JeremyNicoll

What do you have set as your browser homepage(s)? Do you run a current version of Firefox (eg v59.0.2) or something much older? Do you run any extensions apart from the basic ones shipped with Firefox? Eg, I have no "extensions" at all, and only three "add-ons" - OpenH264 Codec, Widevine Content Decryption and Flash (which these days is rarely active). If you have Add-ons, it might be worth trying Help -> Restart with Add-ons Disabled to see if that helps. If not what you describe rather implies that (in the simplest case) your Firefox shortcut has had a URL inserted into it, or something in your profile has had the URL inserted, maybe as a saved preference. You might be able to find that by searching inside your profile folder. Firefox actually has two profile folders - you can find their locations via url about:profiles (all the "about:" things show internal FF stuff). The first profile listed contains things you'd recognise as user preferenes, history etc, whiile the second one has 'system' data that FF manages on your behalf eg caches, its own list of suspicious hosts etc. The latter was originally one system-wide folder but these days with Windows keeping all user data separate from that of other users, it has a copy of this folder per user as well.

First, what is JRT? Do you mean the now-unsupported: https://www.malwarebytes.com/junkwareremovaltool Maybe that's not reliable any more? Then.. three problems: a) you want to know whether EAM's "malware scan" looks in firefox profiles. (I don't know.) I'd suggest, just in casee it doesn't look there, you try a 'Custom scan' and ask EAM to look in that folder. b) The place you mention is not a file, but a folder full of things that firefox saves for your user. Which FILE within that was found? c) I don't understand what you mean by "it stops EAM from opening"? Nothing inside a firefox folder should have any effect on EAM. You just said that you ran an EAM scan - how did you do that if EAM wouldn't open?

Delayed feed: At Settings -> Updates -> Update Settings -> Update feed there's a three-way choice. Most people have the option set to "Stable" which means they get the current version of EAM. "Beta" is for the adventurous willing to risk running less-tested newer code... and "Delayed" means you get an older version of EAM. If you change the feed setiing, then tell EAM to update it will install the EAM version you've selected. If you do find that the current "Delayed" version solves your problem you'll still need Emsisoft to get to the bottom of what the problem is because sooner or later the current 'Stable' version or one of its successors may be deemed the 'Delayed' version when something even newer is the 'Stable' one. Whichever feed setting you select needs to stay selected for as long as you want that version to run. So for example if you change to Delayed and get the older version, then you change back to Stable, the very next update would take you back to the current situation. Of course at any moment a new Stable version may be released and possibly (though apparently not always) the Delayed version may get incremented too.

Has this always been true, or only since a recent EAM version update? If the latter, does going back to the Delayed feed help? Presumably the update in question is being attempted just as soon as you wake-up/unlock the machine. I wonder what would happen if that update wasn't attempted immediately. As an experiment, the next few times you're about to lock the machine or put it to sleep, you could try changing EAM's settings so updates are off - so when the machine wakes it won't try an immediate update - then once woken up for a couple of minutes turn updates back on and see if they then work. Do not try this unless you're sure you won't accidentally leave updates off. I'm guessing that the problem mght be that your wifi or network interface doesn't come alive quickly enough (though why EAM can't tell that that's the case puzzles me). Which bits of the hardware of a computer are actually turned off when you put it to 'sleep' or lock it might be configurable - eg one of my older machines had a BIOS 'power management' option to select which ACPI 'suspend mode' would apply... But if this is only a recent problem that's not likely to be relevant.

> Just an update. Since then it has missed a coin miner and a fake site. What is "it"? The computer with Emsisoft, or the one with Norton?

There are 'other language' sections of the forums - see at the bottom of the main page - including one in Russian. I don't know if EEC is supported there. See: https://support.emsisoft.com/forum/62-russian-support-русская-поддержка/

> Where do we find details of the specified "HP accelerometer (hard drive freefall protection) software"? Presumably it's part of the firmware in some HP laptops?

Sure, I understand the difference between the EAM SQLite logs.db3 file, and the Avast browser log one... but it's possible that the OP might have thought your earlier reply implied that EAM leaves no SQLite file(s) in place. Of course the SQLite-ness of the files is an irrelevancy - it's just a convenient database format. A system log that shows which URLs you attempted to visit, which were blocked, does though show some of your browsing history and I suppose if someone tried to visit a whole set of such sites then they might regard the info in the blocked log entries as a problem. Your GUI does allow a user to clear the logs though.

The logs.db3 file, in: C:\Program Files\Emsisoft Internet Security\Logs is also an SQLite database, containing various tables of data, presumably all (or mostly) information that's visible via the GUI using the logs display. A user who's paranoid might want also to purge old scan reports (as those used for scanning specific files list those files' names), and certainly ensure that no old debug log files were lying around.

@PC reset - DB logs are no good for this sort of thing, not least because it's File Explorer that is hanging, not EAM. I've already sent Emsisoft two full system dumps (ie I provoked a deliberate BSOD when the hangs happened and had the system set up to generate a dump of everything in memory).

I have a VBS script which I wrote, whose sole purpose is to open a File Explorer view of a folder, which it does using a windows api call. It's called from another script I wrote, written in a different language, and is used because the only way that one can open a folder view from the latter script is by issuing an "explorer.exe" command directly... and doing that leaves multiple copies of explorer.exe running which wastes memory. Using the api call means that the copy of explorer that's always running is used to open the folder view. Anyway, depending on which folder is to be opened, the VBS script either executes silently or there's a BB alert. It's been a while since I asked it to open a view of a 'system' folder - but I just tried it again, in this case for C:\Program Data ... and it produced an alert. Clearly the BB /is/ looking at what's being done inside specific VBS scripts.

If your context-scan hang is the same as mine (affecting W8.1), beta 8572 doesn't have a fix in it. But the hang is only of 'file explorer' here, and in W8.1 if while the blue spinning thing is spinning I double-click on a desktop shortcut Windows recognises that file explorer is hung and then stops & restarts it. The desktop vanishes and then comes back and the machine seems fine. Also, although it's a pain, a 'custom scan' that only looks at one file seems to work.

> Frank is actively working with you, correct? I'd hope so, but I haven't heard from him for a while. I didn't post in this thread to try to get that other problem fixed sooner (because it's not a show-stopper), but because I thought there might be a connection to the hangs you were looking into, if your hangs were to do with file explorer's initialisation of its context menu handler code.

@Libor - my problem is with a single computer, but in both cases with Beta versions (two different versions) of EAM. The hang hangs 'file explorer' but when I realise it's happened and tell file explorer to do something else (eg I click on a desktop shortcut) Win 8.1 recognises that file explorer is hung and stops & restarts it, causing what's known as a 'desktop reset'. It would not normally cause a full system dump (ie a BSOD and dump) but I have forced that twice to send the dumps to Emsisoft so they can - hopefully - find out what's caused it.

> Anyone out there using non-SSD system drive who has the issue of a boot hang in normal mode? Not me... but I have sent Frank two full system dumps for what looks like a file explorer hang, using the last two Betas... and I have SSDs too (two in one laptop). Although my hangs occur when EAM is asked to scan something via the explorer context menu, I see that the description above of Libor's hang ('desktop wih no icons') suggests that problem might lie in the start-up of the file explorer component. They might be related. (I don't use Comodo.)