Jump to content

GT500

Emsisoft Employee
  • Content Count

    13831
  • Joined

  • Days Won

    435

Posts posted by GT500

  1. Hello!

    Tell me, please, do not change the compatibility with other means of protection?

    MBAM?

    I've been running EAM 7 alongside MBAM, and there are no issues. I also installed the 1.65.0.1000 beta of MBAM last night, and updated EAM 7 to the latest beta version today. So far everything is working just like it did in EAM 6.x with previous versions of MBAM. As far as I can tell, the switch from the Ikarus engine to BitDefender's engine has not caused any changes in compatibility with other AV software (or at least it hasn't impaired it any).

    Is there a way to download the beta installer or is updating through the v6 interface the only way to do it?

    No actual installer has been created for EAM 7 yet (at least not that I am aware of). Right now the easiest way to get EAM 7 beta is to install EAM 6.6 and enable beta updates.

  2. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

  3. Here are some instructions on adding Avira to the Exclusions list in Online Armor:

    1. Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it.
    2. Click on Options' in the menu on the left.
    3. Go to the Exclusions tab.
    4. Click on the Add button.
    5. Use the little [+] and [-] icons to the left of folder names to open and close them, find the Avira Desktop folder (usually C:\Program Files\Avira\AntiVir Desktop), click on it to highlight it, and then click OK at the bottom.
    6. Close the Online Armor window.

  4. This user has opened a ticket on our helpdesk, so I will assist them there.

    Since I will be assisting them via the helpdesk, and since this user did not request malware removal assistance, I am closing this topic.

    Moose, please note that Arief, ShadowPuterDude, stapp, and myself can all reopen this topic if you need us to. If you want it reopened, then just let us know via a private message, or let me know via the helpdesk and I'll take care of it. ;)

  5. It is not abnormal for popular e-mail providers to be difficult to get support from, and Microsoft is no exception.

    As for a key logger, it is a malicious program that logs every key you press on your keyboard, and reports it all back to whoever created it.

    On the subject of talking to Bill Gates, I am fairly certain that he retired a few year ago, although even if he did still work there it is doubtful that a company that large would allow the average customer to talk to their CEO.

  6. There are numerous ways that someone could have gained access to your account. It is fairly easy to replicate the look of the Microsoft MSN, Hotmail, LIVE, etc. login pages and fish for passwords. It is also possible that, if you tend to reuse the same password for multiple accounts, that someone who found your password for another service tried it on your e-mail account and got in. It is also possible that they were able to randomly guess your password, or even the answer to your security question.

    Of course, it is also possible that a key logger was responsible, however you should have been notified by the Behavior Blocker in Emsisoft Anti-Malware even if our real-time scanner does not detect it.

  7. The SHA256 hash looks correct to me, so I don't think the file has been modified.

    Lets assume for a moment that there is some sort of rootkit that is not being detected (and I have my doubts that this is the case). Please download GMER from this link. Note that the file will have a random name, so make note of the file's name and save it to the root of your C: drive.

    1. Disconnect from the Internet and close all running programs.
    2. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    3. Click on this link to see a list of programs that should be disabled while running GMER (please try to avoid the advertisements on that page).
    4. Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    5. Allow the driver to load if asked.
    6. You may be prompted to scan immediately if it detects rootkit activity.
    7. If you are prompted to scan your system click "No", save the log and post back the results.
    8. If not prompted, click the "Rootkit/Malware" tab.
    9. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    10. Select all drives that are connected to your system to be scanned.
    11. Click the Scan button to begin. (Please be patient as it can take some time to complete)
    12. When the scan is finished, click Save to save the scan results to your Desktop.
    13. Save the file as Results.log and please attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply (you may need to ZIP the log by right-clicking on it, going to Send to, and clicking on Compressed (zipped) folder before you can attach it).
    14. Exit the program and re-enable all active protection when done.

  8. According to System Lookup, those Tencent registry entries are created by "TencentAddressBar aka TCent adware - bundled with the Tencent QQ instant messaging client". It is not beyond the realm of possibility that COMODO might bundle toolbars with their products (I know they have in the past bundled them with their installers), however I don't think that they would bundle this particular toolbar.

    Where did you obtain this particular copy of COMODO's KillSwitch?

  9. Paranoid Mode causes Mamutu to ignore the digital signature from Microsoft, and report all behavior regardless of whether or not the file is known to be safe.

    In this case, since Process Explorer deleted the 64-bit executable while it is closing, you could try copying it to another folder, and then you would have a backup of the file that doesn't need to be extracted from the 32-bit EXE every time you run it.

  10. So if these entries are being recreated and removed is it possible that it is caused by some kind of serious infections with possibly other affected unidentified files / registeries?

    I don't see anything in your logs that would suggest that there is a serious infection.

    Ok first about the soso search: It was removed from IE only at my user profile. I run the fix at one other user profile to remove it there as well. To remove it at other user profiles should I run the fix on each individual user profile?

    That's because the registry entries are profile-specific, and OTL does not scan multiple profiles at once. Assuming the entries are exactly the same for each profile, then the fix should be able to remove it from each profile if you run it in each profile separately.

    Second: It appears that I found out why these tencent registeries appear. It was bothering me that the comodo program killswitch was not working. I tried to identify when these infections appeared by going thru some things that I did that might activate / create these registeries.

    So when I try to run killswitch these registeries get created. While starting killswitch it get closed by itself, so to me it appeares that malicious program / files is blocking killswitch from working.

    When I restart the pc these registeries are gone again. And when I try to start killswitch they appear again, and as mentioned I am unable to completly start killswitch (except in safe mode which I tried about a week ago).

    Please run OTL again while Windows is running in Safe Mode, and attach the log to a reply. I want to see if it looks different when Windows is running in Safe Mode.

  11. Well, SystemLookup says that it is malicious, so lets see if we can verify that they have been deleted. Here's another OTL_Script:

    1. Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:
    2. Then click the Run Fix button at the top.
    3. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
    4. After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

  12. Yes, the soso.com search is easy to remove.

    I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

    1. Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:
    2. Then click the Run Fix button at the top.
    3. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
    4. After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

×
×
  • Create New...