wallacegal

Member
  • Content Count

    32
  • Joined

  • Last visited

Community Reputation

0 Neutral

About wallacegal

  • Rank
    Member

Recent Profile Visitors

1096 profile views
  1. Thank you for working through this with me. I'm not sure why Windows would change like that since I don't update it. I can figure out the wildcards but I don't know if I want to go through all of that. At least I know it's not Emsisoft or that the files are in fact, a problem. I'd tell Microsoft about this whole thing, but they just don't care at all so...Thank you so much again and at least, if anyone else reports this problem, there's now an answer to it.
  2. Not the debugging log, no. I can't find it anywhere. And the email to tech automatically compresses it according to the message.
  3. Well, I'm trying to do that, but it tells me that at 10mb, the file is too big so I've turned it off and back on again now and hope something comes through soon so the file remains small enough to send.
  4. Yup. They're still there. So they're not being moved out of any folder and into quarantine. Which then begs the question, is anything that's being quarantined at any time moved from where it is, into quarantine? However, after thinking about that, I did search that folder and none of the two or three other, different files on the quarantine list going back to January, are not in there. This tells me that there's something triggering whatever Google is trying to download but Emsisoft isn't handling it correctly.
  5. I just ran the Help/About Chrome and it updated automatically to the same version as you, once I reset the Google Updates to automatic in the Services. At this point, I'm inclined to just let Emsisoft do its thing and hope eventually someone figures it out. I can't be the only one, but might be the only one reporting it.
  6. No, not the serial numbers. I found the SHA number and ran it through VT and all I get is No Engines Detected This File. Emsisoft is marking every one of them as CryptoMalware. And disabling the Google Updater didn't make a difference at all. I had two more try to come through. This is just one example but they're all noted with the exact same thing. The only difference is the CR_ file name: 7/26/2020 7:09:29 PM Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\XXX\AppData\Local\Temp\CR_D9BD4.tmp\setup.exe (SHA1: 581FF121BC46F1CBED4B5186568CBB1100BE5DA0) 7/26/2020 7:09:31 PM A notification message "Suspicious behavior has been found in the following program: C:\Users\XXXX\AppData\Local\Temp\CR_D9BD4.tmp\setup.exe" has been shown 7/26/2020 7:10:31 PM User "CUTHBERT4\SYSTEM" clicked "OK" And I did see that ''she''. Thank you.
  7. Again, I'm a 'she'. And there are several instances of the Google updater that must have gotten past whatever protocols Emsisoft is using but they're all just sitting there. I am not going to be the one to click on one of them and find out what they are/do. I did look at every one of them. There are no hash's on them. Only serial numbers which your VT can't seem to find. I have disabled Google Updater in services. I'll see if that stops these foreign installers and they're all labeled as an installer, though they're obviously not automatic at all. As to whether Chrome is up to date or not, clicking the three dots, help, about Chrome gives me this, so it's up to date as far as it's concerned: Google Chrome is up to date Version 84.0.4147.89 (Official Build) (64-bit) And I've added the temp folder CR contents that did Not trigger a warning to quarantine:
  8. I'm a she... The file was tagged again, and I managed to find it under Google Updater so at this point, it's on your tech's end to find out why it's being flagged as a quarantineable program, I guess. The other problem I see though is, and this is on Google's part, I let that first one through and it just sat there so I'm not sure what Google is counting on to trigger the update, but if they're trying to do it silently, it will never get updated. I wouldn't have seen that if it wasn't for Emsisoft and to have it download and then just sit in a temp folder...
  9. Well, Process Hacker wouldn't run. At all. So I had to use the .zip binary to run it. I just had that same message appear again and looking under Chrome, nothing. The same programs prior to it starting were the ones listed as Emsisoft quarantined it, so I don't know what's triggering it.
  10. I'm sorry, I've spent enough time on this for the past few days. I truly appreciate both of you trying to help, but the message itself is the least of my problems. I've repeatedly checked Chrome and it's up to date so the message that keeps popping up with the CR_XXXX, always a different name by the way, can't be a Chrome update. I'm getting quick enough to say "okay" when it pops up, but it would be nice if I could just blacklist any file named CR_ whatever so the message didn't show constantly. And the message is showing every hour or so. Regardless, as I said, thank you both so much. Right now, I'll deal with it best I can and figure something out to do with it all in the meantime. I'm by no means a novice to computers, but also not a programmer for Emsisoft. I'm sure though that something will eventually rear its ugly head
  11. Holding my mouse over the warning message does nothing. The only automatic things I have turned on is the updating for Emsisoft and to automatically quarantine programs with a bad reputation which wouldn't trigger that message. Yes, I do have Brave, but it's not running. It's triggered manually by me and I haven't run it in a month, at least. All of the browsers I have are set to a manual trigger in Services. I just got another message so I'm going to guess this is Google's new way of updating Chrome. I think it's a bit stupid on their part. I'm certainly not going to let it through at this time though until I know for sure what's going on. Unfortunately, Google is a big enough company that I doubt they care that this is going on. It's not what's best for the consumer of course, it's what's easiest for them. 7/24/2020 8:32:10 AM Medium risk Malware "Behavior.CryptoMalware" in "C:\Users\Theo\AppData\Local\Temp\CR_5BEC7.tmp\setup.exe" quarantined by user CUTHBERT4\XXXXXX(my name)
  12. I've tried everything from zero to 999 and I still get about 3 seconds so that option doesn't work for me. And my suggestion was early on during a support ticket with one of their techs. So I'm not blaming you at all. I just wish I could change it and it would actually work. Right now, it's set at 10 seconds but still only goes 3. In the folder for that .tmp file was an executable. I never see that with Chrome. It never downloads anything I have to run unless this is something new. I usually update it using either the help or about or that green arrow and it goes through the process then restarts. I would think, even if it now updates in the background it wouldn't be downloading anything I'd have to click on to start. It's also not anywhere in my downloads. It downloaded straight to the temp folder and all of my downloads are set to go to the download folder for me to deal with later. The whole thing was a bit creepy really. Thanks for the reply.
  13. You know, I barely get 3 seconds to read whatever's in that box. If I'm in the midst of typing something, I have to switch gears and focus on the message and I'm not quarantining something I want to keep but I barely have time to identify anything I'm not expecting, so I think that's rather harsh. I've been using this product for many years and I'm not completely unfamiliar with it but there are some things I don't regularly deal with and couldn't find a way to delete that rule. The ideal thing would be that when that box with the message opens, that it doesn't go away until it's acknowledged one way or the other but I suggested that long ago and was ignored. As to updates to Chrome and the few extensions that I use, I regularly update things, but was not working on anything that would trigger an update. I'm using the Chrome stable browser right now rather than Canary, so the only thing I should have gotten for Chrome would be the green update arrow in the upper right corner. That's why I don't have a clue what triggered this. Thank you for your answer on how to delete the rule.