Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by Lode

  1. PS: I see various download buttons on the download page for the Emergency Kit here: http://www.emsisoft.com/en/software/eek/ One is shown on top of the page right under "Emsisoft Emergency Kit 3.0", and scrolling down there is one saying "Do-it-yourself Emergency USB stick." I suppose they are identical, so the first one can be send to a memory stick once you have it downloaded and saved on your pc? (I have saved it in my Download folder.)
  2. I suppose that a scan with the normal EAM scanner is the same as -or similar to- a scan with the Emergency Kid scanner. The latter only being for cases where a normal scan with EAM is not possible due to a malware infection so bad that Windows does not even start up normally anymore. Or some similar severe problem. The only difference being that the normal EAM scanner has more virus definitions, as they were added to it since the Emergency Kit was made. How is this?
  3. Thank you very much. I followed your instructions, and saw that Zemana.com was already in "Don't block" mode. I did click on the green "check" V when EAM showed a popup saying that it was blocking Zemana trying to make a connection. Because I saw it in the Log, I mistakenly thought it was still blocked. I didn't know that clicking on the green "V" meant "It's OK, don't block it." Good to know how to unblock something though, in case I would ever need to.
  4. Hi! EAM just blocked an outgoing connection to Zemana.com., a well known company. I guess it's the free Zemana anti-keylogger I have on my notebook checking for a possible update. I see it in the Log, and wonder how I can allow it.
  5. Yes, I'm using 1.1.17 without warnings. Thank you.
  6. Thank you. I installed the battery monitor you recommended, and it looks very nice. But it has no alarm when the charge reaches a pre-set %. I did not see any way to un-install it, as it did not appear in the programs list, nor in Revo-Uninstaller. I found it by typing "battery monitor" in the Start search bar (don't know what it's called) and removed it to the waste basket ("Prullenbak" in Dutch). But still it was fully functional on my desktop: So I mailed Julien, and this was his kind reply: ............................................................... "Hi, If you want to uninstall my Battery Monitor gadget, right click on the Windows desktop, choose "Gadgets". In the window that shows up, there is a list of all your installed gadgets. Right click on mine, and select "uninstall". Regards, Julien MANICI ............................................................... This option was a total surprise to me, as I had not clicked on my desktop since I have Windows 7 (1 1/2 years). The last time was in Windows xp before I had the current laptop. SpyShelter recently flagged something from Realtek (audio) as a keylogger. I had SpyShelter send it to VirusTotal for me, and of the 42 AVs only one -Trend-Micro- had it as malware: a Trojan. Which I assume was a false positive, or something innocent. But better a false positive by being extra cautious, than no detection when it is malware. Same in this OA case. ; ) OA always shows up first asking me for allowance or not when I install a new program. After I allow it SpyShelter comes to attention, asking the same. As if it lets OA go first... a real gentleman-like behavior. : D PS: I already had "intercept loopback" un-checked. but for more Fun now checked "Notify me when programs are allowed to access the internet." Just for a while.
  7. PS: I just had VirusTotal also scan 1.1.12, and the result was 0/41 https://www.virustotal.com/file/1624d6bebbccaf891d66d85e6b2b59ec9b027c3cfb4b2db1dfd1341ccccd50b2/confirmation/?ajax=false&detection-ratio=0/41&blob=AMIfv95cEzfc4zObHxBKkGzWliQFlflQUfJd_uCcCdec1PSR_jp6bn1lS6QXVNg5BC3ynRhJT6MyrrLZtTt27023kMgaa3TMGQP2sP_jYQiHBSOOiXDmn50BHW_hcoF4sG_cqKcIwIsZDxez24gMe0q79jFZgMxLmQ&last-analysis=1251995380&filename=BatteryMonitor.exe To have VirusTotal scan 1.1.12 I only found it again on CNET Download.com. On all other sites I looked they would download other versions -even though it said 1.1.12- but this time I had none of the problems I mentioned above. Maybe last time I did not un-check the extra add-ons carefully enough...
