GT500

Emsisoft Employee
  • Content Count

    12182
  • Joined

  • Days Won

    359

Everything posted by GT500

  1. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with your virtual W: drive. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  2. This could be a port rule. You will need to set Online Armor to run in Advanced Mode in order to access the Ports tab in the Firewall settings.
  3. I talked to one of our developers, and he's fairly certain that the detections are being displayed improperly due to a bug in the EAM scan engine that may also be preventing it from removing the infection. The infection is also not showing up in the OTL log, and is not really a dangerous infection (more along the lines of a nuisance or a minor spyware). Chances are it is in another profile on the computer, and that's why OTL isn't showing it. The bug should be fixed when version 7 of Emsisoft Anti-Malware is released. For now, since the OTL log isn't showing the infection, I wouldn't worry about it.
  4. Lets get a fresh OTL log, and see if these show up. Here's the instructions: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  5. OK, that log look good to me (unsigned drivers are common even in legitimate software), so lets move on to a virus scan just to make sure that we are not missing anything. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  6. Don't worry about that second link. I've contacted sUBs (the maker of ComboFix) to let him know it isn't working right. As for your log, it looks like ComboFix took care of everything on its own. I did see evidence of what looked like a rootkit in the files that ComboFix deleted, so lets make sure that there is no further rootkit components on your system. Please get me a log from TDSSKiller by following the instructions below: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  7. COMODO's firewall includes a HIPS called Defense+, and would need to be disabled in order to run ComboFix without interference. I'll take a look at the file from the second link, and see why it isn't working. Edit: It looks like the InfoSpyware link isn't working properly. I'll have to get in contact with sUBs, and see if he is aware of this.
  8. Have you enabled "Paranoid Mode" in Mamutu? It shouldn't be prompting on a file that is digitally signed by Microsoft.
  9. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  10. I have made sure that our developers are aware of your issue, and they will take a look at your logs as soon as they are able to.
  11. OK, my testing on Friday reproduced the issue, and I sent logs and memory dumps to our developers. I have since received word that they have identified the problem, and that it should be fixed in the next release of Online Armor.
  12. Please download DebugView from this link: When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All". Open the new DebugView folder that was created on your Desktop after extracting. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator". Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item). Do whatever it is you need to in order to replicate the issue (sending an HTML e-mail in Outlook). After you have replicated the issue you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop. Please attach that log file to a reply so that we may analyze it for errors. You will need to use the More Reply Options button to the lower-right of where you type in your reply in order to access the attachment controls. Note: You may need to ZIP the log file in order to attach it. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.
  13. I'm testing this right now. I see your forum profile says you use Windows 7 x64. I assume that this issue with Online Armor, Sandboxie, and Google Chrome is happening on Windows 7 x64?
  14. So far, I have no been able to reproduce this in my own testing on 32-bit Windows 7, but now that I think about it I may be testing on the wrong platform. I'm going to retest this on Windows 7 x64, and see if I can reproduce it there. If I can, then we will know that it is exclusive to a 64-bit environment (perhaps because Sandboxie works differently on 64-bit editions of Windows).
  15. I've never tested Online Armor with µTorrent 2.x before, so if there is an issue then we will need some logs to see what the problem might be. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with µTorrent and Online Armor. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  16. OK, go ahead and run TDSSKiller again, and make sure to select Skip for everything except the TDSS File System detection. For the TDSS File System detection, select Cure if it is available, otherwise select to delete or remove it.
  17. Please get me a log from TDSSKiller by following the instructions below: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  18. Please try putting Online Armor in Learning Mode, and then install the Windows update. You should be able to do this by right-clicking on the Online Armor icon in the System Tray, and selecting Learning Mode from the menu.
  19. Have you tried this with the latest version of µTorrent? I would believe the current stable release is 3.2.
  20. Did you have Online Armor running normally while installing Windows Updates, or did you have Online Armor in Learning Mode?
  21. It look like your using a non-English version of Windows, so please try to bear with me, as I am only familiar with the English versions. If you want to turn off the service that is running in the background, first you need to right-click on the Emsisoft System Tray icon and select Shut down guard from the menu. After that, hold down the Windows key on your keyboard (it's usually between the Ctrl and Alt keys) and then tap the R key to open the Run dialog. Type services.msc into the Run dialog, and then click OK to continue. Scroll down in the list until you find Emsisoft Anti-Malware 6.0 - Service and right-click on it, then select Stop from the menu. This will shut down the a2service.exe that you are seeing in your task manager, and you can restart it the same way and then launch the Emsisoft Anti-Malware Guard from the Start Menu to get the System Tray icon back. Please note that the Emsisoft Anti-Malware 6.0 - Service that you'll find in the list of services, and which you will find running as a process named a2service.exe, is the part of Emsisoft Anti-Malware that does all of the work in the background, and that is why it tends to use more memory. When this service is not running, Emsisoft Anti-Malware will not be able to do anything (protect your computer, scan your computer, etc) so we normally recommend that you don't stop it or change its startup type unless you have no other choice, or unless we ask you to as part of debugging steps to determine the cause of a problem.
  22. OK, I went ahead and fixed the expiration date on your license key. Let me know if you have any more trouble with the expiration date.
  23. Please open Online Armor, select 'Options' from the menu on the left, go to the 'License' tab, and then click the link to activate another key. After selecting your license type and clicking 'Next', please copy and paste your license key into the field and continue by clicking 'Next' again. This should reactivate Online Armor and at the very least move your license key to our Customer Center where I can fix it for you if I need to. If Online Armor is still showing the wrong license period, then please send me a private message on these forums with your license key and your Reference Number from when you purchased the extension, and I will go ahead and take a look at fixing it.