GT500

Emsisoft Employee
  • Content Count

    12245
  • Joined

  • Days Won

    362

Everything posted by GT500

  1. Unfortunately, Online Armor 6 does not yet support IPv6 connections. We currently do not have an ETA on when IPv6 support might be added, or a possible version number to expect to see it in.
  2. When your license expires, Emsisoft Anti-Malware will start running in 'free' mode, which means you will lose the real-time protection and the behavior blocker, but you will still be able to run scans and get updates. You may also want to consider this article about our Referral Rewards Program.
  3. It is common to have application and driver issues after upgrading from an older version of Windows to a newer one. Fortunately, Microsoft doesn't force those upgrades via Windows Update (they expect you to buy the 'upgrade' edition of Windows 8 before you can upgrade to it). Have you tried disabling your Outpost Security Suite to see if that resolves the issue with Emsisoft Anti-Malware?
  4. OK, go ahead and run a Quick Scan with Malwarebytes' Anti-Malware and attach the log to a reply for me. After that, run a scan with OTL again and attach that log to a reply as well. I just want to verify that everything is looking better before we move on.
  5. An INF file cannot be executed like an application, so you wouldn't be able to block it via Emsisoft Anti-Malware. You can block access to the file via file permissions in Windows, assuming your hard drive was formatted with the NTFS filesystem (this is the most common filesystem for Windows computers since Windows XP, and I would believe it is required for installing Windows 7). Here is a link to instructions on using file permissions in Windows, however please be careful when changing these settings, as you can completely lock yourself out of files, folders, and even entire hard drives if you accidentally select the wrong option.
  6. Do you still have the engine debug logs enabled? If so, you will probably want to delete the ScanEngineDebug.log file and then run another scan (you can run the scan overnight if it takes too long). Please attach the new ScanEngineDebug.log file to a reply once the scan is done. If you have trouble deleting the ScanEngineDebug.log file, then right-click on the little Emsisoft Anti-Malware icon in the lower-right corner of the screen (to the left of the clock) and select Shut down Guard. After that, please hold down the Windows key on your keyboard (normally in between the Ctrl and Alt keys, with the little Windows logo on it) and tap the R key to open the Run dialog. Type services.msc into the field, and then click OK. This will open a list of services that are installed on your computer. Please scroll down until you find the Emsisoft Anti-Malware Service, right click on it, and select Stop. After stopping the Emsisoft Anti-Malware service, you should be able to delete the ScanEngineDebug.log file. To reactivate Emsisoft Anti-Malware, just right-click on the Emsisoft Anti-Malware service, and select to Start it from the menu. Now you can click the Start button, go to Programs, go to Emsisoft Anti-Malware, and select Emsisoft Anti-Malware Guard to get the icon back in the System Tray/Notification Area.
  7. OK, the DDS log is showing a driver that doesn't look good, and the file appears to be missing, so lets use The Avenger to delete it. 1. Please download The Avenger from this link, and make sure to save it on your Desktop. Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop 2. Save the AvengerScript.txt at the link below to your desktop, open it, and copy all the text contained in the AvengerScript.txt file, and it will be pasted into The Avenger in a later step (if you do not know how to copy and paste, then there are instructions at this link): Note: the above code was created specifically for the person requesting assistance in this forum topic, and it is based entirely on the logs they supplied from their computer. No one else should attempt to run The Avenger with this script, as it may damage their computer! 3. Now, open the avenger folder on your desktop and start The Avenger program by double-clicking on its icon. Please paste the contents of the attached AvengerScript.txt file above (which you should have already copied) into the white box in The Avenger (see example picture below). Click on the Execute button in the low-right corner (see example picture below). Answer "Yes" twice when prompted. 4. The Avenger will automatically do the following: It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.) On reboot, it will briefly open a black command window on your desktop, this is normal. After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. 5. Please attach the content of c:\avenger.txt to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  8. You're quite welcome. Please let us know if you have any further issues.
  9. We will probably need a scan engine debug log to see what is going on. I have attached a ZIP archive to the message which contains two batch files. One is named engine_enable_debug_output and the other is named engine_disable_debug_output. Please download this ZIP archive, extract the batch files, and run the engine_enable_debug_output file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click and select to Run as administrator): After running the batch file, please restart your computer, and try your scan again. Once it freezes, please check the Emsisoft Anti-Malware folder (usually C:\Program Files\Emsisoft Anti-Malware) and there should be a file named ScanEngineDebug.log (the files should be listed in alphabetical order). Please ZIP this file (if you do not have a program such as WinZip, 7-Zip, or WinRar then please right-click on the file, go to Send To, and select Compressed (zipped) folder) and make sure to save the ZIP archive on your desktop to make it easy to find. After that, please attach the ZIP archive with the ScanEngineDebug.log file in it to a reply by using the More Reply Options button to the lower-right of where you type in your reply to access the attachment controls.
  10. Do you mean exclude a file from protection, or block a file from being executed as a program?
  11. Do you have any other security software (anti-virus, anti-spyware, firewall, etc) installed?
  12. OK, that sounds like we're making some progress. Let me know if the scan finishes, and if you could attach the log from the scan to a reply for me then that would be great.
  13. Have you tried selecting the option for silent mode? Pleas see the screenshot below (if it is too small, then you can click on it to make it bigger):
  14. OK, that video shows EAM downloading signature and program updates, however the "Last update" time isn't changing after the restart. I'll let our developers know.
  15. You can allow chkdsk to close all open handles to the drive. It shouldn't hurt anything, as the only thing accessing the hard drive would be the recovery environment loaded from the disk, and you'll be restarting the computer after the chksdk is done running.
