Emsisoft Employee
  • Content Count

  • Joined

  • Days Won


Everything posted by GT500

  1. The cleaning process is longer due to the new cleaning engine, which is far more advanced than the old one. I do not believe that the scanning process should be longer, however there have been a lot of changes in EAM 8 and it is possible that scan speed was effected as well. May I ask just how much longer the scan time is?
  2. That ESET scan log doesn't look bad. One of the detections was in OTL's quarantine, so it was already deleted. The other detection was related to your Firefox preferences, which you may want to reset to their defaults. As for the Kaspersky Internet Security, it would be best to uninstall that if you do not have a current license for it. It's basically just wasting system resources and not providing any protection. Here's a link to a Kaspersky kowledgebase article about their removal tool for their software, which should allow you to uninstall any of their software that is on your computer. Once you have Kaspersky uninstalled, please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt)Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  3. Currently our software only works on Windows platforms. We do not make software for other operating systems, which includes mobile platforms such as Android.
  4. Were you using Sandboxie when you were not able to use your keyboard shortcuts, or were you only using RunSafer?
  5. The only way I can get Opera 15 to work correctly with Online Armor is to add the Opera folder (C:\Program Files\Opera) to the exclusions list in Online Armor, and then restart Online Armor. Since the browser cache is stored in your user profile, then that shouldn't pose a major security risk. You can find the Exclusions list by opening Online Armor, going to Options in the list on the left, and going to the Exclusions tab. If Opera 15 is the only version you have installed, then just add Opera folder in Program Files to the exclusions list. If you have other versions of Opera installed, then you can select the folder for the version you want to exclude.
  6. Adding the following two files as Trusted and Allowed appear to have taken care of most of the performance issues: C:\Program Files\Opera\15.0.1147.130\d3dcompiler_46.dll C:\Program Files\Opera\15.0.1147.130\npTestNetscapePlugIn.dll Unfortunately it is still having issues loading webpages, so I will have to do some more testing.
  7. I added the following executables in Online Armor as Trusted, and Opera 15 does work now, however it is very slow and I am still checking it out to see why that might be. C:\Program Files\Opera\launcher.exe C:\Program Files\Opera\15.0.1147.130\opera.exe C:\Program Files\Opera\15.0.1147.130\opera_autoupdate.exe C:\Program Files\Opera\15.0.1147.130\opera_crashreporter.exe
  8. I was going to mention that "The Hessling Editor" had been updated for Windows within the past year, but then I installed it and I noticed that it works more like vi than a GUI-driven editor. XeditPc also appears to be like vi, so unless you like editors without a GUI then I doubt you will find them as useful. At the very least, they do seem to support Unicode files.
  9. OK, from those logs it looks like there wasn't a lot of junk to clean up, but they did delete a few things. At this point the logs are making it look like your computer is clean. Lets get a second opinion on that, just to be certain. Please run an online virus scan through ESET by following the steps below: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  10. I just answered this question for someone on our helpdesk, however your e-mail address is different, so I will assume that you're not the same person (please let me know if I am mistaken). Please follow the instructions at this link to start your computer in Safe Mode. Once in Safe Mode, you should be able to uninstall Online Armor and restart your computer normally. After your computer is running normally, please do the following before attempting to reinstall Online Armor: Here's how to exlude Online Armor in Emsisoft Anti-Malware: Open Emsisoft Anti-Malware from the icon on the desktop. Click Guard in the menu on the left. Go to the File Guard tab. In the lower-left corner, just above Alerts, click on the Manage whitelist link. In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear). Click in the white box below Item and to the right of where you changed the Type to Process. Enter the full path of the file to exclude (see list of files that will need to be excluded in step 8). Repeat the last 3 steps until each of the following 11 files have been added to the list: C:\Program Files (x86)\Online Armor\oacat.exe C:\Program Files (x86)\Online Armor\oadump.exe C:\Program Files (x86)\Online Armor\oahlp.exe C:\Program Files (x86)\Online Armor\oamine.exe C:\Program Files (x86)\Online Armor\OARau.exe C:\Program Files (x86)\Online Armor\OAReg.exe C:\Program Files (x86)\Online Armor\oascan.exe C:\Program Files (x86)\Online Armor\oasrv.exe C:\Program Files (x86)\Online Armor\oaui.exe C:\Program Files (x86)\Online Armor\oaview.exe C:\Program Files (x86)\Online Armor\unins000.exe Click the OK button at the bottom when done, and close Emsisoft Anti-Malware. Once you have added all of those files to the whitelist in Emsisoft Anti-Malware, please go ahead and try to install Online Armor again. If you experience any performance issues, or continue to have the black screen issue, then please let me know.
  11. Do you have Online Armor in Advanced Mode?
