Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then verify that Windows functions are being blocked. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder. Also, please let us know exactly what functions are being blocked (Internet access, services, startup items, etc).
  2. The cache folder will remain empty until an EAM client downloads updates, and then those updates will be cached by the update proxy. I assume you have the clients configured to use the update proxy?
  3. The stuff in the green box is in the System Restore, so just delete all previous restore points, and then turn it back on and create a new restore point. Instructions about how to do it are at the end of this post. Also, I hope I don't have to point out that those files are keygens, which are used for software piracy. Tools used for piracy can also have malicious code injected in them, and they tend to be dangerous to use. They are also illegal in many countries. Emptying the System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.
  4. That log didn't show what I expected, so lets get an anti-virus scan from ESET to see of we are missing anything: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  5. I have forwarded the information you sent me to our developers.
  6. Would you be able to give us any more information about that error? There is a way to save/export an error report from the Event Log Viewer, and you can send it to me in a private message.
  7. The exclusions can be used for a number of other issues, including repeated alerts about a program that does not need to be monitored.
  8. My apologies for not replying yesterday. This is a known issue, but gathering some more information about it might not be a bad idea. Here's the set of instructions that I had written earlier for collecting the information. The following instructions assume that you are collecting the information after the System Tray/Notification Area icon (he one that would normally be to the left of the clock) has disappeared, and before running the wizard. Please review both sets of instructions before trying them, as they will both need to be done at the same time, and I have not combined the instructions to account for that. DebugView Log Before running DebugView, a registry entry will need to be created that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator): After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Please make sure that Fiddler is ready before proceeding (steps 1-6 in the Fiddler log instructions below), as you will need to follow the instructions to set up a proxy in the Emsisoft Anti-Malware Wizard before running through the Wizard. After geting Fiddler ready and setting up the proxy settings in the Wizard, proceed through the Wizard normally. After you have finished with the Wizard, and see the Emsisoft Anti-Malware icon back in the System Tray/Notification Area you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. You can go ahead and send this log to me in a private message. Note: You may need to ZIP the log file in order to attach it to a message. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply. Fiddler Log Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch the Emsisoft Anti-Malware Wizard from the Emsisoft Anti-Malware icon on the Desktop. Click on the Connection settings link in the lower-left corner. Check the box that says Use proxy server. Enter localhost in the Proxy server field, and then enter 8888 in the port field. Click 'OK'. Continue with the Wizard normally. After completing the Wizard, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Please send the log to me in a private message.
  9. The quantity is for number of computers you want the license to cover.
  10. OK, lets get some logs from Online Armor. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with EAM (or simply wait for it to happen, if it is random). After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  11. I recommend adding the folder that the program is in to the Exclusions in Online Armor. Here are some instructions on adding a folder to the Exclusions list in Online Armor: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options' in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder you want to add, click on it to highlight it, and then click OK at the bottom. Close the Online Armor window.
  12. It is possible that it is related to a driver or perhaps to a program you have installed. Hopefully the logs will tell our developers what is going on.
  13. We may need to get more information on this to know what is happening. I see that your forum profile says you use Windows 7. Do you know if that is 32-bit or 64-bit? Also, after this issue happens, does EAM try to run the Wizard when you open it, or do you have to open EAM and go to 'Configuration' and then the 'License' tab to reenter your key?
  14. If you want to go ahead and purchase the discounted three-pack, I can merge that into your current Emsisoft Anti-Malware license. Just send me a private message on the forums (or send an e-mail to support) letting me know what license key you just purchased, and what license key you would like it to be merged into.
  15. OTL didn't delete everything the script told it to, so lets run a scan with a third-party utility just to make sure that we are not missing anything. Please download and install Malwarebytes' Anti-Malware from one of the three mirrors listed below (beware of excessive advertising on some of the download pages): Download From TechSpot Download From CNet's Download From MajorGeeks [*] When first running Malwarebytes' Anti-Malware, it will ask you if you want to operate it in a free trial mode. You can say no to this (the trial can be unlocked again at a later time if you want to try it). [*] Make sure to go to the Update tab and click the Check for Updates button to get the latest database. [*] Switch back to the Scanner tab and run a Quick Scan. [*] When it is done, remove anything it finds. [*] Whether or not it finds anything, you should be presented with a log in Notepad, which you should save to your desktop. [*] Attach the log you saved on your desktop to a reply for me to take a look at. You can attach files to a reply by clicking the More Reply Options to the lower-right of where you type in your reply. When the page loads, there will be a button right below the box to type in (on the left side) that says Choose Files... which will allow you to select the log file to attach it.
  16. RAM usage seems to be different for different people. That's higher than normal, but it's still smaller than the size of the database. Since the majority of the database is offloaded into the pagefile to save on RAM, it could simply be that more of the database has been loaded into RAM on your system (perhaps because it was needed when monitoring certain applications). It might be possible to lower the memory usage by adding your other security software to the whitelist in Emsisoft Anti-Malware as process exclusions, however as long as your computer still has plenty of free RAM, you shouldn't notice any problems.
  17. Updates are always initially downloaded from the Internet. The Update Proxy acts as a cache, and keeps a copy of the updates after the first time they are downloaded. The update should come from the Update Proxy's cache rather than from the Internet if the Update Proxy already has it in the cache. If an update is not already cached, then it will need to be downloaded before it can be cached.
  18. I don't know if they found the exact cause of the issue, but I do know that they hope to be able to resolve the issue. Assuming that they are able to include these changes in the next build, you may want to keep an eye on the beta updates changes forum for more information.
  19. I think most of it is cleaned up. There were just a couple of leftover entries in that OTL log that could be removed. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  20. Did removing Online Armor for several days make any difference?
  21. There is still a run entry for one of the malicious files. It looks like part of the infection hadn't been removed when ComboFix ran the first time, and it reinfected the computer after you had sent me the first ComboFix log. From the log, the run entry appears to be the only thing left, which we can remove with OTL. Please send me a fresh OTL log by following the instructions below (you can ignore the part about the "Extras" file, as OTL no longer saves that automatically every time you run it): Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  22. You're quite welcome. Since everything seems OK, I am going to go ahead and close this topic. Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.
  23. OK, I will forward it on to our developers as well. Edit: You may also want to disable debug mode, as those logs are getting pretty large.