Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by HoggyDog

  1. Just a general question: McAfee Live [something] was preinstalled on my new HP Spectre X2 tablet hybrid with Win10. Since I have no idea what it did, and because it incessantly spammed me with nag screens in the middle of whatever I was trying to do, I uninstalled it, and as it was leaving it popped up a warning that my computer was now unprotected against malware and <insert name of calamity here> and that I should re-install McAfee Live [something] immediately.

    I thought my Emsisoft Internet Security was all the security I needed. Was I mistaken? Should I reinstall McAfee-whatever and run both AV suites side by side? Does McAfee Live do something that EIS dioesn't do? Do I need a dedicated firewall?

  2. "RK should produce a TXT report that is saved to the Windows Desktop." RK absolutely does not do this by default- it does not produce ANY txt-format report, and the json report it does produce is saved to the RK installation path, which is C:\Program Files\[some subfolder] and cannot be changed.

    "Once the Status box shows "Scan Finished", just close the program" If you do this, no report other than the *.json report I attached previously is produced, and it was saved to the installation directory of RK, not the desktop..

    "The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)" Again, this is 100% wrong. NO TEXT-FORMAT LOG IS PRODUCED BY DEFAULT, the only log produced is in JSON format, and it is saved in the RK installation directory. When I finally managed to actually save a report in txt format, it was named 'rk_FA17.txt' and it is attached below.

    I hate being contentious because I know you're trying to help, but the dead-wrong instructions and statements are the exact opposite of helpful. Several of the instuctions and expectations in your posts regarding RogueKiller are simply wrong. I'm begging you to download and run it yourself, then change your instructions to match what RK actually does and what a user must do to produce the report you need.

    That said, after the (second) RK scan completed, I was able to produce the attached text-format report by manually pressing a button cryptically labeled [TXT] and I forced it to the desktop by manually overriding the RK installation path where it 'wanted' to put it and pointing it to the desktop.




  3. RogueKiller did not produce any RKReport*.txt file, or any *.txt file whatsoever- I used UltraSearch to scrutinize all 4 of my hard drives for any txt file produced in the past hour immediately after running RK and none of the files found were produced by RogueKiller.- just the JSON one. I am leery of running RK again without your instrruction because I have no idea what RogueKiller is or what it does, or if doing whatever it does twice in a row could be harmful.

    Also, as a mater of practice, I never 'install' or save anything to my Desktop because it is too easy for me with my blurry vision and fat fingers to run it unintentionally. This means that I am having to translate your instructions to download to desktop, install to desktop (etc) to match what I am actually willing to do on my machine: I download installables to ...\Downloads\ and then I install them to a dedicatred folder if given the option due to Windows draconian, user-hostile UAC- I would have chosen "E:\RogueKiller" had I been afforded an option- or install to the default installation path if no option is presented.

    In the case of RogueKiller, the download was a Setup executable, not the program executable itself, and included several ancillary files beside RogueKiller.exe. The setup process offered no installation path options- it simply installed itself to "C:\Program Files\RogueKiller\RogueKiller64.exe." Your instructions specify that users should run the downloaded file then send the resulting report, but since the download is NOT the program executable it is not possible to follow your instructions as they are currently written. I realize that the instructions are probably cut-n-paste boilerplate on your end, so I'm suggesting that you might want to download RK yourself, install it, and run it- then update your boilerplate to match the actuality of what users will experience. Also, because RK does not automatically produce the report text file you are looking for, you might include instuctions on how to make it do so.

    Please give me specific, detailed instructions on how to force RogueKiller to produce the file you are looking for using the latest version of RK (that I just downloaded) because it occurs to me that your experience may be on an older version and the failure to produce a txt file may be a 'feature' of a newer version. At any rate,.RK is not doing what you said it should do, which is scary.

  4. New scan results. Hard to tell 'how things are running' because the slowdowns and crashes are random and unpredictable, hence unduplicatable. That said, in the 2 days since running the fixlist, I have not had a Windows Explorer crash OR a baffling, absurd notice upon exiting Skyrim that my i5-3570K OC to 4.2GHz, 8GB-RAM, GTX-970 4GB-VRAM system is too slow to support my desktop at millions of colors and would I like Windows to downgrade to 16 colors to increase performance? :wallbash:

    So, I guess no news is good news? Or, 'so far, so good but the jury's still out?'





