Jump to content

GT500

Member
  • Posts

    14249
  • Joined

  • Days Won

    457

Everything posted by GT500

  1. Actually, the issue with not being able to delete tracking cookies isn't going to be fixed, since the cookie scan is going to be removed. I recommend using something such as Ghostery to prevent tracking cookies, as that is a lot more effective than relying on an on-demand scanner to detect and remove them after the fact.
  2. Can you attach the log from the scan to a reply? It should be in the folder C:\EEK\Run\Reports You can also see what was actually removed by looking in the quarantine. As for the scan time, I assume you ran a Deep Scan? If you have a lot of hard drives, and especially if they have a lot of files on them, then the scan process can take some time. You can run a Custom Scan and remove any drives that you don't want it to scan in order to speed the scan time up.
  3. The statement "connection reset by peer" means the same as "connection reset by remote server". It basically means that the update server appeared to have dropped the connection. Lets get a Fiddler log, and see if it shows the cause of the issue. Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch Online Armor. Go to Options in the menu on the left. Click on the Internet Settings button. Check the box that says Use a proxy server. Enter localhost in the Address field, and then enter 8888 in the Port field. Click 'OK'. Go back to the Menu on the left, and select Status. Click on the Update now link to start the update (Fiddler must be running when you do this). After the update fails, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Please send me the Fiddler log in a Private Message (do not post in in a reply). Note that you may need to ZIP the log to be able to attach it to a Private Message. If you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  4. I'm sorry, I forgot to edit my instructions. Just select the free trial instead of entering license information.
  5. There are been some computers that would not allow us to create some of our drivers, even though they were clean. In those cases, even when we tried to manually create them from the command line it didn't work. It's possible that it is a registry permissions issue, but in that case other software would have the same issue (such as Malwarebytes Anti-Malware and Norton). There are tools, such as Windows Repair (All In One), which can reset registry permissions. Just be sure to run through the backup steps before running any fixes in tools like that.
  6. I have not specifically received a response, however I am fairly certain that this is related to performance issues that were reported by others.
  7. I'd recommend deleting them just to see if they come back.
  8. Lets try deleting the 'a2settings' file from the Emsisoft Anti-Malware folder, and see if that helps. First, i recommend following the instructions at the link below to start your computer in Safe Mode With Networking: http://windows.microsoft.com/en-us/windows-8/windows-startup-settings-including-safe-mode Once your computer is running in Safe Mode With Networking, navigate to the Emsisoft Anti-Malware folder, which should be in the following location: C:\Program Files (x86)\Emsisoft Anti-Malware Once you have deleted the 'a2settings' file, then restart your computer normally, and then try launching Emsisoft Anti-Malware from the icon on your desktop to enter your license information.
  9. The script can be used as often as you want, but I have to assume that OTL won't find most of the items in the script (just like the second time you ran it).
  10. Actually, we've had a few program updates here recently, and a few more are being beta testing. You can see short descriptions of all of the program updates at this link.
  11. I'm not seeing anything in the log that looks malicious. I am seeing some driver errors from your Windows Event Logs. Have you checked your computer manufacturer's support website to see if they have updated drivers for your edition of Windows?
  12. OTL doesn't have any way to know you've already run the script, so it will run it again if you copy and paste it into OTL and click the button to run the fix. What I was trying to say earlier was basically that, once you have run the script, everything should be deleted. Once everything is deleted, running the script just gives you a bunch of error messages because it couldn't find the stuff. You see the full list every time you run it because the full list is in the script. Basically, OTL tries to process each line of the script, and if it cannot then you will see it in the log with an error message (such as "Not found") listed right behind the path to whatever it was supposed to delete.
  13. I would believe Fabian said you can turn off the settings that create the rules automatically.
  14. Well, we can try getting a log from FRST, and see if we can find what was causing it. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your 'Downloads' folder, so in those cases please move the download to your desktop): For 32-bit (x86) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST.exe For 64-bit (x64) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version. Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select "Run as administrator"). When the tool opens click "Yes" for the disclaimer in order to continue using FRST. Press the 'Scan' button. When the scan is done, it will save a log as a Text Document named 'FRST' in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there). Please attach the FRST log file to a reply (it is best if you do not copy and paste it into an e-mail). The first time the FRST tool is run it saves another log (a Text Document named 'Addition' - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply. If you are not used to attaching files to e-mails, then just look for a button in the toolbar above where you write your message that has a paperclip icon, and that should be the attachment button.
