Jump to content

GT500

Emsisoft Employee
  • Content Count

    14249
  • Joined

  • Days Won

    450

Posts posted by GT500

  1. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then verify that Windows functions are being blocked. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

    Also, please let us know exactly what functions are being blocked (Internet access, services, startup items, etc).

  2. The stuff in the green box is in the System Restore, so just delete all previous restore points, and then turn it back on and create a new restore point. Instructions about how to do it are at the end of this post.

    Also, I hope I don't have to point out that those files are keygens, which are used for software piracy. Tools used for piracy can also have malicious code injected in them, and they tend to be dangerous to use. They are also illegal in many countries.

    Emptying the System Restore:

    1. Click on the Start button.
    2. Right-click on Computer
    3. Select Properties from the list.
    4. In the window that pops up, click on the System protection link in the menu on the left.
    5. The buttons may not be clickable for a few moments, but once you can click on them select the drive in the list near the bottom that shows protection is on (this will usually be you C: drive) and click the Configure... button.
    6. Click the button near the bottom-right that says Delete to clear all System Restore data.
    7. Once finished, click OK to close that window.
    8. Now you will want to make sure that the correct drive is selected again (usually your C: drive) and click on the Create button to create a new restore point.
    9. Fill in a name for the restore point, and click the Create button.
    10. Once it is done, you can close the windows that were opened to get to the System Restore settings.

  3. That log didn't show what I expected, so lets get an anti-virus scan from ESET to see of we are missing anything:

    1. Turn off your anti-virus software.
    2. Click on this link.
    3. Click on the ESET Online Scanner button.
    4. Put a check in the box that says YES, I accept the Terms of Use.
    5. Click the 'Start' button just to the right of the checkbox.
    6. Uncheck the box that says Remove found threats (this is very important).
    7. Click on Advanced settings.
    8. Put a check in the box that says Scan for potentially unsafe applications.
    9. Verify that Scan for potentially unwanted applications is also checked.
    10. Verify that Enable Anti-Stealth technology is also checked.
    11. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
    12. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found).
    13. Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me.
    14. Close the ESET online scan.

    I will take a look at the log, and let you know if anything needs removed.

  4. My apologies for not replying yesterday.

    This is a known issue, but gathering some more information about it might not be a bad idea. Here's the set of instructions that I had written earlier for collecting the information. The following instructions assume that you are collecting the information after the System Tray/Notification Area icon (he one that would normally be to the left of the clock) has disappeared, and before running the wizard. Please review both sets of instructions before trying them, as they will both need to be done at the same time, and I have not combined the instructions to account for that.

    DebugView Log

    Before running DebugView, a registry entry will need to be created that will tell Emsisoft Anti-Malware to output debug information that DebugView can see and save in its log. The following file eam_enable_debug_output.zip contains a batch file which, when run with administrative rights, will automatically create that registry entry for you. Please download this file, extract the batch file from it (it will also be named eam_enable_debug_output), and run the batch file (if your computer is running Windows Vista or Windows 7 then please make sure to right-click on the batch file and select to Run as administrator):

    After that, please restart your computer, and then proceed with the instructions below:

    1. Download DebugView from this link:
    2. When downloading, make sure to save it on your Desktop instead of clicking 'Run' or 'Open'.
    3. Right-click on the 'DebugView' file that you just saved on your Desktop, and select "Extract All".
    4. Open the new DebugView folder that was created on your Desktop after extracting.
    5. Windows XP and 2000 users should double-click on the file named 'Dbgview'. Windows 7 and Vista users should right-click and select "Run as Administrator".
    6. Click on the 'Capture' menu, and select everything except "Log Boot" (you will have to open the menu again after clicking to select an item).
    7. Please make sure that Fiddler is ready before proceeding (steps 1-6 in the Fiddler log instructions below), as you will need to follow the instructions to set up a proxy in the Emsisoft Anti-Malware Wizard before running through the Wizard.
    8. After geting Fiddler ready and setting up the proxy settings in the Wizard, proceed through the Wizard normally.
    9. After you have finished with the Wizard, and see the Emsisoft Anti-Malware icon back in the System Tray/Notification Area you can switch back to DebugView and click 'File' and "Save As" in order to save the log to a file on your Desktop.
    10. You can go ahead and send this log to me in a private message.

