GT500

Emsisoft Employee
  • Content Count

    12848
  • Joined

  • Days Won

    387

Everything posted by GT500

  1. What happens if you uninstall the COMODO Internet Security Firewall Driver from the connection properties dialog?
  2. I don't think it did. Security software is often designed to shut down after other services, so it may have just been waiting on whatever was hanging to shut down.
  3. OK, assuming everything is working OK now, here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel. Click Uninstall a program. Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel. Click Uninstall a program. Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs. Click on Windows Update. Click Check for updates in the menu on the left (should be near the top). Once it is done checking for updates, click the Install updates button on the right. Make sure that if your computer wants to restart after the updates are done, that you allow it so. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on Computer Select Properties from the list. In the window that pops up, click on the System protection link in the menu on the left. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button. Click the button near the bottom-right that says Delete to clear all System Restore data. Once finished, click OK to close that window. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point. Fill in a name for the restore point, and click the Create button. Once it is done, you can close the windows that were opened to get to the System Restore settings.
  4. Random names means that you can't anticipate what the next file name will be, so you won't be able to add it to the Programs list as Trusted. In order to prevent HIPS softwares from displaying notifications about these executables, AVAST will have to redesign their software to not run executables out of temp folders with random names.
  5. You can't add an exclusion for a single file, however you should be able to add those files to the Programs list as Trusted and Allowed, which may help resolve the issue. To do this, open Online Armor, go to Programs in the menu on the left, right-click in the list, and select Add.
  6. When you have a 3-PC license key and you activate it on one PC, that sets the start time for all three licenses on that key, so even though you only used it on one computer all three licenses expired. Since I can clearly see in our system that you only used it on one PC, and since you paid to be able to use it on three PC's, I will send you a private message with two 1-year license keys to replace the ones that weren't used.
  7. If you removed the exclusion, then Online Armor will monitor any executables running out of that folder. You can make sure that an executable is marked as Trusted and Allowed in the Programs list to prevent notifications from being displayed by Online Armor for that application.
  8. Do you have a way to search for and delete files from it? If so, please start your computer up from the disk. Some ransomwares likes to save their files in randomly named folders in one of the settings folders, so I recommend checking those first. If you look in the Users folder, you will see a folder for each active user account on the computer. This Users folder is normally in the C: drive (unless Windows is installed on another hard drive). If you look inside one of the folders for one of the user accounts on the computer, then you should find a folder inside named AppData (the folder is hidden normally but can often be seen from bootable disks). Inside that AppData folder is a folder named Local. Inside that Local folder is where you should look for a folder with a clearly random name (it will look like someone mashed a bunch of buttons on the keyboard when naming it). If you find a folder like that, then you can move it somewhere else, or you can rename it (I recommending adding something to the end of the folder name, such as .bak just in case you need to restore it later). You may also find some randomly named files as well in the Local folder, which I also recommend either moving or renaming. Note that infections like this may also like to save randomly named files or folders in the ProgramData folder, which you can also find in your C: drive. If you are able to find the infection and disable it, then go ahead and try the instructions for the Emsisoft Emergency Kit and OTL. If you are not able to, then let me know.
  9. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  10. OK, I've forwarded the logs to our developers.
  11. I have forwarded the logs to our developers, however I do recommend waiting to fix Online Armor until Kevin is done helping you with the infection on your computer.
  12. I assume that avast! Antivirus Free is the only other security software you have installed? We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with your network connection. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder. Note that RapidShare and BayFiles have been having issues lately, and we may not be able to download the files from them. If you have DropBox, Google Cloud Storage, or Microsoft SkyDrive then those services would be more reliable. Also, you can attach files to private messages on these forums, and I would believe the limit is up to 128MB, so if the file is smaller than 128MB then you can just attach it to a private message to me on these forums.
  13. I'm sorry, I should have told you to put Online Armor in Learning Mode after restarting. Online Armor really should be in Learning Mode whenever Windows Updates are installed, that way it learns the modifications to the System Files and doesn't ask you about them. Have you checked to see if both Opera and Firefox are Trusted and Allowed in the Programs list in Online Armor? It's possible that the crashes are just being caused by Adobe Flash (that plugin is horrible when it comes to stability), but we can do some checking to verify.
  14. Click on the Start button, go to Control Panel, click on Uninstall a program, and look for madCollection in the list. Once you find it, just double-click on it, and that should launch the uninstaller.
  15. Services are handled differently than normal applications. There is a specific order that they will start in, and I would believe they also shut down in a specific order. Normal applications begin closing once they receive the signal to terminate, which should be sent as soon as you tell Windows to shut down. Windows will wait until applications are able to save their data and terminate before it actually shuts down.