  12. Lets get a Fiddler log from the install. Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch the Emsisoft Anti-Malware Wizard from the Emsisoft Anti-Malware icon on the Desktop. Click on the Connection settings link in the lower-left corner. Check the box that says Use proxy server. Enter localhost in the Proxy server field, and then enter 8888 in the port field. Click 'OK'. Continue with the Wizard normally. After completing the Wizard, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Please send the Fiddler log to me in a Private Message (do not post it on the forums).
  13. May I ask why you haven't upgraded to a text editor that supports Unicode? I understand being used to the way a particular text editor or IDE works, however even I had to find something new eventually. Eventually I figured out how to set up Notepad++ to work the way I wanted, even though I preferred TextPad (at the time TextPad hadn't been updated in years, and neither had CrimsonEditor which I had also liked). I'm sure you can find something out there that works for you.
  14. The infection that was in the logs is gone. Lets run a couple more utilities, just to clean up some junk. Please download AdwCleaner and save it on your desktop. Close all open programs and internet browsers (you may want to print our or write down these instructions first). Double click on adwcleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop. Please attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply. If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer. Please download Junkware Removal Tool and save it on your desktop. Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator. The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log is saved to your desktop and will automatically open. Please attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  15. That is understandable, considering the recent theft of a cryptography certificate from Opera Software, and the fact that they are not the first software vendor to be the victim of such a theft. That being said, it is generally safe to trust certificates from trusted vendors (such as AVAST), since issues with stolen or forged certificates are fairly rare (it takes a lot to break into a server and steal a certificate, and most security software companies should know how to protect their servers). Learning Mode only helps if Online Armor is in Learning Mode while avast! is installing updates. In that case, you would need to know when the updates are going to be installed, and enable Learning Mode to allow them to be installed without interruption. The only way to know that a randomly named executable belongs to avast! is by using the digital signature to identify it. Beyond that, or putting Online Armor in Learning Mode while avast! is updating, there really isn't any way to automatically whitelist a randomly named executable. The only other solution to the problem would be if avast! would stop creating randomly named executables in temp directories, as such a thing prevents you from being able to exclude it in other security software.
  16. I'm glad to hear that you were able to find the answer to your question. Please let us know if you have any further issues.
  17. If they are on different partitions, then the filesystems will be isolated, and there shouldn't be any problems due to that setup. I assume that your Windows XP and Windows 7 installations both connect to the Internet through the same networking device? Is it wireless, hardwired, or a cellular broadband card? Have you checked to verify that the name of the connection does not keep changing in Windows 7?
  18. Open Online Armor, go to Programs, right-click in the list and add Opera to it (you'll find it in this folder: C:\Program Files\Opera Next\15.0.1147.100). Note that you can add the launcher in the Opera Next to the Programs list as well. Make sure to add them as both Trusted and [/b]Allowed[/b]. You can also uncheck the box at the bottom to Hide trusted and look through the list for every instance of opera.exe to verify that they are Trusted and [/b]Allowed[/b] before trying to add them manually, as they may already be in the list.
  19. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window: Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  20. Would it be possible for you to attach the log from the scan to a reply? You can access the attachment controls by clicking on the More Reply Options button.
  21. May I ask if you have Online Armor installed on the same hard drive in Windows 7 that you do with Windows XP?
  22. Online Armor isn't supposed to open the main program window on startup. I just wanted to see the loadpoints on your computer to see if there was a startup item that was causing this. The only other course of action to debug this issue would be to get Debug Logs from Online Armor, however if the issue is just a loadpoint on your system them Online Armor's Debug Logs would most likely not contain information about it.
  23. To prevent Online Armor from monitoring a program, you can add the folder it is in to the Exclusions list. Here are instructions: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder you want to add, click on it to highlight it, and then click OK at the bottom. Close the Online Armor window.
  24. I've created a new bug report in our system on this. Hopefully it will get some more attention now.
  25. There have been a number of beta updates to Emsisoft Anti-Malware, and the current beta version is Does the issue still happen with the latest beta installed?