  8. I suppose you meant this following website? http://www.exs-studios.com/ Because when I click on the link you gave I get the 404 error message again. To try it out again, I un-installed 1.1.17 and installed 1.3.3 again. It does work on my Windows 7 (Home Premium), but with this error message appearing sometimes: It appears when the alarm sounds for example, when the battery reaches the 40% charge point. So it does work, but with this flaw. Reason I'm going to remove it again, and re-install 1.1.17. I finally know how to find BatteryMonitor.exe to upload it to VirusTotal. For anyone still learning as I am how to find files: Start > Computer > Local Disk (C:) > Program Files (x86) > Laptop Battery Monitor > BatteryMonitor. The result for Battery Monitor 1.3.3 on VirusTotal was 0 malware detections out of 42 AV tests results:
  9. Correction (as I cannot edit the above anymore): Here I checked on-line and allowed it: Then this appeared and I allowed it: And here I chose "RunSafer": I didn't tick "Remember my decision" because I wanted to await the verdict here. (Before using the backup I had saved some of the above on an external drive so I could post it here afterwards.)
  10. I'm also using Windows 7 (Home Premium) and all 3 Battery Monitor versions I tried work. I also surf by default in the sandbox -Sandboxie- but installed this as usual outside of that on my hard disk. My apologies that my pc knowledge is limited, and that the following might be mostly superfluous. I had version 1.1.17 installed after I removed 1.1.12, and because OA had given that warning for 1.1.12 -and not for 1.1.17, I removed 1.1.17 and re-installed 1.1.12. I wanted to upload BatteryMonitor.exe version 1.1.12 to VirusTotal, and then post the link to the analysis at your request. But that went not without some difficulties. This time I downloaded it first from hxxp://www.brothersoft.com/laptop-battery-monitor-43137.html That resulted in a mess, even though I ticked "Custom installation" and un-ticked all add-on options. OA again flagged it as a keylogger: After the above had installed more OA popups appeared about things that had nothing to do with Battery Monitor it seemed to me, so -not knowing how to get rid of that- I re-set my laptop back using a backup made a few days ago. But on that one I already had 1.1.17, so I un-installed it -Revo Uninstaller to make it a clean one- and re-installed 1.1.12, this time from http://download.cnet.com/Laptop-Battery-Monitor/3000-2094_4-10442542.html Again here also I chose "Custom" etc., but then this appeared and I allowed it: Here I checked on-line and allowed it No keylogger warning this time. In the mean time SpyShelter gave a popup, and I had it send me to VirusTotal: Before I had tried to upload BatteryMonitor.exe by first typing that in my search bar in Start to find it, but it might have been the installer -I wouldn't know how to find "BatteryMonitor.exe" in any other way due to my limited pc knowledge- but then this appeared: https://www.virustotal.com/file/analysis/failed/ I hope that upload to VirusTotal through SpyShelter helped. PS: Maybe it is my Opera browser, but when I edit the above in the normal option I get a completely blank post. So I hit "Edit" again -and the post appears again- and then use the "Use Full Editor" mode and it appears after hitting "Submit Modified Post."
  11. I just received a reply: ............................................. Hello, The software is ours but it doesn’t do any keyloggin/etc. Robert Muresan Technical Director, exosyphen studios ............................................. I believe Robert. And with over 70.000 downloads so far for the 1.1.12 version since 2005 -from CNET Download.com alone- it would be known by now if it were a keylogger. In the mean time I have installed it again -actually version 1.1.17- and I think the OA warning was a false positive. I like this software because I learned that the best way to prolong the life of a laptop battery is to keep it charged at 40%. Since I only need the battery when I move my laptop from my living room to my bedroom -if I don't want to turn it off- I don't normally keep the battery in it, and just put it in when I'm about to walk with it, unplug the AC current, plug it back in once in the other room, and remove the battery again. This is seldom, as I usually sit with it in my living room. To keep it charged at 40% is easy with this battery monitor, as it can be set to sound an alarm when the battery reaches 40% charge, whether while discharging or charging. So when during charging I hear the alarm, I remove the battery which will have reached 40%, and I do the same in case I charged it over 40%. Then I use the laptop while the battery slowly discharges, and when the alarm sounds -at 40%- I remove the battery. I found out about this 40% business here for Lithium-ion batteries: http://batteryuniversity.com/learn/article/how_to_store_batteries
  12. PS: Clicking on that last link gives an error message, as you might have noticed. Just copy/paste it in a new browser tab: http://www.exs-studios.com/
  13. It might be a false positive of course. This is what Battery Monitor 1.1.12 looks like: http://download.cnet.com/Laptop-Battery-Monitor/3000-2094_4-10442542.html There is a link on that page that leads to another page and link to this site: http://www.exosyphen.com/ Also, there is this website which shows an almost identical battery monitor, probably made by the same people later: http://www.exs-studios.com/ I emailed them trough the latter website -now 3 days ago- about OA reporting this as a keylogger, but no reply yet.