  16. I find it odd that ComboFix cannot run, but that OTL appears to be completely unhindered. Lets get a DDS log, and see if it tells us any more information. Please follow the instructions below to post a DDS log: Download DDS from this link, and be sure to save it on your desktop. Disable all script blocking protection, anti-virus software, firewall/HIPS, or anti-spyware software before running it. Double click the dds icon you saved on your desktop to run the tool. A black window will appear that explains what DDS does and which will show you the progress near the bottom. When done, a window will pop up explaining that two logs will open in Notepad after you click OK. Go ahead and click the OK button to continue. Ignoring the instructions that DDS gave you, please save both of these logs on your desktop as Text Documents. Please attach both of those logs to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  17. I was talking to Andrey the other day about this, and he reminded me that Online Armor has a separate section for Autorun entries which can block a startup item. If this happens again in the future, you may want to check there as well, just to make sure that a block rule has not been created for it.
  18. There is an issue when installing with the EAM 6.6 installer where, when it download the updates for version 7 while the wizard is running, this causes the issue you experienced. The fix for this issue is to always install from a version 7 installer. This is why I was wondering if it was only happening when installing using the version 6.6 installer. If the issue you experienced also happens when installing from the version 7 installer, then it is most likely an Internet connection issue.
  19. Have you tried disabling BitDdefender TrafficLight to see if everything works OK while it is disabled? As for the blank CD, if you want to try running a disk check from a bootable CD, this will be fairly easy since you are using Windows 7. You can create a bootable System Repair Disk by clicking on the Start button, typing backup into the search, and selecting Backup and Restore from the list of search results. Once the Backup and Restore window opens, there will be a link on the left that says Create a system repair disk. If you insert a blank CD into your CD burner and click this link, you will be able to create a special disk that you can use in the event that anything bad ever happens to your computer (among the other tools on this disk, it will also contain the chkdsk utility, which is how Windows checks your hard drive for errors). After creating the System Repair Disk, you will need to start your computer up from this disk in order to gain access to the recovery environment. This process is a little different on every computer, however I will do my best to explain it below: Make sure the disk is in your primary CD/DVD drive. Restart your computer. When your computer begins starting back up, it should display the manufacturer's logo momentarily. Normally in one of the corners of the screen, or directly below the manufacturer's logo, it will tell you what key to press to access what is normally called the Boot Menu (this name can vary, but usually has the word boot in it somewhere). You will need to press this key in order to access this menu. Once the boot menu is open, please select your CD/DVD drive from the list using the arrow keys (some systems, such as Fujitsu, may allow you to use the mouse) and then press Enter. If you are having trouble figuring out which one you should select, then note that many CD and DVD drives have TSSTCorp somewhere in the name. Once you select your CD/DVD drive, you should see a black screen, and if some white text appears in the upper-left corner asking you to press any key to start from the CD/DVD then please press any key (such as the space bar) to continue, otherwise your computer will not load the recovery environment from the disk. Once the recovery environment loads, you should see a screen that looks like the following (this image was borrowed from a Microsoft article): You will want to select the option to load the Command Prompt. Once the Command Prompt loads (it should be a black window with white text), please type in chkdsk C: /F and then press Enter on your keyboard to start the disk check (this process will most likely take a few minutes). Once the disk check is done, it is safe to restart your computer. You should be able to do this by closing the Command Prompt and clicking the Restart button in the lower-right corner. As your computer tries to start up again, and the manufacturer's logo appears on the screen, please eject the CD from the drive. This prevents issues with computers that attempt to automatically load off of the CD.
  20. Neither of your videos show the number of signatures changing after the update process finishes. The update did not find any new signatures or program files to download, therefore Emsisoft Anti-Malware is fully up to date.
  21. The ZeroAccess infection persists. ComboFix may be required to remove it, although there is a possibility that since we already tried to use OTL that ComboFix may not be able to remove the entire infection. There should be a way to run ComboFix without it freezing. Please disable your anti-virus software (and any third-party firewall or anti-spyware software you have installed) and then hold down the Windows key on your keyboard (normally between the Ctrl and Alt keys, with the little Windows logo on it) and then tap the R key to open the Run dialog. Type ComboFix /nombr (note that there is a blank space in between 'ComboFix' and '/mrb' even though it might not look like it) into the field and then click OK, and make sure to allow the update. If it works this time, then please attach the log to a reply for me to review.
  22. Could you remove any rules/exclusions/etc that you have manually created for Sandboxie, and then get us some logs from a reboot where OA blocks Sandboxie from starting? You can create the logs by opening Online Armor, going to Options in the menu on the left, clicking the little check box to enable debug mode, restarting your computer, and then trying to reproducing your problem with Sandboxie. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  23. Does it change when there is a successful update?
  24. There's more wrong here than just an issue with EAM 7. Something other than EAM is preventing the dump from being saved. The disk check also should have worked fine. Do you have a blank CD and a CD burner installed in this computer? I also want to see some more information on your computer's software configuration, just in case something else is conflicting with EAM. Please run OTL by following the instructions below to get me a log: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  25. External drives would need to be scanned with a virus scanner, such as the Emsisoft Emergency Kit or Emsisoft Anti-Malware. After things are looking cleaned up I will also have you run a scan with a third-party anti-virus tool, just to make sure that we haven't missed anything, and this same tool can be used to scan your external drives. Yes, even if the databases for the two scanning engines in Emsisoft Anti-Malware do not contain definitions for the infection, the Behavior Blocker should warn you if a program is attempting to do something that is suspicious or dangerous. As for the OTL log, it looks much better. I am still seeing some signs of ZeroAccess, so lets try one more script and see if that takes care of it. Here's another cleanup script and the instructions again (please download the latest version of OTL from this link, even if you still have the one you downloaded previously). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.