  5. I'm having my semi-annual system slowdown and Windows Explorer crashes.

    Emsisoft Internet Security found and quarantined "E:\Users\[path redacted for privacy]\Skyrim\LOOT_6854b5e053c96408b178bca502e159959f3d7bf6\LOOT.exe     detected: Gen:Variant.Razy.146401 (B) [krnl.xmd]" a couple of days ago, but other than that there have been no reports of anything amiss, other than the symptoms mentioned, and removing it did not fix the problems.

    Log files attached per instructions. Thanks.





  6. That should take care of it. How are things running?

    Well, Windows Explorer is still crashing once or twice a night, but I haven't got the dreaded "Windows suggests you decrease your color depth to speed up the system" message in the past couple of days, so maybe that's fixed. I've just never heard of Windows Explorer crashing, and when I Google it I find mostly "you probably have malware" so I guess at this point I give up.


    Thanks again fro your help.

  7. i5 3570K 4.0GHz

    8GB DDR3

    GTX 970 4GB

    Windows 7 Home Premium x64

    SSDs (2); HDDs (2)

    Emsisoft Anti-Malware and Malwarebytes Anti Malware do not detect anything.


    Hi- I'm having two issues, exactly the same issues as I reported here 6 months ago and which you helped me fix then:


    1. From time to time, I get a popup from Windows saying it wants to reduce the color depth "to improve performance." This system has run fine for 2+ years, so the sudden appearance of this recurring warning is highly suspicious. Memory checks, CHKDSK and other hardware checks do not disclose any hardware problem.


    2. Windows Explorer (NOT Microsoft Internet Explorer) crashes inexplicably a couple of times a day and must be restarted.


    Following the instructions to run EEK and FRST scans, I found the following mismatches between your instructions and what actually happened:

    1. Instructions state that a scan will begin automatically at the end of EEK installation. It did not. I had to navigate to the installation directory and manually launch 'Start Emergency Kit Scanner.exe.'

    2. Instructions say to enable PUP detection in EEK but no such option exists in EEK Settings or in the Scan dialog. I do recall that option existing 'somewhere' in my installation of EAM.

    3. Instructions say to 'save the scan log....' No 'Save Log' option exists in EEK. In the Logs tab, there is an 'Export' button, which is what I finally used, but then I discovered that this is not what you want at all- you want the one that is automatically saved in the EEK installation directory at the end of the scan. This leaves me baffled as to why the instructions want me to perform a step that is automatically done by EEK.

    4. Instructions state the log to upload can be found in "C:\EEK\Reports" but no such path exists because I installed it to E:\EEK instead- my system drive is an SSD and I don't install anything there except Windows system files. Instructions should specify [installation Drive]:\EEK\Reports to acknowledge that 21st century users commonly have multiple drives and EEK thankfully allows itself to be installed anywhere.

    5. Despite downloading and running a new installation of EEK, the Logs tab showed two previous scans from 5-6 months ago in addition to today's scan, indicating that EEK's installation process did NOT completely overwrite the previous installation.


    Thanks in advance for updating the instructions to match reality- it would've saved me 10 or 15 minutes of trying to figure out what to do to follow impossible directions.


    I would be particularly interested in any thoughts you may have on why, despite 'clean bills of health' from EAM and MBAM, something keeps getting onto my system and screwing it up.


    EEK Log and 2 FRST logs attached.





    Thanks in advance for any help.

  8. Hi, again, Kevin. Just a final note to let you know that the Secunia Personal Software Inspector doesn't work. I installed PSI using the third option: notify me which programs need updating but let me decide which ones to update.


    1. It needed Direct Disk Access on installation. Both Emsisoft Anti-Malware and I agreed that this was suspicious behaivor for a simple software version-checker and online database comparer.

    2. It installed on my C: drive with no options to install elsewhere. My C: drive is a 64GB SSD and I don't need things that don't need SSD speed to be installed there due to the limited space.

    3. It installed as a "launch on computer start" program, or a TSR (old-school DOS-talk for "Terminate & Stay Resident"). That is just a total waste of resources for a utility that needs to be run only occasionally.

    4. PSI detected 7 programs that needed updating, but once the detection phase finished and the results were displayed, there was no "update all" option, which seems user-unfriendly to me.

