• Content count

  • Joined

  • Last visited

  • Days Won


JeremyNicoll last won the day on January 26

JeremyNicoll had the most liked content!

Community Reputation

10 Good

About JeremyNicoll

  • Rank
    Forum Regular

Profile Information

  • Gender
  • Location
    Edinburgh, Scotland

Recent Profile Visitors

4141 profile views
  1. According to what Arthur said... the file that gets quarantined is NOT the file you are double-clicking inside the archive. It's the extracted copy. WinRAR isn't file explorer - it's showing you a picture of the files that are stored in the RAR archive. When you double-click on the picture of the keygen.exe filename, WinRAR does what it has to to extract a copy of that file and then run it. EIS quarantines the extracted copy. It's not removing the original keygen.exe from the WinRAR archive - that's still there and you are able to extract it repeatedly.
  2. You shouldn't post licence codes in public. If you can, edit them out of your post. Then wait until one of the Emsisoft employees sends you a personal message about this.
  3. Even in English the message is poorly worded; that "some of them were detected in wrong" is ... wrong. Should it have been ... "some of them were detected incorrectly"? Also... does the choice, if you select YES, restore all of the listed and unlisted (another n) files immediately (a bad idea for things not even listed, I think), or is there an intermediate stage where one can choose which ones to restore?
  4. If you're viewing a picture in a browser then the browser has downloaded the picture and displayed it. If there's a vulnerability in the graphics support in the browser then surely a 'specially crafted picture' (as Microsoft would typically describe it) could infect you? In essence, the file has been 'opened' by the browser's graphics support.
  5. See:
  6. You're going to have to do the things mentioned in the forum's "Start Here" announcement - right at the top of the forum's main page.
  7. Is there a missing disk letter in line 4 of that script?
  8. As far as I understand what pallino is saying, having gone to the BB overview which forced a reputation check, none of the items thus identified as malicious were then quarantined. Yes, ok, maybe they weren't at that moment doing anything actively malicious... but if you're not going to act on the bad reputations then, what's the point? No-one wants unnecessary programs running, especially if they are using lots of CPU - it's going to be wasting power, generating heat etc if nothing else. Would it be so hard for the BB to ask the user whether such things should be quarantined then? And, if they are actually executing, terminate them?
  9. Even if NVIDIA might not take much notice of Emsisoft complaining about that, isn't there any kind of AV-vendor consortium that could pressure huge companies to sign their stuff? It must be a pain to you all.
  10. > A ton of applications do excessive DNS lookups. ... But wouldn't an NVIDIA driver be signed & therefore trusted?
  11. Fabian: > they use a DGA to generate domain names, then try to resolve those names. Isn't a whole series of DNS lookups itself an indication that some app is attempting something that might be iffy? Clearly good apps do that too - but more common apps doing so, ega browser, are going to be on the trusted apps list.
  12. A while back, Arthur said: They are almost certainly stuck trying to contact a C&C server that no longer exists So what does that mean? Does malware typically use DNS to find the IP address of such a server, or are the addresses hard-coded? Does "trying to contact" mean that the malware is sending something (a request for instructions?) but no server ever receives it? If that's so, how does EIS distinguish between that something being sent, and any private information (eg machine configuration?) being sent? I wouldn't want any malware doing anything at all on my machine.
  13. Logs sent, using method described above.
  14. Aren't such dumps (sometimes/always?) saved in the paging files when they occur, and only copied out of there and into the nominated disk dump file when you reboot?
  15. > Unfortunately more aggressive checking of running applications causes performance problems. That surely depends on the capability of the user's computer? Wouldn't it be better if more agressive checking was something that people could turn on if they're willing to take the performance hit - which in nay case might not even be noticeable on some systems.