GT500

Emsisoft Employee
  • Content Count

    12517
  • Joined

  • Days Won

    374

Everything posted by GT500

  1. This can be triggered by certain applications that perform certain actions which cause our Behavior Blocker to check them too frequently, thus driving up the CPU usage. If this is what is happening, then DebugView can tell us what process is causing it. Here are instructions for running DebugView: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Before running DebugView, you will need to add a process exclusion to Emsisoft Anti-Malware to prevent crashing issues. Here are the instructions: Please go ahead and open Emsisoft Anti-Malware from the icon on the desktop. click on Guard in the menu on the left. Go to the File Guard tab. Click on the Manage whitelist link on the left, just above 'Alerts'. On the left, under where it says Type, click on where it says File and change it to Process. Click in the white space to the right of where you just changed 'File' to 'Process', under where it says Item, and a little button with three dots on it will appear to the right. Click on the button with the three dots. Navigate to the folder where DebugView is saved (this should be on your desktop), select the Dbgview file, and click the Open button in the lower-right. Click OK at the bottom to save the settings, and then close Emsisoft Anti-Malware. Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). We'll only need a few seconds of logging while the CPU usage is high, so after verifying that the CPU usage is high then click on the 'File' menu and select select to save the log (it is easiest to save it on your desktop, as this makes it easy to find). Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Send to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  2. Please try following the instructions at this link to start your computer in Safe Mode, and then try to run OTL with the script again. That should eliminate any possibility of other software interfering with OTL while it runs the fixes in the script.
  3. Have you checked in Online Armor to make sure that the rule was created? In the Program rules you will need to uncheck the option to hide trusted programs, and the list should be in alphabetical order.
  4. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please proceed with the instructions below for AdwCleaner and Junkware Removal Tool. Please download AdwCleaner and save it on your desktop. Close all open programs and internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Please attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer. Please download Junkware Removal Tool and save it on your desktop. Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Please attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. Once you have run both of those tools, go ahead and run OTL again, and click the Run Scan button to get me a fresh OTL log, and attach that to a reply the same way you attached the other logs.
  5. I don't notice any major slowdown issues in my 64-bit testing environments. Does the same slowdown issue happen if you right-click on the Malwarebytes' Anti-Malware icon in the System Tray and uncheck the "Start with Windows" option?
  6. I have forwarded your logs on to our developers. Actually, we can't download those logs. It says "Download permission denied by uploader. (0b67c2f5)"
  7. May I ask what happens if you try to launch the Guard manually? You can do this through the Start menu, by going to All Programs, going to Emsisoft Anti-Malware, and then selecting the Emsisoft Anti-Malware Guard.
  8. After merging your two topics together, the forums are no longer allowing me access to download your attachments. If you still have the logs, could you please attach them to a reply again by using the More Reply Options button to the lower-right of where you type in your reply?
  9. It shouldn't be possible to exploit your computer or personally identify you with the SID number, so it is safe to post of the forums.
  10. You're quite welcome. Please let me know if you have any further issues.
  11. These look like legitimate GoogleUpdate.exe files, so I don't think there's anything to worry about here.
  12. A traditional anti-virus is still recommended, simply because it would help reduce the risk by supplementing with signature based detection. You are correct that any behavior that could be exhibited by a malicious software should be picked up by Mamutu, and as long as you answer the prompts correctly it will block any malicious process from performing those action.
  13. Your license should be fixed now. Also, if you ever have trouble receiving e-mails from our helpdesk, then you can log in at this link and check your tickets to see if there has been a reply.
  14. I see that Christian Peters has already replied to your e-mail through our helpdesk. I left a note for him that you also have a topic on the forums.
  15. Since attempting to assist more than one person in the same topic can cause us to inadvertently overlook someone, I have split your post into a new topic. We also ask that, in the future, you create a new topic on the forums when asking for assistance so that it is easier for us to assist you. I have found an Emsisoft Anti-Malware license associated with your account in our Customer Center, and I have sent an e-mail to our Sales Manager about this. Would you prefer that we reply to you here on the forums, or via the helpdesk?
  16. OK, I have a little bit more information. The detection was from BitDefender's engine, and I have been told that they have fixed this in their database. You will see this be resolved as soon as you get the BitDefender database update that resolves the false positive.
  17. I'm talking with the research team about this right now. They do have a fix for the false positive, and they hope to have that fix available as an update soon.
  18. That depends on where you saw this GoogleUpdate.exe in HiJackFree. In most of the 'Autoruns' categories, you can right-click and select to edit the autorun in order to see the full path to the file.
  19. Do you actually have an archive of some sort that is greater than 64MB which contains an infected file?
  20. The Fiddler log showed that Emsisoft Anti-Malware was able to connect to our update servers and download the list of updates, which means that the update should be working. We're going to need a DebugView log to determine what is going on. Before we can get that, we'll need to set a registry entry that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file eam_enable_debug_output.zip contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator): After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Before running DebugView, you will need to add a process exclusion to Emsisoft Anti-Malware to prevent crashing issues. Here are the instructions: Please go ahead and open Emsisoft Anti-Malware from the icon on the desktop. click on Guard in the menu on the left. Go to the File Guard tab. Click on the Manage whitelist link on the left, just above 'Alerts'. On the left, under where it says Type, click on where it says File and change it to Process. Click in the white space to the right of where you just changed 'File' to 'Process', under where it says Item, and a little button with three dots on it will appear to the right. Click on the button with the three dots. Navigate to the folder where DebugView is saved (this should be on your desktop), select the Dbgview file, and click the Open button in the lower-right. Click OK at the bottom to save the settings, and then close Emsisoft Anti-Malware. Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). After selecting the options in the 'Capture' menu, click on the 'File' menu and select "Log to File As" and create a file on your desktop for it to save the log to. Try the update in Emsisoft Anti-Malware. After the update fails, restart your computer (you may need to hold down the power button for about 4 or 5 seconds to shut it down first), and make sure that the log was saved on your desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Send to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  21. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt)Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  22. May I ask what error message you are getting when you try to import them?
  23. Currently the majority of our translations are maintained by volunteers, and if we are lacking a translation then that usually means that we do not have a volunteer who maintains a translation for that language.
  24. You're quite welcome, and thank you for the compliment.