Jump to content


  • Posts

  • Joined

  • Days Won


Everything posted by GT500

  1. Well, that log looks fine to me, so lets try ComboFix and see if it sheds some light on this. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to. * IMPORTANT !!! Save ComboFix to your Desktop Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not click in ComboFix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  2. That's a difficult question to answer. It happened because our research team believed it was necessary to clean up the database, and I would believe that this was partly because of the switch to using BitDefender's engine (some signatures in BitDefender's database were duplicated in our own database, which made the size larger than was needed), but I would believe that there were other reasons for doing the cleanup as well, so I cannot say with 100% certainty whether or not it will ever happen again.
  3. What happens when you update manually?
  4. Click on the Start button, go to All Programs, go to Accessories, and open the Command Prompt (note that this does require admin rights). Assuming that you have Emsisoft Anti-Malware installed in the default location, and assuming the operating system is in English, please use the following command to navigate to the Emsisoft Anti-Malware directory: cd "\Program Files\Emsisoft Anti-Malware" Use the following command to install the update proxy as a service: a2updateproxy.exe -install Close the Command Prompt. Hold down the Windows key on your keyboard (usually between the Ctrl and Alt keys, with the little Windows logo on it) and tap the R key to open the Run dialog. Type services.msc into the field and then click OK to see the currently installed services. Look for Anti-Malware Update Proxy in the list, and make sure that it is running, and that its Startup type is set to Automatic. Click on the Start button, and open the Control Panel. Open the Security Center. Scroll down to the bottom and click Windows Firewall. Click on the Exceptions tab. Click the Add Port button. Enter a name for the port (something such as "EAM Update Proxy Port" so that it is easy to remember what it is for) and the port number, and leave it set for TCP, then click OK. Close the Windows Firewall config once you are certain that the new rule is working properly. Technically, you can turn the firewall off in Windows whenever you want, however you are better off leaving it running if you don't need to disable it. Edit: If you were using Online Armor on this computer, then let me know, as the procedure will be different.
  5. I'm not seeing a rootkit in those logs. Please post a log from TDSSKiller by following the instructions below: Download TDSSKiller from this link and save it on your desktop. Run the TDSSKiller download that you saved. Click on Change parameters as it shows in the following screenshot: Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK: Click the Start scan button as in the following screenshot: You will see the following as the scan runs: If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip: Click on Report in the upper-right corner, as in the following screenshot: You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report. Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report. Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list. Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot: Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  6. That's not a problem. Andrey has to take a look at it either way.
  7. My apologies, I didn't notice that when I posted the link. One of our testers noticed this as well, and after trying a second time they noticed that EAM actually makes two connections, so they surmised that one was for Emsisoft engine updates and one was for BitDefender engine updates. Fabian also mentioned that the GeoIP location for our USA server is incorrect (unfortunately not something we can fix). It may be possible for this to cause it to be listed with an odd name in OA when EAM connects to it.
  8. You're quite welcome. Please let me know if you have any further issues.
  9. When it closes, it stops working. If you want it to run on your server without displaying the command prompt, then you will need to run it as a service. Check your installed services and see if it is already in there. Did you open the port in the firewall on the server?
  10. Our developers have let me know that the scan times you are experiencing are fairly normal for the settings you are using during the scans. They also let me know that the pause around 80% completed is by design, as the scanning engine stops to evaluate the number of files to scan during the next stage, so that it can accurately calculate the progress of the rest of the scan.
  11. This question is answered in this post. (see below)
  12. The issue with the update size was due to a database rebuild after cleaning it up.
  13. BTW: I edited your posts to remove the logs and attach them as text files. It makes it easier to scroll through all of the posts when the logs are in attachments. In addition to the logs that I requested, our developers will need you to provide some more information about your computer. You can find a list of what they need at this link. Also, we do recommend that you add Avira to the exclusions in Online Armor, and visa versa. Here are some instructions on adding Avira to the Exclusions list in Online Armor: Click on the Start button, go to All Programs, go to Online Armor, and click on the Online Armor icon to open it. Click on Options' in the menu on the left. Go to the Exclusions tab. Click on the Add button. Use the little [+] and [-] icons to the left of folder names to open and close them, find the Avira Desktop folder (usually C:\Program Files\Avira\AntiVir Desktop), click on it to highlight it, and then click OK at the bottom. Close the Online Armor window. For Avira you may have to consult their support documentation, however I do have a set of instructions for adding exclusions to Avira (note that it might be out of date): Open the Avira Control Center from the icon on the desktop. In the menu on the left, under PC protection, click on Realtime Protection. In the upper-right corner, click on Configuration. If it asks you to enable expert mode, then click Yes. In the menu on the left, under Realtime Protection, click the little [+] icon to the left of Scan to reveal more options, and then click on Exceptions. Under Processes to be omitted by the Realtime Protection click on the ... button (the one that has three dots and no name). Navigate to the Online Armor main folder (normally C:\Program Files\Online Armor). Select the file to be excluded, and click on the Open button. Click the Add>> button just to the right to add the file to the list of excluded items (please add at least every EXE in the Online Armor folder, and if you can add the other files then do that as well). After adding all three files, click Apply at the bottom. Click the X button in the upper-right corner to close the Configuration window. Close Avira Free Antivirus. Edit: Our developers are also recommending that you restart your computer after adding those exclusions.
  14. We'll probably need some logs to see what the problem is. Please open Online Armor, go to Options in the menu on the left, click the little check box to enable debug mode, restart your computer, and then try reproducing your problem. After that, please ZIP your entire logs folder (normally C:\Program Files\Online Armor\Logs), upload it to a website such as RapidShare/DepositFiles/BayFiles/etc (which one you use is up to you), and then copy and paste the link to download the file into a reply (or you can send it to me in a Private Message if you don't want the link posted publicly on the forums). Note that, if you don't have a utility such as 7-Zip, WinZip, or WinRar that you can ZIP files and folders by right-clicking on them, going to Send To, and clicking on Compressed (zipped) Folder.
  15. I created a bug report on this last night, and Andrey will look into it as soon as he can.
  16. Just in case I don't get back to this later today, I have asked our research team what might be going on.
  17. There have been issues in the past with 00:00:00 in the update settings, so I think this is a known issue. I'll have to verify with out developers to be sure. As for the update starting when you switch to the Automatic Updates tab, does it happen every time, or only immediately after changing the update schedule settings?
  18. I have asked for a status update on this from our developers.
  19. What about the "Hibernate after" setting in the Advanced Power Settings? See the screenshot below (click on it to make it bigger if it is too small):
  20. Would it be possible for us to get some logs to help us determine what is causing the issue? I posted instructions earlier in the topic.
  21. I haven't experienced an such issues on my own computer. I take it you didn't get any logs for us?
  • Create New...