    5. Resigning myself to clicking "Update" seven times, I clicked "Update" on the first program- a Flash player. But after a full 30 minutes of watching "Updating..." and a spinny thing I knew it was hung.

    6. Thinking that maybe the problem was at the Adobe Flash website end, I tried to cancel that update and try one of the others. However, there is no "cancel" option on an update. The only way out was to close PSI.

    7. When I hit the X to close PSI, it closed instantly- which indicates that it had not actually been doing anything at all, no connections to close, no memory addresses to release. Just BAM! Insta-Closed.

    8. I relaunched PSI and hit "Update" on Open Office. Same exact behavior: infinite "Downloading (spinny thing)" for 10 minutes but no HDD light indicating that it was actually downloading anything.

    9. Closed the application again, went to Control Panel and uninstalled it- and it needed direct disk access AGAIN to uninstall itself, then it needed a reboot. Why would it need a reboot to uninstall but it hadn't needed one to install?


    At the end of the uninstallation, PSI snagged my browser and sent to me a survey asking me why I had uninstalled PSI. After answering their question with a brief summary of the above saga and clicking "FINISH," I was diverted to a full-page ad from the suvey company saying "Hey, you're good at this! Want to make some money filling out surveys?" So in addition to being suspicious, incompetent, user-unfriendly, dysfunctional and having no failsafe timers for failed/bad/hung downloads, the software is affiliated with an enterprise that seeks to scam its departing customers!


    So I guess I'm saying that the PSI software doesn't seem to reflect particularly well on you or Emsisoft, and I wonder if you might reconsider your recommendation of it, and possibly recommend some more-functional and professionally-designed and executed appplication version-checker utility, preferably one that lets me choose where to install it, runs only on-demand and doesn't need to be a TSR, actually DOES SOMETHING when you click "Update" and isn't willing to hang forever on bad downloads like PSI does.

    Again, thanks for your help- other than this PSI debacle, which isn't really your fault, your assistance was invaluable and effective.


    PS: I'm not sure what use it might be to anyone, but since the PSI uninstallation process left the PSI log behind, I'm attaching it here in case you are interested in it. If you know the folks at Secunia, maybe you could forward it to them.


  9. UPDATE: I finally found out why I couldn't get FRST to complete: Emsisoft Anti-Malware was blocking it! No window, no notice, but after I end-tasked on FRST for the 6th or 7th time and closed all my open windows to shut down the computer, I discovered a POP-UNDER Emsisoft Anti-Malware window open, UNDER all my other windows- it was saying something about FRST "acting suspiciously" (why in the blue-eyed world wouldn't Emsisoft have whitelisted this app by default???), and did I want to allow it to continue... despite the fact that I had told EAM 2 days ago to "Allow Always" on both FRST and JRT.


    Please, ask the Devs at Emsisoft to (a) whitelist the known-trusted apps that you guys recommend for cleaning infections; and (b) make their popups visible ON TOP OF all other windows, instead of stealthing up under the open windows and invisibly disabling whatever process I'm trying to run! It didn't even flash a taskbar icon at me to get my attention or give me a clue that it was undetectably disabling the FRST process.


    FRST logs attached. thanks.


    PS: I notice that FRST reports Emsisoft Anti Malware is disabled. This is false- it is up and running, and in fact is the entire reason I couldn't get FRST to finish a scan. Why does FRST report that EAM is disabled?



  10. Dear Kevin Zoll: Just a note to tell you how much I appreciate you, your knowledge and expertise and your approach to problem solving in a difficult context- finding and removing invisible computer packages that do not want to be found or removed. You did not ask me for information I had already provided (it drives me nuts when "tech support" and other "Customer No-Service" people obviously haven't even bothered to read the problem statement) and you provided clear, concise instructions, easily followed, for (probable) resolution of the problem(s).


    I followed your instructions to the letter, and the resulting log files are attached. Since my issue manifested itself only once or twice a week, only time will tell if these steps have solved it. But whether more steps are required or not, your assistance is greatly appreciated.


    Thank you.






  11. i5 3570K 4.0GHz

    8GB DDR3

    GTX 970 4GB

    Windows 7 Home Premium x64

    SSDs (2); HDDs (2)

    Emsisoft Anti-Malware and Malwarebytes Anti Malware do not detect anything.


