GT500

Emsisoft Employee
  • Content Count

    13475
  • Joined

  • Days Won

    420

Everything posted by GT500

  1. Lets get an OTL log. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  2. There were some bad Windows Updates in August, however I would believe they were pulled from the Windows Update service after a week or two, and they should no longer be available. Microsoft Security Essentials and SUPERAntiSpyware are the only softwares I am seeing in your log that could prevent ComboFix from running, so as long as neither of them have real-time protection enabled then ComboFix should run just fine. Lets try using Rkill before using ComboFix, and see if it allows you to run ComboFix. Please download Rkill from one of the links below: rkill.exe rkill.com rkill.scr eXplorer.exe iExplore.exe WiNlOgOn.exe uSeRiNiT.exe The reason why there are 7 of them, each with a different name (and some of them with very funny names), is because some infections like to block security software from running. Start with the first one, and if it doesn't work then try the next one, and so on until you find one that works. Once you get one of the Rkill downloads to work, please run it a second time to make sure that it is no longer able to find any malicious processes still running. If it finds more, run it again to make sure that Rkill was able to stop any malicious processes still running on your computer. After running Rkill, please proceed with my previous instructions to run ComboFix (making sure to disable anti-virus and anti-spyware software first), and if everything works OK then attach the log to a reply when it is done.
  3. If avast! is using a proxy to filter Internet traffic, then Online Armor will not be able to filter Internet traffic by application, as it will appear to all be coming from avast!'s network filter process.
  4. Something is blocking ComboFix from running, so lets try running it in Safe Mode With Networking instead. Please follow the instructions at this link to start your computer in Safe Mode With Networking, and then try running ComboFix again.
  5. It is probably just a certain program that needs to be excluded from Online Armor so that it doesn't monitor it. Lets get some Debug Logs to see if they show which program needs to be excluded. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then verify the high CPU usage. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder. Note that RapidShare and BayFiles have been having issues lately, and we may not be able to download the files from them. If you have DropBox, Google Cloud Storage, or Microsoft SkyDrive then those services would be more reliable. Also, you can attach files to private messages on these forums, and I would believe the limit is up to 128MB, so if the file is smaller than 128MB then you can just attach it to a private message to me on these forums.
  6. OK, there's no rootkit detection in that log. Lets run ComboFix and see if it can take care of the infection. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt)Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  7. Try reinstalling Online Armor from this link, and you should be able to do an Upgrade Install. This should replace the missing uninstall file so that you can uninstall Online Armor.
  8. Exclusions work differently from allowing a software through the firewall and HIPS features. When you exclude a folder, everything in that folder will be ignored by Online Armor. When you allow something in the firewall and trust it in the HIPS, Online Armor will still monitor the application, but it will allow the behavior that it was told to allow. It's possible that exclusions didn't work because not all of its files are in the VMware folder in Program Files (I didn't realize this earlier). For instance, their USB passthrough driver appears to be in the following folder: C:\Program Files (x86)\Common Files\VMware\USB Some VMware components even appear to be running out of C:\Windows\SysWOW64 (vmnat.exe, vmnc.dll, and vmnetdhcp.exe). Obviously this folder shouldn't be added to exclusions, however you should make sure that these files are marked as Trusted in the Programs list in Online Armor. And a quick check of C:\Windows\System32 shows at least a couple of DLL's from VMware as well (vnetinst.dll and vnetlib64.dll). Note that you may want to go through the Programs list and make sure that any unknown applications or DLL's are Trusted, especially if they are from VMware. That will increase your chances of VMware and Online Armor working OK together. Also, please note that these files and folders are all from VMware Workstation 8 on Windows 7 x64, so if you are using a different VMware product or a different version of VMware Workstation then some of the information will most likely be different.
  9. I've tried it before. Malwarebytes purchased the company that created it. I don't know exactly how it works, but it does appear to be compatible with Emsisoft Anti-Malware (I have not tested it with Online Armor).
  10. Creating an exclusion for HyperSnap in Emsisoft Anti-Malware may resolve the issue. Here are instructions for adding a process to the exclusions list in Emsisoft Anti-Malware: Open Emsisoft Anti-Malware from the icon on the desktop. Click Guard in the menu on the left. Go to the File Guard tab. In the lower-left corner, just above Alerts, click on the Manage whitelist link. In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear). Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button. Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it. Repeat the last 3 steps as needed to add each file to the exclusions list. Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.
  11. Yes, there is. Here are instructions on how to add a process to the whitelist in Emsisoft Anti-Malware, and you will not that when you add it you have the options to the right to select which Guards the exclusion is to apply to: Open Emsisoft Anti-Malware from the icon on the desktop. Click Guard in the menu on the left. Go to the File Guard tab. In the lower-left corner, just above Alerts, click on the Manage whitelist link. In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear). Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button. Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it. Repeat the last 3 steps as needed to add each file to the exclusions list. Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.
  12. I would recommend only having two programs with real-time protection, however you may be able to resolve some of the performance issues by adding exclusions. Here are instructions on how to add processes to the whitelist in Emsisoft Anti-Malware: Open Emsisoft Anti-Malware from the icon on the desktop. Click Guard in the menu on the left. Go to the File Guard tab. In the lower-left corner, just above Alerts, click on the Manage whitelist link. In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear). Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button. Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it. Repeat the last 3 steps as needed to add each file to the exclusions list. Click the OK button at the bottom when done, and close Emsisoft Anti-Malware. I do know which files from Malwarebytes Anti-Malware you should add, so I will list them below: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe There are some other applications in the Malwarebytes Anti-Malware folder that don't need to be added, however you can add them anyway if you want to. As for avast!, I do not know what files would need to be added for current versions. I have that information for version 6, but not for anything newer, and I know that avast! has changed enough since version 6 that the information is no longer valid.
  13. We already have a bug report open on this, so I'll add your information and a link to this forum topic to the bug report. Edit: I assume you are experiencing this issue on Windows XP? Also, what version of Google Chrome are you using?
  14. OK. Please let us know if you have any further issues.
  15. The logs look OK to me. Lets get a scan from TDSSKiller, just to see if there's a rootkit infection. Here are the instructions: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  16. Have you tried adding the VMware folder to the exclusions list in Online Armor? Here are some instructions for adding a folder to the Exclusions list in Online Armor: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder you want to add, click on it to highlight it, and then click OK at the bottom. Close the Online Armor window. The VMware folder should be something like the following: C:\Program Files\VMware Or perhaps like this on 64-bit editions of Windows: C:\Program Files (x86)\VMware
  17. Unfortunately there isn't going to be a reply from them. Oracle has ignored the issues for so long that our developers are convinced that they don't care about fixing it.
  18. Yes, an update should have been available last week to resolve this issue.
  19. You're quite welcome. Please let me know if you have any issues.
  20. Everything looks OK to me. Let me know if you have any further issues.
  21. Emsisoft Anti-Malware should work fine with Windows 8.1. I'm fairly certain that Online Armor will work fine as well.