPROFILE%\Emsisoft A window should open and you should see a Logs folder. Right-click on that Logs folder, go to Send to, and select Compressed (zipped) folder. Move the new ZIP archive you created with the logs folder in it to your desktop. Attach the ZIP archive containing the logs to a reply by using the More Reply Options button to the lower-right of where you type in your reply. Note: If you get an error message when trying to send the Logs folder to a Compressed (zipped) folder then you may need to try a utility such as 7-Zip or WinRar to compress the folder. Both 7-Zip and WinRar have options to create an archive and save it in another location (such as on your desktop), which should prevent the error message. Here are links to the download pages for 7-Zip and WinRar. After posting the debug logs, you can run the disable_debug_output batch file (be sure to run it as administrator as well) and restart your computer again to disable debug logging.
  3. Online Armor's HIPS will notify you about any suspicious behavior. Creating rules may not prevent an infection, since CryptoLocker creates a randomly named file in %APPDATA% (at least I'm fairly certain that's where it creates it).
  4. Lets get an OTL log, and see if it shows the cause of the issue. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  5. The OANET driver appears to be installed correctly. Have you installed all of the Windows Updates for Windows 8.1? There was an issue with the NDIS driver that came with Windows 8.1 which was fixed in an update on or around October 18th.
  6. I have forwarded your logs to our developers.
  7. What happens when you shut down SABnzbd and DoNotTrackMe/DoNotTrackPlus? Does shutting either of those down have any effect on Online Armor's CPU usage?
  8. Have you installed all of the Windows Updates for Windows 8.1 yet? There was a bug in the NDIS driver that caused issues with one of Online Armor's drivers, which I would believe was fixed in an update after Windows 8.1 was released.
  9. Do you use Microsoft Security Essentials, or any security software other than EAM and OA?
  10. Did you import a HOSTS file to supplement the Host Rules?
  11. For the update issue, restarting your computer usually clears that. In fact, because of that, I have not been able to get debug logs from anyone who has the issue. For the scan issue, please try uninstalling Emsisoft Anti-Malware, and then download Emsiclean from this link (save it on your desktop) and follow the instructions below: When running Emsiclean, you will first be presented with a disclaimer. You will need to accept this disclaimer to continue. Emsiclean will scan your computer for leftovers after the uninstall, and give you the option to remove what it finds. Please do not allow it to remove anything at this time. In the lower-right corner will be a button that says Close Emsisoft Clean. Click on that button to close the program without making any changes to your computer. Emsiclean will save a log on your desktop as it closes (it may take a moment for the log file to appear). Please attach that log to a reply for me to review (you can access the forum's attachment controls by clicking on the More Reply Options button to the lower-right of where you type in your reply). Yes, you can activate your license key on another computer. The only issues that you should have when doing this would happen if the computer it was originally activated on was still running and the license key was still in use on that computer, which shouldn't be the case here.
  12. OK, I'll send this to our developers, but lets get a Cleaning Engine Debug Log as well since I expect they will ask for one. Before begining, run the engine_disable_debug_output file from the last set of instructions to disable debug logging for scanning (be sure to run it as administrator), then follow the instructions below. I have attached a ZIP archive to the message named cleaning_engine_debug_output.zip which contains two batch files. One is named cleaning_engine_enable_debug_output and the other is named cleaning_engine_disable_debug_output. Please download this ZIP archive, extract the batch files, and run the cleaning_engine_enable_debug_output file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click and select to Run as administrator). After running the batch file, please restart your computer, and try your scan again. After Emsisoft Anti-Malware fails to delete the detected items, close the scanner, and then check the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) and there should be a file named clean.log (the files should be listed in alphabetical order). Please ZIP this file (if you do not have a program such as WinZip, 7-Zip, or WinRar then please right-click on the file, go to Send To, and select Compressed (zipped) folder) and make sure to save the ZIP archive on your desktop to make it easy to find. After that, please attach the ZIP archive with the clean.log file in it to a reply.
  13. You can also do this with the Task Scheduler in Windows 7, and perhaps Windows Vista as well (scheduled tasks can be set to start a certain number of seconds, minutes, hours, etc. after logon).
  14. Please send me a private message with your license key, and I will take a look in our system and see if I can find any issues.
  15. I have attached a ZIP archive to this message called check_oa_services.zip which contains a batch file with the same name. Please follow these instructions to run that batch file: Save the check_oa_services file on your desktop. Extract the check_oa_services file. Run the batch file that was inside it (if you are using Windows 8, Windows 7, or Vista please right-click on it and select to Run as administrator). When it is done, attach the file C:\oa_service_status_log to a reply for me to review (you can use the More Reply Options button in the lower-right to access the attachment controls).