    Hi- I'm having two issues:


    1. From time to time, I get a popup from Windows saying it wants to reduce the color depth "to improve performance." This system has run fine for 2+ years, so the sudden appearances of this recurring warning is highly suspicious. Memory checks, CHKDSK and other hardware checks do not disclose any hardware problem.


    2. Windows Explorer (NOT Microsoft Internet Explorer) crashes inexplicably 2-3 times a week and must be restarted. Sometimes this causes me to lose data if I was in the middle of a cut >> paste operation.


    I notice that FRST shows "pinnacle update service" errors. As far as I know, I do not have any such software installed, which makes me wonder if some malware is impersonating legitimate software from Pinnacle.


    EEK Log and 2 FRST logs attached.


    Thanks in advance for any help.




  12. As someone who used Emsisoft Anti-Malware in the past, and is now using Emsisoft Internet Security, I can tell you that none of them blocks Guild Wars 2 (I play it everyday), nor do they interfere with it smile.png

    Smiley face notwithstanding, your response seems arrogant and condescending to me. I have already posted what Emsisoft IS DOING yet you blihtely state that it doesn't do that. Too funny.


    I have been playing GW2 since pre-launch beta, and Emsisoft has never blocked it before. However, a response to my statement that Emsisoft has suddenly started blocking GW2, complete with a screenshot, then a later edit stating that ininstalling then reinstalling Emsisoft cleared the blockage of GW2, thereby proving beyond any reasonable doubt that Emsisoft was, in fact, blocking GW2 AND a mention in the edit that I have been playing GW2 for four years... stating that Emsisoft "doesn't do that" is just absurd.


    PS: "Everyday" is an adjective meaning "commonplace." What you should have said is "every day." Please look it up.

  13. Based upon the "My own" entries showing in your Surf Protection rules, you must be importing a custom Hosts file.


    What Hosts file source(s) are you using to compile your "My own" rules?


    Based upon the time stamps, is it possible the blank rule is a corrupted entry that was imported from your Hosts file?


    Good luck!

    I have never imported a host file. Those rule entries are produced when Emsi alerts to (whatever) and I click block or allow. I normally keep my PuP and Privacy categories set to "Alert" and the more serious two on the left set to "Block and Notify."

  14. 1. Emsisoft Anti-Malware. Version and build unknown because, contrary to the sticky "Information to Include" the version number is nowhere to be found in my installation of Emsisoft Anti-Malware.

    2. Windows 7 Home Premium SP1 all latest updates.


    About an hour ago, a major online game that I had been playing earlier in the day (Guyild Wars 2) was suddenly blocked by Emsisoft Anti-Malware. Upon investigation, I discovered a "Surf Protection Rule" that says it is "My Own" but that I did not enter or approve. Even worse:

    1. The URL or IP that is being blocked is blank.

    2. The rule states that it is set to "Block Silently" which denies me the opportunity to get a popup showing what is going on

    3. I am unable to remove or delete the rule

    4. I am unable to edit the rule because Emsisoft insists that I enter a URL; please see #1 above

    5. A "thorough" scan using Emsisoft Anti-Malware and MalwareBytes Anti-Malware reveals no malware


    Other than disabling or uninstalling Emsisoft Anti-Malware, can you suggest any steps I might be able to take to fix this?


    Also, please consider removing the idiotic requirement to hand-enter a URL when trying to delete or edit a rule's behavior from "Block Silently" to "Alert." If Emsisoft Anti-Malware itself can't even read the URL from its own logs as it displays the rule and latest blocking event, because the URL field is blank, how does Emsisoft Anti-Malware expect a customer to figure out what the URL is in order to hand-enter it? If I highlight a rule and press delete, you should just delete the damned rule, no questions asked!


    I will attach a screenshot of what Emsisoft is telling me. I will also attach a screenshot of Malwarebytes Anti-Malware's display, which clearly shows the version number on the top frame to customers in case they need to know it... unlike Emsisoft, which hides that information but then asks customers to include it without telling where it is in a sticky post on the support forum.


    Thank you.


    EDIT to add: after completely uninstalling Emsisoft Anti-Malware and rebooting, I am now able to log in to Guild Wars 2- proving that it was, indeed, Emsisoft Anti-Malware preventing me from logging in to a reputable, well known and not-malicious server that I have been using daily for 4 years.



  • Create New...