  16. You're quite welcome. Here's some final instructions for you: 1. Make Sure Java is Updated: Click on the Start button. Click on Control Panel. Click Add or Remove Programs. Look for Java in the list (should be alphabetical), and uninstall all versions of Java that you find listed. Click on this link and download and install the latest Java (the Windows Online download will be faster). 2. Make Sure Adobe Flash is Updated: Click on this link and download the latest version of Adobe Flash Player for your web browser. You will need to close your web browser when installing Flash. 3. Make Sure Adobe Acrobat Reader is Updated: Click on the Start button. Click on Control Panel. Click Add or Remove Programs. Look for any versions of Adobe Reader or Adobe Acrobat Reader in the list (should be alphabetical), and uninstall all of them (if you have Adobe Acrobat, which is the premium software from Adobe, then you do not need to uninstall it). Click on this link to go to the Adobe Reader download page, make sure to unselect any offers for toolbars or other free software, and download and install the latest version of Adobe Reader. (please note that some people do prefer to use third-party PDF viewers such as PDF X-Change Viewer and Foxit Reader which are not as commonly exploited as Adobe Reader, so if you would prefer to use one of those then you do not need to download and install Adobe Reader) 4. Make Sure Your Computer Has The Latest Windows Updates: Click on the Start button. Go to All Programs. Click on Windows Update. If you have never run Windows Update, then it will probably need to install an ActiveX control and update the Windows Update software before it can continue, so make sure you keep an eye out for that pale-yellow bar that pops up at the top of the page when Windows Update needs to install a new component, and click on the yellow bar and select to allow it. Once it is loaded, click on the Express button. It will check for available updates, and once it is done you can click the Install Updates button. It may ask you to accept a license agreement before it installs, so make sure you say Yes. When it is done installing updates, it may ask you to restart your computer, so close anything you are working on and allow it to restart. Note that the update process can take a while, and you may need to run it several times before all of the updates get installed. 5. Web Of Trust Extension: While this is not a requirement, I highly recommend that you click this link and check out the Web Of Trust extension for your web browser. It will add an extra layer of protection to your web browsing for free, and it is especially helpful when doing searches on Google, Yahoo!, Bing, etc. as it will point out what sites are considered trustworthy and what sites are not by drawing a colored circle to the right of each search result. Green means trusted, red means not trusted, yellow is in between, and white means it is not in Web Of Trust's database. 6. Empty The System Restore: Click on the Start button. Right-click on My Computer Select Properties from the list. In the window that pops up, click on the System Restore tab. Click the check box to Turn off System Restore. Click the Apply button at the bottom-right, and answer Yes to the question. Depending on how much data is saved in the System Restore, it could take more than a few minutes to empty it. Click the check box to Turn off System Restore again and click OK to turn the System Restore back on. Click on the Start button again. Go to All Programs. Go to Accessories. Go to System Tools. Click on System Restore. Select Create a restore point on the right, and click Next at the bottom. Enter a description for the restore point, and click Create. Click Close to finish the process.
  17. OK, I don't see evidence of Kazy modifying any of those registry entries. Lets get a scan log from a third-party just to make sure that we aren't missing anything. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  18. Assuming that all NeoSmart applications on your system are in subfolders of C:\Program Files\NeoSmart Technologies, then may I ask if you have tried adding that folder to the exclusions rather than just adding each folder individually?
  19. You can find instructions for adding exclusions to Malwarebytes Anti-Malware at this link. They start at section E and go through section K. You can follow those instructions for adding files to the Ignore List in Malwarebytes Anti-Malware, and for Emsisoft Anti-Malware you would want to add the following files: a2guard.exe a2service.exe a2start.exe On 64-bit editions of Windows those files should be in the following folder: C:\Program Files (x86}\Emsisoft Anti-Malware As for ZoneAlarm, you'll find some very basic instructions at this link on how to "Exclude trusted files from being scanned".
  20. That's looking better. Lets check to see if there are some modified registry entries that will need to be repaired. We'll use OTL for this scan, but we're going to paste something into the Custom Scans/Fixes box before we run the scan. Go ahead and lunch OTL, and then copy and paste the contents of the following box into the Custom Scans/Fixes box at the bottom of the OTL window: HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s Note: If all of that appears on one line after you paste it into OTL, then let me know. Each line in the box should be on its own line in OTL.After pasting that into the Custom Scans/Fixes box in OTL, go ahead and click the Run Scan button and let it run its scan. When it's done, it will open the OTL log in Notepad, and save it on your desktop for you. Please attach that log to a reply for me to review.
  21. You're quite welcome. Since everything seems OK, I am going to go ahead and close this topic. Note: The instructions in this forum topic have been customized based on the logs posted by the person asking for assistance. Please do not attempt to follow any of the instructions in this forum topic, as they could cause damage to your computer. If you require assistance, please start here if you believe your computer is infected, and one of our experts will be happy to assist you by analyzing your logs.