  14. Hi! I had been using Battery Monitor 1.1.12 for quite some time, but day before yesterday OA gave a popup warning about this program, saying: "Keylogger Detected" I attach a screen shot of the popup I made before I hit "Allow", but left "Remember my decision" unchecked. But thinking it is better to be safe than sorry, I just removed the program.
  15. It looks like the problem is solved. About a week ago some unusual things happened -laptop running hotter than normal, OA asking me for permission for things I had allowed a long time ago and had not been asked about since, then a BSOD. My AV scanners found no malware, but after a reboot I ended up with a black screen for minutes -only the cursor arrow showing in the center- and finally the message in the top left corner that the Bootmrg was missing... I ended up reformatting with the System Recovery DVDs, and have been working these last few days getting everything back to how it was before the problem started. The only difficulty left was the above posted OA problem. To give the info asked on the page the above given link directs to, I checked to see if I had SP1 on my Windows 7 Home Premium 64 bits. I didn't see it on the Windows update list. On intuition I checked for the latest updates, and found that it wasn't set to check automatically. Right after changing that 83 new Windows Security updates were downloaded and installed just a few moments ago. Immediately after a reboot OA worked fine.
  16. PS: In Firewall Interfaces -green- Active and Trusted are both ticked, and under Description it says: "Discovering network. Wait, please..." It does take a long time for the Internet connection to be made after reboot... it seems like minutes.
  17. Hi! Right after re-starting my laptop an OA Alert popup appears, warning that a firewall is needed, and that is not starting up. Also, often in the OA Firewall Status windows -for the graphics- it says "There are no active interfaces." The only other AV I have is Avira and Malwarebytes. Any way to fix this?
  18. Thanks. I just added *facebook*.* to Domains blocked as well.
  19. PS: catprincess, you gave me that advice I just remembered: "Alternatively, you can also use the Domain's list to block domain names which may be easier. You could for example enter *.facebook.com to block all such domains. There are some programs that interfere with the Domain's list block feature though; I believe the Chrome browser prevents it from working and also Trusteer Rapport so you may want to check it out on a test site first." http://support.emsisoft.com/topic/5104-how-to-block-connecting-to-an-unwanted-ip/page__hl__facebook__fromsearch__1 Thanks again!
  20. Thank you both. My friend had added me to her contacts -or friends, I don't know the term- in her Facebook account by filling in my email address. But then she deleted it. This was months ago. I did get an email from FB, but kindly refused the offer to become a member too. Yet I agree that can hardly have been the reason for my laptop contacting FB. So maybe as suggested I was connected to a website with a FB link at those moments I saw those connections in OA. I don't remember. But I remembered I had blocked it before in OA, and never saw it again. Until I lost that blocking after re-installing OA recently. Yet it just came to me how I did it the previous time -if I remember well: I added www.*facebook.com to Do mains in OA and blocked it. I'll see what happens and report back here.
  21. Hi! I see that my laptop makes contact with Facebook. I've no Facebook account, and the only reason I see for this might be that a friend of mine has added me to her Facebook friends list, which she confessed she had. Although even then I don't understand why this is happening. Anyway, how can I block this? Not that I have anything to hide or am paranoid. I just don't like this possible spying out of principle. Especially not after seeing this: http://www.youtube.com/results?search_query=facebook+cia+&oq=facebook+cia+&aq=f&aqi=g10&aql=&gs_sm=12&gs_upl=13873l14946l0l17914l7l7l0l0l0l0l91l580l7l7l0
  22. PS: It also looks like not allowing those items interferes with automatic Windows updates. I checked for those, and there were a number I had not received. I looked in OA's program list last night and found one of the 2 items as blocked, but could not find the other one -don't remember which one I found and which one I didn't- so to start all over again I un-installed OA and installed it again. This morning when I checked for Windows updates again there were 4 more essential ones, and after installing them OA again asked about "dwmapi.dll" and "inetcpl.cpl", so this time I allowed them and let OA remember my decision.
  23. About "inetcpl.cpl" and "dwmapi.dll" I was just a bit too distrusting it looks like. At least according to this website where I checked under "System Processes" > "File" > "(more info)." For the English version click on a flag icon: http://www.computer-support.nl/
  • Create New...