Jump to content

GT500

Emsisoft Employee
  • Content Count

    14249
  • Joined

  • Days Won

    450

Posts posted by GT500

  1. Now MPUI player (a general video player which had no problems earlier) does not work or hangs. Tested with OA off, works perfectly. Had no option but to exclude it in OA.

    MPlayer for Windows? *downloading* ;)

    I'm probably going to have to test these programs when I get some time. If there does appear to be an issue, then I will talk to Andrey and see if we need to open a bug report on this.

  2. We'll need some more information to be able to see what might be wrong. Please run OTL by following the instructions below:

    • Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
    • Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
    • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
    • Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.
  3. Why are we supposing it has something to do with the software anyway?

    Because the software has its own scheduling system, and based on the settings you have described it should be working.

    Why was the problem escalated?

    I was hoping to get some feedback from our developers on whether or not there were any issues with the scheduling that they know about, or if there was any information that they wanted me to collect.

    Since I am not getting any feedback from the developers that I have e-mailed, I will set up a testing environment and see if I can reproduce the issue with the scheduled daily scan not running.

  4. Please follow the instructions at this link to start your computer in Safe Mode With Networking, and please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to.

    * IMPORTANT !!! Save ComboFix to your Desktop

    • Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      See HERE for help (this step is not necessary when Windows is running in Safe Mode With Networking)

    • Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      RcAuto1.gif

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      whatnext.png

      Click on Yes, to continue scanning for malware.

      When finished, ComboFix will produce a log.

      Note:

      1. Do not click in ComboFix's window while it's running. That may cause it to stall!

      2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

      Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

      • ComboFix (C:\combofix.txt)
      Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  5. Emsisoft Anti-Malware works fine with MBAM, however I have not tested Online Armor with it.

    My first recommendation is to add exclusions to Emsisoft Anti-Malware for Online Armor, and to Online Armor for Emsisoft Anti-Malware, just in case there is an issue there. Note that you may need to start Windows in Safe Mode (instructions at this link) in order to add them to Emsisoft Anti-Malware, however please note that you will not be able to do that with Online Armor.

    Here's how to exlude Online Armor in Emsisoft Anti-Malware:

    • Open Emsisoft Anti-Malware from the icon on the desktop.
    • Click Guard in the menu on the left.
    • Go to the File Guard tab.
    • In the lower-left corner, just above Alerts, click on the Manage whitelist link.
    • In the box under Type click the little down arrow and change it from File to Process (you may need to click in the box for the arrow appear).
    • Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button.
    • Navigate to the Online Armor directory (usually C:\Program Files\Online Armor), and double-click on a file to add it.
    • Repeat the last 3 steps until each of the following files have been added to the list:
      • oacat
      • oadump
      • oahlp
      • oamine
      • OARau
      • OAReg
      • oascan
      • oasrv
      • oaui
      • oaview
      • unins000
    • Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.

    Here's how to exclude Emsisoft Anti-Malware in Online Armor:

    • Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it.
    • Click on Options in the menu on the left.
    • Go to the Exclusions tab.
    • Click on the Add button.
    • Use the little [+] and [-] icons to the left of folder names to open and close them, find the Emsisoft Anti-Malware directory (usually C:\Program Files\Emsisoft Anti-Malware), click on it to highlight it, and then click OK at the bottom.
    • Close the Online Armor window.
  6. BTW: Your video only shows COMODO 'cleaning' the file, and does not show EAM failing to remove it. I'm spending the day updating my VM setup, and I probably won't have a chance to test it, so you will most likely have to wait until Fabian or one of our researchers has a chance to take a look at it.

    While we wait for that, would it be possible to get some more information about the system that you experienced this on? We'll need to know the following information:

    • Windows version
    • 32-bit or 64-bit Edition of Windows
    • Latest Service Pack installed
    • Any anti-virus software installed
    • Any firewall software installed
    • Any anti-spyware software installed
    • Any other security software, system settings protection software, etc.
    • What type of drive the infected file was on (SATA Internal Hard Drive, IDE Internal Hard Drive, USB Flash Drive, Windows Network Share, etc)
    • Was the file detected by the File Guard or while running a scan?

    If our research team needs any more information than that, then we will let you know.

  7. For future reference, it is a against the Terms of Service for our forums to post links to malware samples in the public areas where anyone can see them, so if you just want to send them to me in a private message or upload them to VirusTotal and send me a link to the analysis then that would be best (links to a VirusTotal analysis can also be safely posted on the forums). ;)

    I have forwarded the link on to our research team and removed it from your post. I'll also take a look at your video and see if we'll need any more information.

  8. Here's some instructions:

    1. Open Emsisoft Anti-Malware from the icon on the desktop.
    2. Click Guard in the menu on the left.
    3. Go to the File Guard tab.
    4. In the lower-left corner, just above Alerts, click on the Manage whitelist link.
    5. Each entry defaults to a 'File' exclusion. If you need to exclude a process from the real-time protection, then you will need to change it to a 'Process' exclusion.
    6. Click in the white box below Item to make a button with three dots (...) appear, and then click the ... button.
    7. Navigate to the directory where the files you wish to exclude are located, and double-click on one of them to add it.
    8. Repeat the last 3 steps as needed to add each file to the exclusions list.
    9. Click the OK button at the bottom when done, and close Emsisoft Anti-Malware.

  9. According to that avast! is detecting the file as a generic trojan.

    Also, please note that the detection on this keygen was from BitDefender's engine, so the decision to list it was theirs and not ours (you can see in the results on VirusTotal that Emsisoft and BitDefender call it the same thing). The file is also being detected as a generic trojan, which means that it is a heuristic detection and that this particular file was not necessarily deliberately added to the database (heuristics detections can mean that a file has similar characteristics to something malicious).

  10. Hi.

    Is this part (red line) depends to solve this issue?

    I have verified with our developers that that fix is intended for the issue that you reported. We cannot guarantee that it will prevent it in 100% of the cases where it has been happening, however we do hope that it will drastically reduce the number of such issues in the future. ;)

  11. I'd need to know more about the software setup on your computer before I could know what might be happening.

    Please run OTL by following the instructions below:

    1. Click this link to save OTL onto your desktop (please make sure to click 'Save' instead of 'Run').
    2. Double click on the OTL icon on your desktop to run it. Make sure all other windows are closed and to let it run uninterrupted.
    3. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan will take a few minutes.
    4. When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. The first one (OTL.txt) will be automatically saved on your desktop next to OTL, and the second one will need to be saved manually.
    5. Please make sure that both OTL.txt and Extras.txt are saved on your desktop, and then attach both of them to a reply so that we can take a look at them.

×
×
  • Create New...