Jump to content


  • Posts

  • Joined

  • Days Won


Everything posted by GT500

  1. For a lot of people who have reported this issue, restarting their computers seemed to temporarily resolve the issue. Please note that the issue will most likely reappear eventually.
  2. The new Emsisoft Anti-Malware and Emsisoft Internet Security should fit in 1024x768 (standard 4:3 like most old CRT monitors) or larger screen resolutions. As for Emsisoft Anti-Malware licenses, your old licenses should work just fine. If you want to try the Internet Security then please use the free trial for now, since Internet Security keys are not yet available for sale.
  3. I'm sorry, I wanted to establish whether or not it was the free version in order to rule out Advanced Mode, since having Online Armor in Advanced Mode means rules are not created automatically. Please try the following, and let me know if that helps: Uninstall Online Armor. Restart your computer twice. Download and reinstall Online Armor from this link.
  4. Does your computer have a lot of data on the hard drives, or perhaps another anti-virus software installed?
  5. From your opening post I assume you are using the free Online Armor? Online Armor should automatically create port rules for any program that is allowed in the firewall settings.
  6. Our developers will look at the bug report and make any changes they believe are necessary. Have you tried the stand-alone version available from here? If you run it as admin the first time, it installs a service, and since the service will run with admin rights and does all of the actual work, a2cmd.exe should be able to run from the Command Prompt without admin rights.
  7. If you open Online Armor and go to Programs in the list, are you able to find any files from Firefox or Adobe Flash in the list? If so, click on them to select them, and click the buttons to Allow and Trust them. The Flash plugin should be in the folder C:\Windows\system32\Macromed\Flash
  8. Those are Group Policies that can be abused by malware. If they exist, then they will be detected (regardless of whether the value is 1 or 0). I don't think Sandboxie would create those. It might be WSA, but you'd have to ask their support if it tries to create those registry values. It's also important to note that most company IT departments will set up computers with Group Policy restrictions to prevent people from doing certain things, but they generally do it through Active Directory on a domain controller (which means that sort of thing is usually done on a company computer that logs in to the company's network).
  9. There is a tool that is distributed with the Emsisoft Emergency Kit called BlitzBlank which allows for manual removal of files, folder, registry keys, and registry values. Please be careful when using this tool, as it can literally delete anything on your computer, which can cause some major problems. Emsisoft Emergency Kit is intended only as a free scanning and removal tool. If you want Internet control, then you would be better off with a firewall such as Online Armor.
  10. If it did run, then it wouldn't have access to make changes to most files on the system, so there wouldn't be much it could do. It might be able to delete things from the logged in user's profile directory (so from places like the desktop and My Documents folder), but nothing in the root of the C: drive would be accessible, nothing anywhere else on the hard drive would be accessible (it might be able to scan most of the files on the drive, but deletion would not be possible). BTW: We're hijacking this guy's topic with this conversation, so I'm moving it all to your original topic about this issue.
  11. Have you tried running the decryption tool on the infected computer? If that doesn't work, then you can try ShadowExplorer?
  12. That's an unrelated issue. Since the commandline scanner that comes bundled with the EEK doesn't use a service, it needs to be run from a elevated Command Prompt (a Command Prompt that has been launched with admin rights). The Emergency Kit Scanner also required admin rights, but since it is launched through Windows Explorer and it contains a manifest that tells Windows it needs admin rights, on Windows Vista and newer consent.exe will automatically run to check the certificate used to sign the Emergency Kit Scanner and ask you if you would like to give it permission to make changes to your computer. The behavior is different because of the way they are launched.
  13. If a domain name resolves to multiple IP addresses, then sometimes the Trusted DNS used by Online Armor will not return all of them. According to hpHosts the IP address in your screenshot is owned by Yahoo!.
  14. Technically RDP isn't a threat unless you turn it on (it is off by default in Windows). Also, incoming RDP traffic wouldn't make it past the Network Address Translation on most routers and modems, so this would only be an issue on connections that don't have NAT (such as 3G/4G "mobile broadband" connections). On top of that, Windows user accounts are required by RDP by default. If you have a single user account and no password, then it shouldn't work at all (at least on Windows 7). If you have a password, then someone connecting via RDP would need to know it. Obviously the security settings can be changed for the Remote Desktop Service, and there are older and potentially more vulnerable versions of Remote Desktop, however for these things to be changed without your knowledge then an infection would need to bypass the protection of Online Armor's HIPS and your anti-virus software. There's also the fact that RDP is one of the most widely used remote access protocols, and blocking it would be unacceptable to a great many people and businesses.
  15. I just updated the EEK on my Windows 7 x64 system, and then ran a quick scan in A2CMD: Have you tried disabling any security software to see if the scan runs unimpeded?
  16. Yes, there are a number of people who are having the issue with not being able to remove tracking cookies.
  17. No, I just wanted to see the server's response when the error happened to see if I could figure out what was going on. Now that the issue has stopped happening, there's no error messages that will appear in the Fiddler log.
  18. TLEM is an Online Armor driver (specifically the one used to filter network traffic, aka "OA Helper Driver"). The license information is retrieved off of our license servers, and then saved in the a2settings file. That's why it is showing the correct number of days this time. Deleting the file and allowing it to be recreated has forced Emsisoft Anti-Malware to redownload the trial license information to save in the a2settings file. We're fairly certain that these issues have been fixed in version 9, but some people have let me know that the procedure of deleting the a2settings file seems to fix the issue for them. Interestingly enough, some people say it doesn't fix the issue, so it may have more than one cause. As for that backup you made of the a2settings file, would it be possible for you to send it to me in a private message? I'm not sure if our developers would need it, but they may still want to look at it.
  19. Actually, the issue with not being able to delete tracking cookies isn't going to be fixed, since the cookie scan is going to be removed. I recommend using something such as Ghostery to prevent tracking cookies, as that is a lot more effective than relying on an on-demand scanner to detect and remove them after the fact.
  20. Can you attach the log from the scan to a reply? It should be in the folder C:\EEK\Run\Reports You can also see what was actually removed by looking in the quarantine. As for the scan time, I assume you ran a Deep Scan? If you have a lot of hard drives, and especially if they have a lot of files on them, then the scan process can take some time. You can run a Custom Scan and remove any drives that you don't want it to scan in order to speed the scan time up.
  21. The statement "connection reset by peer" means the same as "connection reset by remote server". It basically means that the update server appeared to have dropped the connection. Lets get a Fiddler log, and see if it shows the cause of the issue. Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch Online Armor. Go to Options in the menu on the left. Click on the Internet Settings button. Check the box that says Use a proxy server. Enter localhost in the Address field, and then enter 8888 in the Port field. Click 'OK'. Go back to the Menu on the left, and select Status. Click on the Update now link to start the update (Fiddler must be running when you do this). After the update fails, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Please send me the Fiddler log in a Private Message (do not post in in a reply). Note that you may need to ZIP the log to be able to attach it to a Private Message. If you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  22. I'm sorry, I forgot to edit my instructions. Just select the free trial instead of entering license information.
  23. There are been some computers that would not allow us to create some of our drivers, even though they were clean. In those cases, even when we tried to manually create them from the command line it didn't work. It's possible that it is a registry permissions issue, but in that case other software would have the same issue (such as Malwarebytes Anti-Malware and Norton). There are tools, such as Windows Repair (All In One), which can reset registry permissions. Just be sure to run through the backup steps before running any fixes in tools like that.
  • Create New...