JWC

Member
  • Content Count

    98
  • Joined

  • Last visited

Everything posted by JWC

  1. What did it open with? (if not Notepad) I hope it didn't download some more malware that can 'open' the file and also do other harm. You need to supply specific information, otherwise you won't be able to get useful help because no one will have any idea what your problem is.
  2. Your call, do at your own risk, I can't tell if this is a legitimate thing to do. Generally, a <tag> can be anywhere. A program will read through the file until it finds, or doesn't find, a <tag> that it wants, it doesn't matter where it is as long as it can be found. Everything following the <tag> is considered data for whatever purposes the program can handle, until it reaches end-of-file or another <tag>. Putting both in won't do what you think. If the program is looking for the tag <customErrors mode> it reads until it finds the first <customErrors mode="Off"/>, it won't look for the second one. If this is due to a malicious attack, you may be opening up your system to allow remote access to some one that doesn't have your best interests in mind.
  3. Open Notepad and then from the File, open the "web.config"
  4. If this is due to something that changed on the MS site 'a week ago' then restoring your computer won't 'fix' anything. I hope you didn't restore any of the trojans....
  5. All I can say is that I can open mine with Notepad. If you are told that you don't have authority then something is definitely wrong. Or can't you find it? My path is for W764bit and you have XP32bit so your folder/path will be different. Have you considered posting in the MalWare Help section of this forum, asking for Help?
  6. So you likely have a problem that got on your system before you installed EAM. If so it may still exist or it may have harvested what it wanted and then deleted itself so that there's nothing for EAM to detect. I scanned my system and the only place that I found "web.config" was in: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config If you're logging into what you think is a Microsoft site but it's not, then you need to get that fixed first. If some one got your credentials before you installed EAM and then waited and only used them a week ago to cause your problem, then only MS will be able help you. If you really want help, follow the instructions and provide the required information.
  7. How were you notified, by e-mail or by phone?
  8. This appears to be the same problem as in your other post, it's likely related to your new hardware. Check the vendor's site because it's not an Emsi software problem.
  9. You don't appear to have any Emsi products installed and this is an Emsi product forum. You should be asking for help on the vendor's site for your new hardware...n'est pas? I moved this to the same forum as your other post although it isn't likely a malware problem. Please don't post in multiple forums for the same issue.
  10. Just thought I'd ask because if I download more than 50MB (today is the last day of my billing period) my ISP will charge me another $15CAD and the t3sigs.vdb is 86MB. I'll just avoid updating until tomorrow when billing counts are reset...
  11. Is Ikarus forcing it's entire t3sig.vdb to be downloaded to fix the issue rather than using an incremental?
  12. Actually they are the same sigs, it's just that there's a time delay/difference. I tested the updates again just now and it took about 10 minutes longer before I could get OA to 'catch up' to EAM. Putting it another way, the sig files for July 6th & 7th were on EAM but even with repeated (5) update attempts in OA, those files were downloaded to OA only after 10 minutes had passed. I assume that there's a difference due to different servers and the timing of their updates before I get mine.
  13. I'm on W7-64 and the scheduled scans are 'silent' on my system. I specified a Custom scanset for a (Deep) Scan of all drives. The only visible activity that the scan is running is an extra, animated, icon in the systray. But, since nothing is found to report, there's no pop up . When the window on your system pops up, is something listed as potential malware?
  14. Just updated both and compared the sigs.... big differences in sizes as seen in screenshot. I'd think that there would be a single source for sigs used for both EAM & OA++. I'd updated EAM, sync'ed EAM to OA then updated OA++ basically to reset the update date and saw a large download. I compared the files, saw the large number of differences and updated EAM again but was told it was up-to-date. So the source can't be the same.
  15. Try adding another line, as a Process for that program (rather than File or Folder). A search for the program produced some interesting results... and you can see some more info in this link http://www.isthisfilesafe.com/product/SABnzbd_details.aspx
  16. I guess Emsi wants to play-it-safe. A user has to take deliberate action to unblock the site. The Admin can limit the actions of other non-admin users to prevent them from changing rules, etc. if there's any doubt about what the n-a user might download. It would just mean extra steps for the Admin to unblock nirsoft, download something and then reblock. Not a big deal, I was just surprised when I saw it blocked and wanted to know if Emsi had knowledge that nirsoft had suddenly become dangerous. I use their sniffer on occasion and EAM believes that has a Trojan, so I exclude it from EAM's attempts to quarantine it. J
  17. That would be me... Fabian, no one else touches my system Jim
  18. OK, I've edited the rule to "Don't block". Some of their tools are very handy to have and I've never had a problem getting infected.
  19. I use a number of their apps, including smartsniff.exe, which EAM claims contains a trojan. I have reported this as a false-positive. Does Emsi have conclusive and irrefutable evidence that NirSoft produces software with built-in malicious trojans? Because an app may appear to exhibit trojan-like behaviour, it isn't necessarily malicious. J
  20. The control is on the Domain rather than a specific URL. It's possible to have multiple domains in the list, for banking, investing, e-mail, etc.
  21. W7-64 Pro I can open a news site in Advanced mode, open another news site, turn ON Banking mode and I'm prevented from getting to either news site, so it appears that BM works on my system. When I switch back to Advanced, I can get to the news sites, as I would expect to. I don't use google mail so I can't test that. I use e-mail servers on my own domain which of course are Trusted in my Domains list.
  22. Anyone else having this problem? I've tried earlier this morning and again just now with the same failure.