Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Carl1223_Delta last won the day on March 1 2017

Carl1223_Delta had the most liked content!


2 Neutral

Profile Information

  • Gender
    Not Telling
  1. I don't normally leave my laptop running overnight. I did last night. On arriving at my home office desk this morning I found a scroll of EMSISOFT messages to reboot my system. Looking into the logs I see that just a few minutes after after a major EMSISOFT A-M update, this occurs: 10/1/2020 7:02:47 AM Behavior Blocker detected suspicious behavior "TrojanDownloader" of C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2037.6.0_x64__cv1g1gvanyjgm\app\WhatsApp.exe (SHA1: EDAD233F431DA5CCE506AB0DF3151B24D655FC0C) 10/1/2020 6:54:57 AM A notification message "Emsisoft Anti-Malware Home just updated to a newer software version. Check out what has changed in our change blog." has been shown General Information: Version 2020.9.0.10390 Connection: Direct Update started: 10/1/2020 6:54:36 AM Update ended: 10/1/2020 6:54:46 AM I did not restore to be able to obtain the file to upload to VirusTotal for testing because I have that issue with going into the WindowsApps folder where even though I'm the Admin and supposedly have ALL the power, Windows will not let me access it. I recall dealing with this once before and it was a bit tricky and took some time and frankly I really do not want to restore the file to test it. I instead uninstalled Whatsapp Desktop and then reinstalled it and have done another EMSISOFT Malware scan. No alerts so far. Please advise.
  2. Was this just a rename or was some new functionality added? If it is still intended to be used for when gaming, I think the new name is not intuitive. .
  3. OH I see..... I enjoyed the Kernelmode read but am not sure how much. Like finding out cockroaches live behind your kitchen walls. And I also see why my search missed it - "double agent" vs "doubleagent" and I did not do a "doubleagent" search of the root page for all the support forums. Thanks.
  4. I tried to search here and your blog to find where EMSISOFT is at in protecting against this malware. I found nothing. Can you comment to this? https://www.wired.com/2017/03/clever-doubleagent-attack-turns-antivirus-malware/ .
  5. Is anyone here familiar with this software. Apparently it has been used for some time as an anti-cheat with a fairly well known first person shooter called ARMA (I think ARMA 3 specifically). I recently ran into it when a game I play - Insurgency - implemented its' use in its latest update. I originally acquired Insurgency via STEAM and have until now, launched it via the STEAM interface. Here's what I saw when I initially allowed for the Insurgency update and chose to allow the installation of BattlEye. EMSISOFT AM was in Game Mode at the time. 09:13:19: Starting BattlEye Service... 09:13:20: Launching game... 09:13:21: Note: File blocks can be ignored if they don't cause problems with the game. 09:13:21: [INFO] Blocked loading of file: "C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll". 09:13:21: [INFO] Blocked loading of file: "C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll". The repeated last two lines is correct, just as seen in the pop-up window that appeared. After which the game would not load. I've uninstalled it. What do you think of a2hooks32.dll being blocked? Here's the BattlEye support page > https://www.battleye.com/support/faq/ .
  6. I've tried accessing on two separate Win PC's - one a Win7 laptop and one a Win10 desktop. I do not use a third party stay resident password manager on either machine. On the laptop I do not use the browser's built-in password manager for any business, financial, or websites where significant personal information is contained. On the desktop I do use the browser built-in password manager. I have the same issue with both laptop and desktop. The commonality between the two is that they both use Emsisoft AM and they both go through the same router. But..... since posting, I've discovered I have an issue when using an Android app provided by the airline. It also fails to carry over my credentials when it passes my inquiry from the app to a 3rd party web browser to access certain functions. It has to be a problem with the airline client management system. It is the Sabre Airline reservation system which just posted a notice that a number of glitches were fixed. Unfortunately my issue was not fixed. Still glitched. I've made it from Tier 1 Basic to Tier 1 Advanced support. Hoping the next level of support follows up shortly. .