    Note: You may need to ZIP the log file in order to attach it to a message. If you do not have a program such as 7-Zip, WinZip, WinRar, etc. then you can right-click on the log file, go to Sent to, and click on Compressed (zipped) folder. You will be able to attach the ZIP archive to a reply.

    Fiddler Log

    Please download and install Fiddler 2 from this link (this is the version that requires the Microsoft .NET Framework 2.0), and then follow the instructions below:

    1. After installing Fiddler, please open it from the Start Menu.
    2. Launch the Emsisoft Anti-Malware Wizard from the Emsisoft Anti-Malware icon on the Desktop.
    3. Click on the Connection settings link in the lower-left corner.
    4. Check the box that says Use proxy server.
    5. Enter localhost in the Proxy server field, and then enter 8888 in the port field.
    6. Click 'OK'.
    7. Continue with the Wizard normally.
    8. After completing the Wizard, go back to Fiddler, and to File, then Save, and select All Sessions (please save it on your desktop).
    9. Please send the log to me in a private message.

  5. OK, lets get some logs from Online Armor. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem with EAM (or simply wait for it to happen, if it is random). After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.

  6. I recommend adding the folder that the program is in to the Exclusions in Online Armor. Here are some instructions on adding a folder to the Exclusions list in Online Armor:

    1. Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it.
    2. Click on Options' in the menu on the left.
    3. Go to the Exclusions tab.
    4. Click on the Add button.
    5. Use the little [+] and [-] icons to the left of folder names to open and close them, find the folder you want to add, click on it to highlight it, and then click OK at the bottom.
    6. Close the Online Armor window.

  7. OTL didn't delete everything the script told it to, so lets run a scan with a third-party utility just to make sure that we are not missing anything.

    1. Please download and install Malwarebytes' Anti-Malware from one of the three mirrors listed below (beware of excessive advertising on some of the download pages):

    [*] When first running Malwarebytes' Anti-Malware, it will ask you if you want to operate it in a free trial mode. You can say no to this (the trial can be unlocked again at a later time if you want to try it).

    [*] Make sure to go to the Update tab and click the Check for Updates button to get the latest database.

    [*] Switch back to the Scanner tab and run a Quick Scan.

    [*] When it is done, remove anything it finds.

    [*] Whether or not it finds anything, you should be presented with a log in Notepad, which you should save to your desktop.

    [*] Attach the log you saved on your desktop to a reply for me to take a look at. You can attach files to a reply by clicking the More Reply Options to the lower-right of where you type in your reply. When the page loads, there will be a button right below the box to type in (on the left side) that says Choose Files... which will allow you to select the log file to attach it.

  8. RAM usage seems to be different for different people. That's higher than normal, but it's still smaller than the size of the database. Since the majority of the database is offloaded into the pagefile to save on RAM, it could simply be that more of the database has been loaded into RAM on your system (perhaps because it was needed when monitoring certain applications). It might be possible to lower the memory usage by adding your other security software to the whitelist in Emsisoft Anti-Malware as process exclusions, however as long as your computer still has plenty of free RAM, you shouldn't notice any problems.

  9. Updates are always initially downloaded from the Internet. The Update Proxy acts as a cache, and keeps a copy of the updates after the first time they are downloaded. The update should come from the Update Proxy's cache rather than from the Internet if the Update Proxy already has it in the cache. If an update is not already cached, then it will need to be downloaded before it can be cached.

  10. I think most of it is cleaned up. There were just a couple of leftover entries in that OTL log that could be removed.

    I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

    1. Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:
    2. Then click the Run Fix button at the top.
    3. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
    4. After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

×
×
  • Create New...