Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. Your license should be fixed now. Also, if you ever have trouble receiving e-mails from our helpdesk, then you can log in at this link and check your tickets to see if there has been a reply.
  2. I see that Christian Peters has already replied to your e-mail through our helpdesk. I left a note for him that you also have a topic on the forums.
  3. Since attempting to assist more than one person in the same topic can cause us to inadvertently overlook someone, I have split your post into a new topic. We also ask that, in the future, you create a new topic on the forums when asking for assistance so that it is easier for us to assist you. I have found an Emsisoft Anti-Malware license associated with your account in our Customer Center, and I have sent an e-mail to our Sales Manager about this. Would you prefer that we reply to you here on the forums, or via the helpdesk?
  4. OK, I have a little bit more information. The detection was from BitDefender's engine, and I have been told that they have fixed this in their database. You will see this be resolved as soon as you get the BitDefender database update that resolves the false positive.
  5. I'm talking with the research team about this right now. They do have a fix for the false positive, and they hope to have that fix available as an update soon.
  6. That depends on where you saw this GoogleUpdate.exe in HiJackFree. In most of the 'Autoruns' categories, you can right-click and select to edit the autorun in order to see the full path to the file.
  7. Do you actually have an archive of some sort that is greater than 64MB which contains an infected file?
  8. The Fiddler log showed that Emsisoft Anti-Malware was able to connect to our update servers and download the list of updates, which means that the update should be working. We're going to need a DebugView log to determine what is going on. Before we can get that, we'll need to set a registry entry that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator): After that, please restart your computer, and then proceed with the instructions below: Download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Before running DebugView, you will need to add a process exclusion to Emsisoft Anti-Malware to prevent crashing issues. Here are the instructions: Please go ahead and open Emsisoft Anti-Malware from the icon on the desktop. click on Guard in the menu on the left. Go to the File Guard tab. Click on the Manage whitelist link on the left, just above 'Alerts'. On the left, under where it says Type, click on where it says File and change it to Process. Click in the white space to the right of where you just changed 'File' to 'Process', under where it says Item, and a little button with three dots on it will appear to the right. Click on the button with the three dots. Navigate to the folder where DebugView is saved (this should be on your desktop), select the Dbgview file, and click the Open button in the lower-right. Click OK at the bottom to save the settings, and then close Emsisoft Anti-Malware. Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). After selecting the options in the 'Capture' menu, click on the 'File' menu and select "Log to File As" and create a file on your desktop for it to save the log to. Try the update in Emsisoft Anti-Malware. After the update fails, restart your computer (you may need to hold down the power button for about 4 or 5 seconds to shut it down first), and make sure that the log was saved on your desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Send to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  9. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt)Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  10. May I ask what error message you are getting when you try to import them?
  11. Currently the majority of our translations are maintained by volunteers, and if we are lacking a translation then that usually means that we do not have a volunteer who maintains a translation for that language.
  12. You're quite welcome, and thank you for the compliment.
  13. That could be the legit GoogleUpdate, or it could be part of an infection. I'd need to see the full file path, and perhaps a VirusTotal analysis of the file in question before I could say for sure.
  14. You may have to add exclusions for Mamutu to Avira's anti-virus. We have an old set of instructions written back in March for adding exclusions. I don't know if anything has changed in regards to this process in the latest versions of Avira's anti-virus, however you can try them anyway and see if they work: Open the Avira Control Center from the icon on the desktop. In the menu on the left, under PC protection, click on Realtime Protection. In the upper-right corner, click on Configuration. If it asks you to enable expert mode, then click Yes. In the menu on the left, under Realtime Protection, click the little [+] icon to the left of Scan to reveal more options, and then click on Exceptions. Under Processes to be omitted by the Realtime Protection click on the ... button (the one that has three dots and no name). Navigate to the Mamutu main folder (normally C:\Program Files\Mamutu). Select the file to be excluded, and click on the Open button. Click the Add>> button just to the right to add the file to the list of excluded items. Repeat the last four steps until you have added each of the following files: a2service.exe mamutu.exe After adding all three files, click Apply at the bottom. Click the X button in the upper-right corner to close the Configuration window. Close Avira Antivirus Premium.
  15. Wikipedia's explanation is rather good, although a bit on the technical side. It is basically a fake network interface that your computer uses to redirect traffic back to your computer. The "loopback interface" is used when you type 'localhost' into your browser, or when you attempt to visit the address "" in your browser. Of course, the loopback interface works for all programs that can make use of your network/Internet connection. Some malware will act as a proxy server, and set the proxy settings in your browser to 'localhost' or "" in order to cause things such as search redirects, or prevent you from searching for help on the Internet.
  16. Here are some instructions for adding a folder to the Exclusions list in Online Armor: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder you want to add, click on it to highlight it, and then click OK at the bottom. Close the Online Armor window. The Microsoft Games for Windows - LIVE folder should be one of the following (depending on whether your version of Windows is 32-bit or 64-bit): C:\Program Files\Microsoft Games for Windows - LIVE C:\Program Files (x86)\Microsoft Games for Windows - LIVE You may also need to add the game's main folder to the Exclusions list as well.
  17. OK, I found someone who was able to reproduce this on their laptop, and running Firefox in Safe Mode was not easy (you had to do a lot of guessing as to where the menu items were when looking to restart Firefox in Safe Mode), however I was able to confirm that running Firefox in Safe Mode did resolve the issue. Upon further investigation, I found that disabling the Greasemonkey extension and restarting Firefox also resolved the issue. I attempted to replicate this issue again by installing Greasemonkey 1.5 in Firefox 18, however I was not able to replicate it with just the Greasemonkey extension. I then installed the WOT extension, just to see if a combination of the two was the cause, and was still not able to replicate the issue. Either the issue only happens on certain computers (perhaps only with certain video hardware) or it requires a certain combination of extensions to trigger it.
  18. Are these on different computers, or on the same computer? Did you check to make sure that the port is not blocked in Online Armor?
  19. I'm glad to hear that you found the answer to your issue. I'm going to go ahead and lock this topic now. If anyone needs any more assistance with this issue, then please feel free to create a new topic in our Online Armor forum, or submit a ticket on our online helpdesk.
  20. Has anyone tried it with Firefox running in "Safe Mode" yet? Like I said, I cannot duplicate this issue (see my sceenshot above). If one of you could confirm whether or not the issue happens when Firefox is running in "Safe Mode", then that will help me to determine what the next step in debugging should be.
  21. That happens when you're already run OTL once before. BTW: I am not seeing an OTL.txt file attached to your message. Please let me know if you are having trouble attaching it.
  22. You're welcome. Please let me know if you have any further issues.
  23. The last time I tested software from Avira, I was testing Emsisoft Anti-Malware 6 with Avira Antivirus (free and premium) as well as Avira Internet Security, which was in March of 2012, and there were no issues at all when I tested them. Since Mamutu is a stand-alone version of the Behavior Blocker from Emsisoft Anti-Malware, it would most likely also be capable if running alongside Avira's software without issues, however there is always the possibility that an update since March may have changed how well they work together. If you have any issues, then adding exclusions should help resolve them.
  24. Direct Disk Access (DDA) is where our own driver is used to directly access the data on your hard drive, rather than relying Microsoft APIs within Windows that would normally be used to access the disk drive. Many security applications use their own DDA driver to facilitate detecting the presence of rootkits and other infections that are capable of hiding themselves by interfering with what Windows is able to see on your hard drive.