  7. Is there some function of Emsisoft AM that would stop a web page from carrying over my credentials from one page to another? I can log into the main page, see all the key info pertinent to my identity, but when I use a button off that page to book a flight or manage my previous booking, the next pages that come up require me to sign in again. And... I am unable to sign in from that point forward except if I reload the main page again. All the auto-fill of my name and preferences no longer occurs. I'm thinking it is their website that is the issue but as I have now engaged their IT department I have to check all the boxes. I have tried using 3 different browsers but both Firefox and Chrome use a script blocker which once disabled does not cure the issue. Using Edge which I have deliberately kept free of 3rd part script blockers, does not resolve the issue. I have attempted to browse their site with Emsisoft AM disabled using the "Disable all components" function and the "Shut Down Protection" function (it says File Checker remains active) but not both at the same time. I have also added their web URL to custom Surf Protection rules with a "Do Not Block". I have tried to check that a URL they use is not in the default blocked url's. And... I have no issues on a competitive airline's website that I seldom fly on. Your thoughts? Fly the competitor is not an option.
  8. I also had similar issues with my ancient Vista 64bit desktop PC which appear to have been resolved with yesterday's update. After a period of time which could vary from a few minutes to an hour or so (am thinking it was related to EAM updating its' signatures), I would lose the ability to open programs and then close them with remnants remaining in memory. Most troubling was that Task Manager and MS Process Manager were rendered useless even if I had them already running before the glitch took effect. Unfortunately the rogue EAM update came at about the same time as a Windows Update and the addition of a USB3.0 card to my ancient PC. Took a bit to work through. Almost had a new PC on order! (dang!!) I've been running and repeating opening/closing various executables that seemed to trigger the issues and have been glitch free so far.
  9. Thank you! That worked. All licenses have been moved over.
  10. Is this still a valid procedure? I've just acquired a new ultrabook and will be retiring my 6 year old slow as molasses notebook. I have about 290 days left in my 1 user OA license. I've tried the method above and all I get is a "Trial Period Expired" message. I've also found this link from your support FAQ. https://helpdesk.emsisoft.com/Knowledgebase/Article/View/37/11/how-to-activate-emsisoft-anti-malware-andor-online-armor-premium-license-on-a-different-computer There does not seem to be a high degree of confidence in this method if the votes are considered. I want my current 1 device license for OA releaed for use on the new ultrabook and I also have a 3 device license for your Anti-Malware which I want released for the new device. .
  11. O M G! That is amazing. Haven't had time to poke and prod in the intimate corners of this thing but it looks good on the screen. Running processes looks to be about the right number off a fresh boot. I saw EAM update and ask to be rebooted well before I read your response and there was no way I was going to allow it to reboot until you replied. This is fantastic. :D :D
  12. Good Day EAM Support, I am a registered paid user of 3 EAM licenses - 1 Win7 desktop, 1 Vista Home 32bit laptop, and my oldest desktop using Vista Ultimate 64bit SP2. Yesterday's update asked for the system to be rebooted. I have not done the Win7 PC as yet, it went fine on my Vista laptop, but it has caused chaos on my Vista 64bit PC. After reboot the system showed the Microsoft loading screen and when I expected the login screen to appear it went to a black screen. After waiting a long time, my photo screen saver popped up. Upon moving the mouse, back to a black screen. I found the following thread in these forums: http://support.emsisoft.com/topic/6223-update-to-anti-malware-6-clean-utility-black-screen/ Following through the instructions there I was able to load Explorer. It crashes on first attempt but reloading a second time brings up much of what I expect. I also found to my surprise that I had no Restore points, zero. Having worked through many reboots including various Safe loads I know this - a lot of processes are missing prior to manually loading Explorer a second time - maybe a third of what I normally would see. After reloading Explorer a 2nd time some familiar programs load like Dropbox, SuperAntiSpyware, Iomega NAS Manager, but there still appears to be a number of processes missing. What does not load is Catalyst Control Centre for my AMD/ATi video card and the EAM icon does not show in the Task manager. I can run EAM by clicking the desktop icon and it shows I am running v7.0.0.25 with about 10,222,000 signatures. Before the update there were about 13,500,000 signatures!! I have tried re-installing Catalyst Control Centre for my AMD/ATi video card but it crashes during installation and not always during the same module. One point I've noted is that my C: drive was critical on free space with only 3.35% (2.69G) available. I've now cleaned up C: so that there is 17% (14G) free. That freeing up of disk space has not solved Catalyst Control Centre crashing. I've attached the OTL file. What next? Carl1223
  • Create New...