pallino

Member
  • Content Count

    306
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by pallino

  1. Last 2 questions: - Does EMSI AM or IS install a root certificate to be able to scan encrypted traffic? - how can EMSI IS firewall hide the pc it is instaled on from other devices inside the same home network (that might be infected)? How can all traffic from the internal network be blocked? What settings are needed? thank you!
  2. One more doubt about BB.... How does Emsisoft’s Behavior Blocker react when it detects a suspicious behavior? Does it alert the user and ask what he want to do or does it first check the Emsisoft Anti-Malware Network (so it checks EMSI database to see how other users decided in the same situation/for the same program. If enough users (90 percent by default) took a specific action, it automatically applies that action)? If it checks what other users decided and applies the same action, can this be avoided so that the user can decide alone in all alerts (or even better, can he see what other did but still be able to take his own decision? thank you
  3. Is this normal or unusual? Did tbe router get compromised? what do I have to do with it? How should it be? Thanks p.s. I don t have these issues with 3 other pcs..
  4. Thank you. Would you trust this laptop as it is if it was yours? Isin't it suspicious that KIs had these problems even if it was installed after a fresh reinstall? What about the authenticity warnings? I still get the one for google.com. thank you Addition.txt FRST.txt virusinfo_syscheck.zip
  5. Thank you for your answer! Are both based on the same technology or are they two completely different approches? Is Emsisoft’s Behavior Blocker an evolution of EMSI's Hips that checks all active processes and modifications affecting system security and alerts only if different suspicious behaviours are detected and a certain critical value is hit that clearly indicates malware? OA HIPS instead alerts the user of every security-related modification of his system unlessi it's whitelisted? So more control/protection but with way more (FP) alerts? Is this correct? thank you!
  6. Thank you! So just to understand it right, what does EMSI IS firewall do exactly? - it eliminates potential entry points/ports attackers could use to get onto your computer from the outside and so it keeps you invisible to network intruders? -it inspects network data packages and decide which data to block or allow, based on rules using also protocol-based filters? - it analyzes network traffic and can also link each data package with the program that generates it? Is it correct that the IS firewall - doesn't detect malware (as standalone, as added protection to EMSI AM) - dos not inspect every data package deeply on an application layer? Does it block outgoing connections sourced by malware (as standalone, as added protection to EMSI AM)? thank you!
  7. Dear EMSI Team, what's the difference between (EMSI) behaviour blocker and (Emsi) HIPS (e.g in OA)? I read that the level of protection offered by BB and Hips is the same/comparable, but what are the differences in the two technologies? thank you!
  8. Dear EMSI Team, in the blog http://blog.emsisoft.com/2014/09/19/whats-the-point-of-having-a-firewall/ I just read that EMSI IS is EMSI AM + a software firewall (an improved firewall compared to OA one since it has a IPv6 support). What are other differences between the EMSI IS firewall and OA apart from the missing HIPS in IS firewall? Does EIS offer DNS Spoofing Protection File/Registry Shield as in OA? Thank you added IPv6 support
  9. What do you suggest? Is it malware related? Thank you
  10. I disabled noscript and restarted te pc....still get the warnings about KIS not being able to guarantee the authenticity of the domain to which encrypted connection is established. Same if I disable ssl check in KIS , if I put google as trusted site, if I import KIS certificate in firefox as suggested on KIS forum.(also after restarting the pc). I saw that in AVZ, all ping test are OK, the only ones that didn't pass are the one to kaspersky sites... in FBARs addition.txt a opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden... C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll are these safe? today I have //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Now I have a security issue with the virustotal check in process explorer as in autoruns...pls check attached image. What do you think, what can it be and what do we do? Does it make sense to disinstall KIS and to insyall EMSI? I wanted to have 2 different AVs on my 2 laptops just in case one detects something the other doesn't yet... thank you P.S. Today I saw that KIS installs his certificate in Firefox even if I disabled to scan secure connections. Now I get warnings in firefox (not sandboxed), also for emsi forum page. :angry: Does EMSI IS and/or EAM scan for bad CA certificates? Addition.txt FRST.txt
