Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by wallacegal

  1. Thank you for working through this with me. I'm not sure why Windows would change like that since I don't update it. I can figure out the wildcards but I don't know if I want to go through all of that. At least I know it's not Emsisoft or that the files are in fact, a problem. I'd tell Microsoft about this whole thing, but they just don't care at all so...Thank you so much again and at least, if anyone else reports this problem, there's now an answer to it.
  2. Not the debugging log, no. I can't find it anywhere. And the email to tech automatically compresses it according to the message.
  3. Well, I'm trying to do that, but it tells me that at 10mb, the file is too big so I've turned it off and back on again now and hope something comes through soon so the file remains small enough to send.
  4. Yup. They're still there. So they're not being moved out of any folder and into quarantine. Which then begs the question, is anything that's being quarantined at any time moved from where it is, into quarantine? However, after thinking about that, I did search that folder and none of the two or three other, different files on the quarantine list going back to January, are not in there. This tells me that there's something triggering whatever Google is trying to download but Emsisoft isn't handling it correctly.
  5. I just ran the Help/About Chrome and it updated automatically to the same version as you, once I reset the Google Updates to automatic in the Services. At this point, I'm inclined to just let Emsisoft do its thing and hope eventually someone figures it out. I can't be the only one, but might be the only one reporting it.
  6. No, not the serial numbers. I found the SHA number and ran it through VT and all I get is No Engines Detected This File. Emsisoft is marking every one of them as CryptoMalware. And disabling the Google Updater didn't make a difference at all. I had two more try to come through. This is just one example but they're all noted with the exact same thing. The only difference is the CR_ file name: 7/26/2020 7:09:29 PM Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\XXX\AppData\Local\Temp\CR_D9BD4.tmp\setup.exe (SHA1: 581FF121BC46F1CBED4B5186568CBB1100BE5DA0) 7/26/2020 7:09:31 PM A notification message "Suspicious behavior has been found in the following program: C:\Users\XXXX\AppData\Local\Temp\CR_D9BD4.tmp\setup.exe" has been shown 7/26/2020 7:10:31 PM User "CUTHBERT4\SYSTEM" clicked "OK" And I did see that ''she''. Thank you.
  7. Again, I'm a 'she'. And there are several instances of the Google updater that must have gotten past whatever protocols Emsisoft is using but they're all just sitting there. I am not going to be the one to click on one of them and find out what they are/do. I did look at every one of them. There are no hash's on them. Only serial numbers which your VT can't seem to find. I have disabled Google Updater in services. I'll see if that stops these foreign installers and they're all labeled as an installer, though they're obviously not automatic at all. As to whether Chrome is up to date or not, clicking the three dots, help, about Chrome gives me this, so it's up to date as far as it's concerned: Google Chrome is up to date Version 84.0.4147.89 (Official Build) (64-bit) And I've added the temp folder CR contents that did Not trigger a warning to quarantine:
  8. I'm a she... The file was tagged again, and I managed to find it under Google Updater so at this point, it's on your tech's end to find out why it's being flagged as a quarantineable program, I guess. The other problem I see though is, and this is on Google's part, I let that first one through and it just sat there so I'm not sure what Google is counting on to trigger the update, but if they're trying to do it silently, it will never get updated. I wouldn't have seen that if it wasn't for Emsisoft and to have it download and then just sit in a temp folder...
  9. Well, Process Hacker wouldn't run. At all. So I had to use the .zip binary to run it. I just had that same message appear again and looking under Chrome, nothing. The same programs prior to it starting were the ones listed as Emsisoft quarantined it, so I don't know what's triggering it.
  10. I'm sorry, I've spent enough time on this for the past few days. I truly appreciate both of you trying to help, but the message itself is the least of my problems. I've repeatedly checked Chrome and it's up to date so the message that keeps popping up with the CR_XXXX, always a different name by the way, can't be a Chrome update. I'm getting quick enough to say "okay" when it pops up, but it would be nice if I could just blacklist any file named CR_ whatever so the message didn't show constantly. And the message is showing every hour or so. Regardless, as I said, thank you both so much. Right now, I'll deal with it best I can and figure something out to do with it all in the meantime. I'm by no means a novice to computers, but also not a programmer for Emsisoft. I'm sure though that something will eventually rear its ugly head
  11. Holding my mouse over the warning message does nothing. The only automatic things I have turned on is the updating for Emsisoft and to automatically quarantine programs with a bad reputation which wouldn't trigger that message. Yes, I do have Brave, but it's not running. It's triggered manually by me and I haven't run it in a month, at least. All of the browsers I have are set to a manual trigger in Services. I just got another message so I'm going to guess this is Google's new way of updating Chrome. I think it's a bit stupid on their part. I'm certainly not going to let it through at this time though until I know for sure what's going on. Unfortunately, Google is a big enough company that I doubt they care that this is going on. It's not what's best for the consumer of course, it's what's easiest for them. 7/24/2020 8:32:10 AM Medium risk Malware "Behavior.CryptoMalware" in "C:\Users\Theo\AppData\Local\Temp\CR_5BEC7.tmp\setup.exe" quarantined by user CUTHBERT4\XXXXXX(my name)
  12. I've tried everything from zero to 999 and I still get about 3 seconds so that option doesn't work for me. And my suggestion was early on during a support ticket with one of their techs. So I'm not blaming you at all. I just wish I could change it and it would actually work. Right now, it's set at 10 seconds but still only goes 3. In the folder for that .tmp file was an executable. I never see that with Chrome. It never downloads anything I have to run unless this is something new. I usually update it using either the help or about or that green arrow and it goes through the process then restarts. I would think, even if it now updates in the background it wouldn't be downloading anything I'd have to click on to start. It's also not anywhere in my downloads. It downloaded straight to the temp folder and all of my downloads are set to go to the download folder for me to deal with later. The whole thing was a bit creepy really. Thanks for the reply.
