GT500

Emsisoft Employee
  • Content Count

    11481
  • Joined

  • Days Won

    331

Everything posted by GT500

  1. Please note that, with the option to resolve addresses enabled, Online Armor is merely trying to guess what address should be displayed on the notification by checking DNS to see what domains names resolve to that IP address. In the case of 127.0.0.1 you can have countless domain names resolving to that address (hundreds, thousands, etc). Since the domain name displayed in the Online Armor notification is a guess, please note that you cannot attempt to find out what extension is the cause simply from the domain name. You will need to disable each extension one and a time to test and see if the notifications stop. That would involve a process such as this: Disable an extension. Close Firefox. Reopen Firefox, and wait for the notification to pop up. If there's no notification from Online Armor then you found the extension that was causing it, if the notification appears again then go back to step 1 and continue to repeat these 4 steps until you find out which extension is causing the notification. Please note that this is the only way, short of marking Firefox as 'Trusted' in Online Armor, of preventing these notifications. Extensions should be able to access information over the Internet through Firefox's API's even with those settings disabled. That's why it is important to ensure that extensions are safe, as they can be an exploit vector.
  2. My apologies for the slow response, and for the confusion. Technically there is no 'resizer' app. When you run Windows in Safe Mode, if the screen resolution is below 800x600 then Emsisoft Anti-Malware will attempt to change the screen resolution to 800x600 so that its program window will properly fit on the screen.
  3. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  4. Please post a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  5. Bad sectors on the hard drive? That explains everything. I should have asked you to do a full-sector scan on the chkdsk. Try the ESET scan again, and see if it completes: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  6. Also, please let me know what web browser you are using. We've had one or two others with this copy and paste issue, and we need more information to track down the cause. Right now we don't know if it is an issue with our forums, or an issue caused by an infection or a browser extension or something else that may be installed.
  7. Please get me a RogueKiller log by following the instructions below: Download RogueKiller from this link, and save it on your desktop. Run RogueKiller (please note that if it doesn't work the first time, you can try it again several times and it may start to work): On Windows XP make sure you are logged in as an administrator and double-click on the RogueKiller icon. On Windows 7 and Vista simply right-click on the RogueKiller icon, and select to Run as administrator. [*] Click the Scan button in the upper-right corner (don't worry about the rest of the options for now). [*] In the middle, on the left, it will tell you the status. When it says Scan Finished, then please close RogueKiller. It will warn you that nothing has been deleted and ask you if you want to quit, so be sure to click the Yes button. [*] There will be a new file and folder saved on your desktop. The folder (usually named RK_Quarantine) can be deleted. The file (usually named RKreport or RKreport[1]) contains the log. [*] Please attach the RKreport file to a reply by using the More Reply options button to the lower-right of where you type in your reply.
  8. OK, then you will probably have to rely on a Linux boot disk to perform the disk check. A Linux disk that supports the NTFS filesystem will automatically run a check on it if it detects a problem. I would believe they usually require a restart after performing the repairs, however I have not seen how it works on the newer Linux disks with the newer NTFS drivers and newer kernel versions.
  9. I've been talking to our developers, and they've let me know that Online Armor doesn't have the information to determine what domain your browser is trying to access at the time it blocks the connection (TCP/IP communication does not include domain names). Online Armor will attempt to guess a domain name by checking DNS to see what domain names resolve to that IP address, so please note that the domain name listed in the notification may not be accurate. I suggest that you try disabling your Firefox extensions one at a time until and test to see if one of them is the cause of the notifications.
  10. It's possible that it was not able to properly read from the System Restore, or that it was not able to write the files to the disk. Is the Command Prompt still not functioning properly?
  11. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please copy the contents of the following CODE box, and in OTL under the Custom Scans/Fixes box at the bottom, paste in what you just copied from the following CODE box: :OTL [2012/04/19 10:29:55 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-QxBxfLPlO5g7NX [2012/04/19 10:29:51 | 000,000,601 | -H-- | M] () -- C:\Users\jore\Desktop\SMART_HDD.lnk [2012/04/19 10:29:27 | 000,000,256 | -H-- | M] () -- C:\ProgramData\QxBxfLPlO5g7NX [2012/04/19 10:29:17 | 000,243,712 | -H-- | M] ( ) -- C:\ProgramData\QxBxfLPlO5g7NX.exe :Commands [EMPTYTEMP] Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  12. That log looks pretty good. ComboFix may have taken care of the infection on its own, however it would be best to get a second opinion just to make sure. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  13. That's interesting. Are you able to use the System Restore option from the CD?
  14. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  15. If, after the manufacturer's logo disappears, you see a black screen with the message "PRESS ANY KEY TO BOOT FROM CD/DVD" then that means that your computer is configured to start up off of a CD automatically, and you don't need to use the Boot Menu. Most computers are not configured to work this way, however it makes working with bootable disks much easier when a computer does work this way. Go ahead and load the recovery environment from the CD again, and then launch the Command Prompt and run the chkdsk /F C: to repair the filesystem on the hard drive.
  16. OK, insert the disk into the drive, and restart your computer. After the computer starts to power back on, and when you see the manufacturer's logo on the screen, it will say what button to press on your keyboard to access what is often called the Boot Menu. You will most likely need to press this button quickly once you find what button you need to press. When the Boot Menu opens, it will allow you to select what device to start your computer off of. Some Boot Menus list the CD drives by their model number, and a lot of CD and DVD drives have a model number that starts with the company name "TSSTCorp" or "TSST_Corp". Select your CD/DVD drive and allow the computer to start up off of it. You will be able to load the Command Prompt once it has finished starting up, and then run the chkdsk from there.
  17. Does it only happen when you are on a specific website, or does it happen regardless of what website you are browsing in Firefox?
  18. Were you able to create the Windows 7 Recovery Disk?
  19. As far as I know, the update that fixes this issue has not been released yet.
  20. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  21. That's not surprising. Until the infection is under control, then you won't be able to use your computer normally.
  22. Yes. If the infection does not interfere with the process, you'll be able to burn data to the disk.
  23. Yes, go ahead and run it as Administrator, and let me know if that works.
  24. Do you know why your computer keeps trying to connect to this iranian.ws domain? Does it only happen when you use Internet Explorer, Firefox, Chrome, or does it happen when you use all three? Does it happen even when you do not have an Internet browser open?