GT500

Emsisoft Employee
  • Content Count

    13323
  • Joined

  • Days Won

    413

Everything posted by GT500

  1. No, Online Armor isn't supposed to display its main window on startup. Lets get a log from OTL, and see if it can explain why this is happening. Please run OTL by following the instructions below: Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run'). Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  2. Can you send me a private message with the link to the webpage where you experienced this?
  3. All customers who have paid Mamutu licenses should have received an e-mail about this on Monday. If you have not received that e-mail, then please let me know, and I will send you a private message with the information.
  4. It looks like Andrey hasn't been able to get a new beta of Online Armor ready yet. Unfortunately we don't have any ETA's (mostly because, in the software industry, you can never meet an ETA and still produce a quality product).
  5. Andrey wants me to do some testing of this, and see if we can determine what's going on. I'll let you know if we find anything.
  6. Open Emsisoft Anti-Malware, go to Guard in the menu on the left, and you can create rules for individual programs on the Application Rules tab. You can also create an exclusion in the Whitelist if you don't want Emsisoft Anti-Malware to monitor a process at all, however please note that the process must be an EXE file in order to be added as a process exclusion. Here's instructions on how to create a process exclusion: Open Emsisoft Anti-Malware from the icon on the desktop. Click Guard in the menu on the left. Go to the File Guard tab. In the lower-left corner, just above Alerts, click on the Manage whitelist link. In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear). Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button. Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it. Repeat the last 3 steps as needed to add each file to the exclusions list. Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.
  7. The ZIP extension is already in the list. The issue is not that the File Guard is incapable of scanning them (it already does this), but rather that unpacking archives in real-time as they are created or modified in order to scan their contents would be a massive drain on system performance. You can also right-click on the file and select to scan it with Emsisoft Anti-Malware, and archives will be unpacked by the on-demand scanner in order to scan the contents, so you can still determine if there are malicious files in a ZIP archive before you open it. I'm sorry, I had thought you were wanting to do a Deep Scan. To scan a single file, that command will work, however note that the /r switch is not needed as it tells the scanner to check the registry and certain places on the hard drive for riskware, and it would not have any effect on what is detected in the file or folder that is being scanned.
  8. The Emergency Kit doesn't really have a scheduler, so if you want to run a weekly scan with it then the easiest way is just to run it manually. The only other way would be to use the Windows Task Scheduler to set up a weekly schedule to run a2cmd.exe, however please note that it would not be able to automatically send the log via e-mail when done, so you would need to use some other software to do that.
  9. Threats are not detected within the page. Blocking occurs when a file is downloaded (such as when it is saved in the browser cache) or when you visit a website that is blocked by our Host Rules. When a website is blocked, you will see a small notification in the lower-right corner of the screen. When a file is blocked, Emsisoft Anti-Malware will open a pop-up and ask you what to do with the file (unless you have altered the settings for the Guard). You would have only received a notification if you had downloaded the eicar.com or eicar.com.txt files. While Emsisoft Anti-Malware does scan ZIP archives automatically, it does not unpack them and scan their contents automatically, so if you had downloaded eicar_com.zip or eicarcom2.zip then you would not have seen a notification. To ensure that files are detected when they are created, please make sure that the File Guard settings look like the screenshot below: I am not aware of any compatibility issues with Kerio's software. Actually, to run a Deep Scan, all you have to do it this: a2cmd.exe /deepA Deep Scan automatically scans all files on all hard drives, so there's no need to specify files or hard drives to scan. Just make sure to run the scan from a Command Prompt that had Administrator rights.
  10. Could you please take a screenshot of what is appearing on startup, and attach that to a reply by using the More Reply Options button to the lower-right of where you type in your reply? Here's a link to instructions on taking a scrrenshot if you need them. Please note that we prefer that you save the screenshot in the PNG (Portable Network Graphics) format.
