bluescreen

Member
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About bluescreen

  • Rank
    Member

Recent Profile Visitors

2351 profile views
  1. Thanks, Azure Phoenix. I was wondering if anyone had any thoughts on the invalid hash warnings? It is concerning when you receive messages that your antimalware program may have been corrupted or undergone unauthorized modification.
  2. Sony Vaio Laptop Windows 7 Professional, Service Pack 1, 64-bit Emsisoft Anti-Malware, Version Version 2018.1.0.8407
  3. Getting intermittent warnings in the Windows 7 security log. I run Windows 7 SP1 64bit on a Sony Vaio laptop. Code Integrity has determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: Device\HarddiskVolume3\Program Files\Emsisoft Internet Security\a2hooks64.dll I used to have Emsisoft Internet Security, but it changed itself to Emsisoft AntiMalware. Can anyone help me understand what is going on here? Thanks in advance. Bluescreen
  4. A belated thank you for your response. I'm really glad this community is here.
  5. Thanks for answering. It says it was for Thunderbird.exe. That makes sense about the restart. Thank you.
  6. See edit to original message: ON EDIT: My computer mysteriously restarted itself, and the problem was gone when I came back. Very strange. I guess I am okay, unless this sounds suspicious and like I have got malware. Thanks very much for being here.
  7. ON EDIT: My computer mysteriously restarted itself, and the problem was gone when I came back. Very strange. I guess I am okay, unless this sounds suspicious and like I have got malware. Thanks. I got an alert from EIS that a program was trying to install silently in the background, so I quarantined it. It was actually Thunderbird trying to update itself. I realized as I was quarantining that it was a Thunderbird update, but I quarantined anyway, because I figured it was only an update, and given the suggestion of sneakiness in the alert, I thought I would research to make sure it was a legitimate update. I thought it would merely prevent the update installation, but it blocked Thunderbird altogether. There are only four malicious items in my quarantine folder, and none of them are Thunderbird. When I try to launch Thunderbird, nothing happens. I did find Thunderbird in the quarantine log and deleted that, but I guess it was just a log entry. I still can't launch the program. How do I reverse this and get my email program back. And in the future, if I want to prevent an automatic, silent update, how do I do it without blocking the entire program? Thanks in advance for helping me. Bluescreen Windows 7, 64-bit Emsisoft Internet Security
  8. Thanks for the response. I did upload it to VirusTotal, and everything was clean. I am just bewildered as to why the alerts have suddenly started now, after no alerts at all even though I have been using the program in the very same way for a while. What is happening to start them now, as opposed to when I started using the program? I appreciate your input. Thanks.
  9. I posted this initially under "Emsisoft Internet Security," but I think that forum is for general questions about the program rather than malware? Please let me know if I should delete here or there. Thank you for any help you can offer. I am working against a deadline and would really like to understand what is happening. ******** I have been scanning family pictures for several days now using a Kodak all-on-one, with no problems whatsoever. All of a sudden I am getting a "Behavior Alert" from Emsisoft Internet Security telling me that the program is attempting to access disk sectors directly and that I should quarantine it. It is also saying the certificate is invalid and may be faked. Why now? What is happening? I had the same thing happen with a chat program recently...was using it for months and all of a sudden the Emsisoft alerts started happening. Please help, if you can. Windows 7 64-bit Gateway computer
  10. I have been scanning family pictures for several days now using a Kodak all-on-one, with no problems whatsoever. All of a sudden I am getting a "Behavior Alert" from Emsisoft Internet Security telling me that the program is attempting to access disk sectors directly and that I should quarantine it. It is also saying the certificate is invalid and may be faked. Why now? What is happening? I had the same thing happen with a chat program recently...was using it for months and all of a sudden the Emsisoft alerts started happening. Please help, if you can. Windows 7 64-bit Gateway computer
  11. I was using Online Armor until yesterday with great success. Because of my own general paranoia re: computer privacy and excitement about having a firewall program that gave me microcontrol over programs, I made svchost.exe untrusted and was allowing activities as the popups came. I surfed this way without a problem for a few weeks and was delighted to have the control. Yesterday, I was away from the computer for several hours, although it remained online and connected. When I returned, I noticed a barrage of notifications in my firewall about activities by svchost.exe that had been automatically allowed by the firewall. These included enumerating programs, starting processes, etc. I mean, there were pages and pages of it, all in yellow and permitted. I noticed that I could no longer get svchost.exe to ask me for permission to do anything. If I marked it as trusted, it would allow anything. If I marked it as untrusted or tried to use the "ask" setting, it would simply block everything. I had no ability to control the decisionmaking, beyond allowing everything or blocking everything. When I tried to access event logs in Administrative Tools, I got a message that I did not have sufficient privileges to do that. I was denied from several activities like this. Each time, a notification would appear in the firewall as follows (not sure the numbers are the same each time, but this is the general message): Kernel Event: OADriver: CreateProcessNotifyRoutineEx, PID: 788 - Deny (rule) 788 -svchost.exe I did some googling on that event, and there was very little to be found online at all in English. I did find this very scary page, which suggested that sophisticated malware uses this process to hide its activities...(?).... http://www.fireeye.com/blog/technical/malware-research/2012/06/bypassing-process-monitoring.html ...But I really have no idea what I am reading here. I could no longer access Help, Recovery, or System Restore. When I finally got to System Restore through a boot into safe mode, all my recovery points had been deleted. I restored the computer using a system image taken previously on disks, which included the Online Armor program installed the way it was when it was still working for me. I am again able to control what svchost.exe does. However, as long as Online Armor is running, I cannot access the adapter settings for my wireless connection. I am again getting the same Kernel event message every time I try. Also, when I click on Network and Sharing Settings from the taskbar, nothing happens. I have to access it through control panel. Do you have any idea what is going on for me here, or what this message means? Thank you in advance for any help you can give.