  16. Lets start by getting an OTL log, and see if it shows the cause of the issue. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  17. I would believe Fabian explained this when he said the following: Online Armor, even in Banking Mode, trusts emsisoft.com because it needs to be able to contact that domain for certain aspects of the software to work. Part of our domain is dl.emsisoft.com, which the alias name of the CDN we use. However, we don't have our own CDN. Instead we use the services of a specialized CDN provider. Other companies use the same CDN provider. Two of these companies are Malwarebytes and SuperAntiSpyware. That means that both cdn.superantispyware.com as well as data-cdn.mbamupdates.com will refer to the same CDN provider we use, which means that more then likely when you contact either of these 3 completely different domains, you end up at the same server with the same IP. So how is that relevant? Remember that I said Online Armor trusts servers, not domains? Well, Online Armor knows that the server behind dl.emsisoft.com is trustworthy, so since cdn.superantispyware.com and data-cdn.mbamupdates.com point to the same server they must be trustworthy as well. To avoid unnecessary checks all the time, Online Armor will remember that fact and adds both domains as trust worthy as well and from now on pays special attention to both of them. Basically, what Fabian was trying to explain was this; Online Armor has a built-in list of trusted domains. One of those of course being emsisoft.com, and since some of the aliases (represented as subdomains of emsisoft.com) may resolve to a server (or more than one server) that other domain names resolve to, those domain names will automatically be trusted by Online Armor since they also resolve to a trusted server. Obviously there are more than two other vendors who use the same CDN we do, and obviously there would be more than two domains that automatically get added like this. Online Armor worked this way before the v7 update, it's just that you couldn't see these domains being added and you couldn't remove them. The update added transparency, so you can now see the process happen.
  18. Does it continue to happen after you restart your computer?
  19. We will probably need a scan engine debug log to see what is going on. I have attached a ZIP archive to the message which contains two batch files. One is named engine_enable_debug_output and the other is named engine_disable_debug_output. Please download this ZIP archive, extract the batch files, and run the engine_enable_debug_output file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click and select to Run as administrator): After running the batch file, please restart your computer, and try your scan again. Once it freezes, please check the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) and there should be a file named ScanEngineDebug.log (the files should be listed in alphabetical order). Please ZIP this file (if you do not have a program such as WinZip, 7-Zip, or WinRar then please right-click on the file, go to Send To, and select Compressed (zipped) folder) and make sure to save the ZIP archive on your desktop to make it easy to find. After that, please attach the ZIP archive with the ScanEngineDebug.log file in it to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  20. Our developers are working on the problem, however they do need to be able to reproduce the issue before they will be able to determine the cause.
  21. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with Banking Mode not working. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder. Note that RapidShare and BayFiles have been having issues lately, and we may not be able to download the files from them. If you have DropBox, Google Cloud Storage, or Microsoft SkyDrive then those services would be more reliable. Also, you can attach files to private messages on these forums, and I would believe the limit is up to 128MB, so if the file is smaller than 128MB then you can just attach it to a private message to me on these forums.
  22. Lets use Emsisoft BlitzBlank to delete the file. Please download Emsisoft BlitzBlank from this link, and be sure to save it on your desktop. Please also download the attached BlitzBlank_Script.txt file, and save it on your desktop as well, then follow the instructions below: Launch the Emsisoft BlitzBlank that you saved on your desktop. When it warns you that BlitzBlank is intended to be used by experts or with expert guidance, go ahead and click the 'OK' button. In the middle near the top you will see 4 small icons. Click the one on the left that sort of looks like a little folder with a piece of paper sticking out of it, and open the BlitzBlank_Script file you had saved on your desktop to load it into BlitzBlank. Click the "Execute Now" button in the lower-right hand corner to process the removal script. Your computer will need to be restarted to complete the removal process, so please allow BlitzBlank to restart your computer when it asks.
  23. It's possible that the Last Scan time is incorrect. Have you checked the scan logs to see when it last saved a scan log?
  24. The file appears to be an ActiveX control made by Exontrol Inc. I don't see any information that shows it is malicious, however it could be part of an undesirable or unwanted software of some sort. I do recommend that you go ahead and follow the instructions at this link and post the logs for us to look at, so that we can determine if there is any real infection on your computer.