  11. That folder is not supposed to be there, and could indicate an infection on your computer. Go ahead and follow the instructions at this link as best you can, and then create a new topic in our Help, my PC is infected! section and attach the logs so that one of our malware removal experts can take a look at them. Also, if you are unable to perform any of the steps in the instructions, then please mention that in the new topic you create so that our malware removal experts know that you were not able to get all of the logs that they will want to see.
  12. We'll need a log from the scan to know what file you are having issues with. Here's how you find the scan logs in Emsisoft Anti-Malware 7: Open your My Documents folder. Double-click on the Anti-Malware folder. Double-click on the Reports folder. The scan logs will be in alphabetical order, and the names contain the date and time that the scan was run.
  13. The explanation at that link says "Win32 libraries (kernel32.dll, user32.dll, gdi32.dll) send an inter-process call to the CSRSS", but I don't see any mention in the article of non-Microsoft applications directly accessing CSRSS. I'll see if Andrey has some more input on this, and we'll go from there.
  14. I've sent an e-mail to our research team asking for information on this.
  15. UAC = User Account Control It's a security feature that was added in Windows Vista and improved in Windows 7 that asks you for permission if you run an application that requires administrative privileges. The feature exists in Windows 8 as well, however I would believe that it works the same way it did in Windows 7 (or at least very similarly to how it did in Windows 7).
  16. We'll need a Fiddler log from the update process to see what might be going wrong. Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below: After installing Fiddler, please open it from the Start Menu. Launch Emsisoft Anti-Malware. Go to Configuration in the menu on the left. Select the Update Settings tab. Click on the Connection settings link in the lower-right corner. Check the box that says Use proxy server. Enter localhost in the Proxy server field, and then enter 8888 in the port field. Click 'OK'. Go back to the Menu on the left, and select Security Status. Click on the Update Now button to start the update (Fiddler must be running when you do this). After the update fails, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop). Send a private message to me with the Fiddler log attached (please do not post it in a reply to this topic).
  17. Andrey mentioned that it doesn't make sense that kedit should be trying to access csrss.exe (you may have to ask the guys who made kedit why it's doing that). The only recommendation he made was adding exclusions to Online Armor fro kedit, and see if that resolves the issue.
  18. OK, I just sent Andrey the links via Skype. He'll take a look at them as soon as he can.
  19. Run Safer lowers the rights of an application to that of a limited user, and so the security advantage is no greater than logging on to your computer as a limited user. The UAC in newer versions of Windows has made the feature less necessary, as applications running under the UAC do not have the rights to change system settings without being given elevated permissions. Technically the technology is not completely obsolete, as Windows XP users do not have as easy of a system for reducing the rights of a running application like users of newer versions of Windows that include the UAC, and some users of newer versions of Windows prefer to completely disable the UAC in order to avoid being presented with that popup asking for permission to elevate the rights of a program that needs administrative rights on the computer. As for Banking Mode, both Online Armor and Emsisoft Anti-Malware contain mechanisms to protect your computer against the types of threats that would pose an issue when you are doing your online banking, so one could argue that Banking Mode is a bit redundant. As for whether or not it is obsolete, I'll have to leave that one to Fabian to answer.
  20. Here's instructions to uninstall ComboFix. Hold down the Windows key on your keyboard (it has the little Windows logo on it, next to the Ctrl key) and press R to open the Run dialog. Type ComboFix /Uninstall in the field (make sure to leave a space just before the /) and then click OK ComboFix should take care of the rest. Everything else you can just delete from your desktop.
  21. I'm glad you were able to find your answer. Please let us know if you have any more questions.
  22. I'm confused. I don't have a private message from you on the 16th of March, the last one I have from you was sent on May 26th and last replied to on May 28th, and I cannot find in my history of sent messages an e-mail to Andrey on March 18th or a message to him over Skype... I find this even more odd since I normally would send the logs before replying and saying that I had sent them... Do you still have a copy of the private message you sent me with the logs? I'll resend them and see if Andrey received them the first time.