  15. Lets get a log from FRST, and see if that shows the cause of the issue. Please download Farbar Recovery Scan Tool (FRST) from one of the following links, and save it to your Desktop (please note that some web browsers will automatically save all downloads in your 'Downloads' folder, so in those cases please move the download to your desktop): For 32-bit (x86) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST.exe For 64-bit (x64) editions of Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe Note: You need to run the version compatible with your computer. If you are not sure which version applies to your computer, then download both of them and try to run them. Only one of them will run on your computer, and that will be the right version. Run the FRST download that works on your computer (for Windows Vista, Windows 7, and Windows 8 please right-click on the file and select "Run as administrator"). When the tool opens click "Yes" for the disclaimer in order to continue using FRST. Press the 'Scan' button. When the scan is done, it will save a log as a Text Document named 'FRST' in the same place the tool was run from (if you had saved FRST on your desktop, then the FRST log will be saved there). Please attach the FRST log file to a reply (it is best if you do not copy and paste it into an e-mail). The first time the FRST tool is run it saves another log (a Text Document named 'Addition' - also located in the same place as the FRST tool was run from). Please also attach that log file along with the FRST log file to your reply. If you are not used to attaching files to e-mails, then just look for a button in the toolbar above where you write your message that has a paperclip icon, and that should be the attachment button.
  16. Actually it isn't strange. Conduit is a very popular framework for creating toolbars for web browsers, so something probably recreated that registry key. It is registered the first time you click the 'Quarantine' or 'Delete' buttons.
  17. 127.0.0.1 is the "loopback" address, which means it is always considered the address of your computer (regardless of what address you computer is assigned on your network or over the Internet). I assume you have a browser extension for Firefox that is causing it to connect to crawlability.com, although that domain name doesn't appear to point to anything at the moment. The domain name appears to have been created on March 11th, 2014 (so it's a pretty new domain).
  18. You can try the instructions at this link, and let me know if they help. I noticed Spybot Search & Destroy is installed. Is it the free version or the premium version?
  19. When you run a Custom Scan you can select to enable Direct Disk Access.
  20. If you don't want "No Risk" detections to show up, then you can disable PUP detection: Open Emsisoft Anti-Malware. Go to Guard in the menu on the left. Go to the File Guard tab. At the bottom, for Default action for Potentially Unwanted Programs (PUPs), you can select No detection from the dropdown menu.
  21. Extracting the EEK to a USB flash drive shouldn't cause any problems with it, as it is designed to be able to run from USB flash drives (we actually sell it on 16GB USB flash drives with licensing to be used for commercial purposes). The EEK registers its driver when it tries to delete stuff. When a driver is registered, it's the same as creating a service, and a registry entry is created to define the driver and allow it to be loaded. Some software (such as Autoruns from Microsoft) can show you what drivers and services are registered on a computer running Windows without you needing to know how to check the registry or how to use utilities such as OTL. For reference, here's a screenshot of the driver highlighted in Autoruns (click on the screenshot to make it bigger): The OTL script was written to delete specific files and registry entries that were in your EEK log from earlier, so those are the only things it will tell OTL to delete. Basically, unless the exact same files and registry entries end up back on your computer, then the OTL script is essentially only useful once.
  22. The only time that Safe Mode With Command Prompt would be necessary is in a case where a ransomware that locks down the computer in both normal mode and Safe Mode does not load in Safe Mode With Command Prompt, although in those cases you can usually type in explorer.exe and press Enter to launch the normal desktop without also launching the ransomware. Aside from that, since Emsisoft Anti-Malware makes use of drivers that allow for direct disk access and other advanced detection and deletion mechanisms, and since infections can load in Safe Mode just as easily as they can when Windows is running normally, it is generally better to just run your scans while Windows is running normally.
  23. BTW: It looks like this just got fixed in Beta Updates: http://changeblog.emsisoft.com/2014/04/15/beta-updates-2014-04-15/ I was told that it was also published for Emsisoft Emergency Kit, so if everything goes well in the beta, then it should be released as a stable update soon.
×
×
  • Create New...