  13. You know, I barely get 3 seconds to read whatever's in that box. If I'm in the midst of typing something, I have to switch gears and focus on the message and I'm not quarantining something I want to keep but I barely have time to identify anything I'm not expecting, so I think that's rather harsh. I've been using this product for many years and I'm not completely unfamiliar with it but there are some things I don't regularly deal with and couldn't find a way to delete that rule. The ideal thing would be that when that box with the message opens, that it doesn't go away until it's acknowledged one way or the other but I suggested that long ago and was ignored. As to updates to Chrome and the few extensions that I use, I regularly update things, but was not working on anything that would trigger an update. I'm using the Chrome stable browser right now rather than Canary, so the only thing I should have gotten for Chrome would be the green update arrow in the upper right corner. That's why I don't have a clue what triggered this. Thank you for your answer on how to delete the rule.
  14. I had a notification go off today and the option to either mark it as 'Wait, I think it's safe' or let it go goes by so fast, I marked something as safe when I shouldn't have. When I finally found it, it was marked as a Google Chrome installer, and I'm using Chrome, but I'd not clicked on anything that should have started a download. I couldn't delete the folder so deleted the contents and then the folder. How would I mark something like that for quarantine once it's been marked as safe by mistake? 7/23/2020 3:10:24 PM Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\Theo\AppData\Local\Temp\CR_58B75.tmp\setup.exe (SHA1: 06677591F4058F36741B388BC1F331841201EF76) 7/23/2020 3:10:27 PM A notification message "Suspicious behavior has been found in the following program: C:\Users\Theo\AppData\Local\Temp\CR_58B75.tmp\setup.exe" has been shown 7/23/2020 3:10:34 PM User "CUTHBERT4\SYSTEM" clicked "Wait, I think this is safe"
  15. If it wasn't for the fact that I have so many programs that only work on Windows that I've paid for and use quite often, I'd have switched to Linux exclusively, some time ago. My opinion (and it's like a nose, everyone has one) is that Microsoft is getting worse with each update. I don't want to have to reset everything every time there's a major update and while you may think being 6 months behind is foolish, it works well for me. Twice in the recent past, with their kb security updates, those updates have broken my OS to the point that I've had to reinstall my OS from scratch. I don't want to do that every few weeks so stopping the updates until I can go through them works for me as well. As far as the security of a program, I run it through two different malware programs first though I don't install much of anything at all. And I've been a longtime user of his Desktop Goose program which I've not had problems with, so this problem came out of the blue and was a surprise. There weren't any derogatory comments about the program other than its stopping working but no one knows why. Since I saw the "stopped" in the ID column, I thought perhaps Emsisoft had something to do with suddenly stopping the program since I don't know what that means in that column and really haven't gotten an answer. However, at this point, I've uninstalled the program and will move on as far as trying to figure out what happened. thank you
  16. Windows 10 and no, I don't allow anything Windows to update unless I've researched it first. Too many times in the past, I've been burned by their ridiculous 'security updates' that a few weeks after release, are marked as flawed because of so many user reports of broken OS's and have to be uninstalled. I have no patience for that anymore. So no, nothing on my laptop has been updated since oh...December, I think. And I won't be updating to the latest edition either. I use a program called StopUpdates10.
  17. I do see that some are experiencing the same problem as me, but asking each one to tell me what their set-up is so I can gauge what's wrong, well, most probably wouldn't answer anyway. The only things that update automatically on my laptop are the Emsisoft program and, I guess semi-automatically, would be Chrome. Since Chrome has gone through a couple updates now and Emsisoft updates sometimes twice a day, I guessed that one of those definitions maybe, is what is causing the program not to run. It's just frustrating. Thank you both. I will continue to investigate.
  18. Yes, if you're talking about the comment from nightsmusic, that would be me. Thank you.
  19. Thank you. I'd already disabled the Behavior Blocker. Didn't help. Excluded the program from those places I could in the Emsisoft program. Didn't help. It's odd because for 35 or 40 days, it worked perfectly. And yes, I did pay for it so it's not something that was a free trial. But now, it tries to start, I can see that, but it won't. Whether trying to open it or run as admin, doesn't matter. I wondered why Emsisoft has it marked as Stopped under the ID column for Behavior Blocker. Thank you.
  20. I have a program that was working fine, just a little program called DesktopMeadow.exe. Now suddenly, it no longer will run and when I look under Behavior Blocker, the program is marked as trusted but under the ID column, it's marked as Stopped. I miss this program and need to know how to get it started again. I see that several other programs marked as either Trusted or Monitored, that Do work, are also marked as Stopped under the ID column. Not sure what's going on, but any help would be appreciated. I've uninstalled and reinstalled the program and it still won't run. Windows 10 Emsisoft Version: 2020.6.0.10209 Thank you!
  21. No, same thing and I gave it two more tries. I give up. I can use another program that works which I tried last night. Thank you for all of your help. Works perfectly on this laptop, but just won't install on the other.
  22. Sorry, same thing. Got 95% done and rolled back.
  23. New log EmsisoftDiagLog.txt EmsisoftDiagLog.txt
  • Create New...