GT500

Emsisoft Employee
  • Content Count

    12569
  • Joined

  • Days Won

    376

Everything posted by GT500

  1. Could you use Microsoft Paint to save the screenshot as a PNG (Portable Network Graphics) image, and then attach that? No need for a ZIP archive that way. You can open Microsoft Paint by clicking on the Start button, going to All Programs, going to Accessories, and clicking on Paint. Alternately you can hold down the Windows key on your keyboard (the one with the Windows logo on it, usually between the Ctrl and Alt keys) and tap R to open the Run dialog, then type mspaint into the field, and click the OK button.
  2. What happens if you Close and Shutdown Online Armor?
  3. It is possible that there are parts of TrendMicro that are executing from other folder. Lets get an OTL log to verify that. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  4. Please follow the instructions at this link, and one of our malware removal specialists will help you verify if your computer is infected. Please be sure to mention the issue with Online Armor updating and the issue with your e-mail account being compromised. Technically the error message about a2trust.dat being corrupt when updating is a cryptography issue, which means that it couldn't decode the file and is assuming it to be due to a corrupt file. There can be more than one cause for this particular issue, but since your e-mail account has been compromised your computer may have been as well, so it is best to let a malware removal expert have a look and verify whether or not that is the case before we proceed with debugging the Online Armor issue.
  5. That's OK. As for the latest minidump, it didn't contain any further information. Just the same data as the previous two.
  6. I can clearly see the line in the history showing the DLL file being blocked, so I will forward this on to our developers to see if they can shed any light on why this might be happening. While we wait for that, lets get a more detained log showing loadpoints. Please run RSIT by following the steps below: Download Random's System Information Tool (RSIT) from this link and save it on your desktop. Double click on the icon on your desktop for RSIT to run it. Click Continue at the disclaimer screen. Once it has finished, two logs will open in separate Notepad windows. Please make sure that those are saved on your desktop, and then attach them to a reply by using the More Reply Options button.
  7. The minidumps probably won't contain enough information to debug the issue, however I have passed the link on to Andrey so that he can take a look. Now that the BSoD has happened again, the MEMORY.DMP file should contain a full memory dump. It's going to be large, and you won't be able to compress it below 100MB, so you may need to look for a service with more storage space.
  8. Please open Online Armor, go to your History, and click the Export button to export your history. It will save it as a CSV file, which you can then ZIP and attach to a private message to me (I don't recommend posting it in a reply to this topic). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  9. Lets get some more information about loadpoints on your system, and see if we can find the cause of this notification in Online Armor. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  10. It looks like our developers didn't get the first message with the link to the dump. Not sure if that was a Skype issue or if it was something else. The minidumps say the BSoD originated in ntkrnlmp.exe, however it may just not contain enough information to trace the issue further than that. They are just minidumps, and don't necessarily contain all of the information about what happened. As for the memory.dmp file, it was corrupted, and we were not able to learn anything from it.
  11. My recommendation is to add your TrendMicro to the exclusions list in Online Armor. Here are some instructions for adding a folder to the Exclusions list in Online Armor: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder you want to add, click on it to highlight it, and then click OK at the bottom. Close the Online Armor window. I also recommend excluding Online Armor in TrendMicro. Here are the files that need to be excluded from protection in TrendMicro: oacat oahlp oasrv oaui These files are normally in C:\Program Files\Online Armor
  12. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  13. Our developers have asked for a DebugView log. Before running DebugView, we'll need to set a registry entry that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file eam_debug_output.zip contains two batch files. One of the will enable debug mode, and the other will disable it. Please download this file, extract the batch files from it, and run the batch file named eam_enable_debug_output (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator): After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Before running DebugView, you will need to add a process exclusion to Emsisoft Anti-Malware to prevent crashing issues. Here are the instructions: Please go ahead and open Emsisoft Anti-Malware from the icon on the desktop. click on Guard in the menu on the left. Go to the File Guard tab. Click on the Manage whitelist link on the left, just above 'Alerts'. On the left, under where it says Type, click on where it says File and change it to Process. Click in the white space to the right of where you just changed 'File' to 'Process', under where it says Item, and a little button with three dots on it will appear to the right. Click on the button with the three dots. Navigate to the folder where DebugView is saved (this should be on your desktop), select the Dbgview file, and click the Open button in the lower-right. Click OK at the bottom to save the settings, and then close Emsisoft Anti-Malware. Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Do whatever it is you need to in order to replicate the issue with the warning about changes to a program. After that, please go to 'File' and save the log on your desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Send to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply. After that, you can run the eam_disable_debug_output batch file to disable debug mode. Note that your computer will need to be restarted after running the batch file.
  14. If we were to combine all of the database updates into a single file client-side, then it would use a lot of CPU time during the update process. It could potentially cause performance issues on peoples' computers every hour or two throughout the day.
  15. You're quite welcome. Note that if you want to downgrade back to the latest stable version, that you can do so by disabling beta updates, and then checking for updates.
  16. I haven't received a reply yet. I'll send Andrey an e-mail and see if he has had a chance to take a look at it.
  17. I'm glad that you were able to figure it out. Please let me know if you have any further issues.
  18. Would it be possible for you to send me a private message with the connection log from OpenVPN? Also, if you could open Online Armor, go to Options in the menu on the left, switch to Advanced mode if you have Online Armor Premium, then go to the Firewall tab, and enable the firewall logs with additional debugging information so that Online Armor will log connection information. After that, connect to your VPN the same way you normally would, and after you have verified that your real IP address is being displayed rather than your VPN address you can close the VPN connection. To collect the firewall logs, go to C:\Program Files\Online Armor and right-click on the Logs folder, go to Send to, and select Compressed (zipped) folder to ZIP the Logs folder. You can then attach that ZIP archive to a private message to me as well.
  19. The Guard is only available in the Premium version and in the free trial. The free scanner only has scanning abilities, and thus you would not have access to any of the controls for the Guard.
  20. I wish that was the case. We'd never have to worry about malware again. The problem is that new malware is released constantly, and our research team has to constantly add new things to the database. Heuristics are used to reduce the number of new signatures, but when there are thousands of new malicious files found every day it is impossible to cover all future variants of every infection with heuristics, and of course even if it was new types of malware would still need to be handled by new signatures. Of course, that doesn't mean that the database cannot be periodically cleaned up, and this is something that our research team has done several times since Emsisoft Anti-Malware 7 was released (note that Emsisoft Emergency Kit shares the same database with Emsisoft Anti-Malware), and I am sure that our research team will continue to do it when they feel it is needed.
  21. No, it should not reduce security. I was merely saying that it is not intended to increase security.
  22. Please open Online Armor, go to Programs in the menu on the left, and uncheck the Hide trusted option below the list. After that, please look through the list to make sure that the following files are Trusted and Allowed. openvpn.exe openvpn-gui-1.0.3.exe Note that the 1.0.3 in openvpn-gui-1.0.3.exe is the version number, and that the number will most likely be different on your computer.