  11. I didn t yry yo disable noscript yet..i chevked the daq and appare tly nosctipt doesn t block/scan https... apparently is a Kis isdue..i said apparrntly since dissbling ssl scan didn t vhange the athenticuty certificate issue. the tedt faoled when i accrpted the connection with google, ....informaction.com in sanboxed firefox..the test failed then in normal firefox too. Isn't that weird?
  12. Thanks...so all logs look fine? I never had this problem before, nor with noscript.... I ll disable it and see if it disappears. ..
  13. Hello Kevin, unfortunately the system is running "strange"....outlook restarts 1 time after I close it, every time. KIS 95% of time gets less database records after an update (I had 8500000+ and now 8350000) I cannot use firefox in sandboxie since KIS tells me that he cannot confirm the authenticity of the server I'm connecting to (or of the certificate). Yesterday I didn't pass the test on https://filippo.io/Badfish/ and had certificate issues also on firefox in normal (not sandboxed ) mode... I deleted KIS certificate and restarted the laptop. Today I had the problem with outlook that didn't trust the server certificate. After disabling scanning of SSL connections outlook managed to connect and download mails and I passed the test above. Still have the issue with firefox sanboxed. Opening download folder took very long many times... Can you please check the logs one more time? thank you!!!! Addition.txt FRST.txt virusinfo_syscheck.zip a2scan_150225-000606.txt TDSSKiller.3.0.0.44_25.02.2015_12.52.23_log.txt RKreport_SCN_02252015_133350.log
  14. Dear Emsi Team, on malwaretips.com I read that Emsi 's engine A (Emsisoft' s one) is updated only on weekdays and not on weekends and that only bitdefender's engine is able to scan inside archives. Is this correct? Thank you
  15. again, I uploaded new logs not because I like it but because I had something that till today wasn't found/ recognised but that infected the router and 2 pcs at least and forced me to reinstall all many times and on different pcs. Since I use this laptop for online banking I think it s normal to ask to double check if all is still safe after all what happened and 3 reinstalls and 3 router resets...and roguekiller pum (that in the past you asked me to fix) didn t help as the tmp file! Thank you for your help, time and patience till now!
  16. hi Kevin, attached the new reports. KIS as laptop are slow today... How do the logs look like? all safe? What about roguekiller ' s log and PUM? Something to worry about and to delete/fix? thank you! RKreport_SCN_02202015_122558.log Addition.txt FRST.txt virusinfo_syscheck.zip
  17. Hi Kevin, thank you! What about roguekiller 's PUM ? Can you please check this too? I attached new logs since today I had to go online and accessed all my accounts. If all is clean and safe I'll be super happy.....and the thread could be closed. :) thank you!!! Addition.txt FRST.txt virusinfo_syscheck.zip RKreport_SCN_02202015_115829.log
  18. Could you check the temp file? What about roguekillers pum?
  19. Isn't the kerncap.vbs a bad sign? Just asking again since this is the pc for online banking... thanks
  20. -The scary part is that also Fbar found Emsi off...did it get turned off/bypassed by malware or were fbar and wundiws wrong? -Is the temp file infected or a false alarm? Thank you
  21. What is the kerncap.vbs that autoruns didn't find? Nothing to worry about? Roguekiller logs are fine too? That would be great thks
  22. Hp updated ciberlink and few hp programs..I didn t reboot, you are right, but why should Emsi disactivate? Was is still protecting the pc or was it off? The temp file and rogue killer logs were o.k too? Thank you
  23. Hello Kevin, how does it look like now? All safe and clean? What is the kerncap.vbs that autoruns didn't find? thank you!!! Addition.txt FRST.txt Fixlog.txt virusinfo_syscheck.zip RKreport_SCN_02172015_104851.log
  24. Hi Kevin, please find attached the new logs. Why are windows and Fbar telling me that Emsi is not active/off? According to Emsi IS, my computer is protected..... who is right? According to NPE (and 2 scanners on virustotal), the attached zip temp file that was in c:/windows/temp is infected too... What do you think? thank you P.S. Since I didn't like the findings till now as the problem with Emsi above I also run rogue killer and attached the log.... Addition.txt FRST.txt virusinfo_syscheck.zip Addition.txt WAXB928.zip RKreport_SCN_02162015_222627.log