Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by Lode

  1. "Which browser offers the best malware protection?"


    The above title refers to this page: 



    It so happens that my default and favorite browser is Opera, the least safe according to the test.  :blush:


    Still I feel quite safe using Opera as I always run it in the virtual reality space -sandbox- of Sandboxie. See animated illustration of how that works: http://www.sandboxie.com/


    Because I use the browser integrated Opera Mail client, that is also run in the sandbox by default.

    Besides that I have the protection of Online Armor, Emisoft Anti-Malware, MalwareBytes, HitmanPro free, SpyShelter Pro, and the free Kaspersky Security Scan scanner. 


    Maybe I'm overdoing it a bit with those "second opinion" scanners -I do trust EAM and OA- but they seem to be compatible, and take up little space.


    I had read in the past that since most people used IE, most malware was written for that browser, and that because relatively few used Opera, the malware developers left that one mostly to the side... so this is a surprise to me.


    With all the protection I have, I trust I will be fine using Opera. I also have IE9 (10 didn't work for me, mostly showing a blank page with grayed out buttons) and Firefox, but I hardly ever use them. I like the looks of Opera best the way I have personalized it.  :)

  2. Thank you. That brought me to these articles:


    "Six Windows 7 Nightmares (and How to Fix Them)

    1. Your PC Won't Boot"



    I had no idea that one could make a System Repair Disc from one's own pc.


    "What are the system recovery options in Windows 7?"



    (You are the one who also helped me a few times already with some other EAM + OA issues via email I just realize. Ook dank daarvoor. [Also thanks for that.])



  3. Thank you.


    I understand that some rootkits hide so well that they might no be discovered by a regular scan. And that they can already be active while Windows is starting up.


    I might have had such a problem a few days ago. Right after Windows showed the Welcome screen, a black screen appeared, and Microsoft gave a message saying that Windows could not be started, and offered to check and restore things. For a long time rows of white sentences rolled up, beginning with "Error" and ending with "Restored." ("Hersteld" in Dutch.) Then automatically it tried to start my Windows 7, but the same "Windows cannot be started" message appeared again.


    I tried to use a backup -via f9- made a week ago, stored on an external drive, but it didn't work. 


    Finally I used the 3 factory rescue disks to reformat and spend over 2 days getting my laptop in shape again.

    So I wonder if the Emergency Kit might have solved that in case it was due to a rootkit.


    I have a 3 year EAM + OA licence, but also nearly a year to go on Avira Premium which I used before getting EAM. I'm not using Avira at present, but they offer a somewhat complicated rescue-cd option (you must download some third party software first, and then burn the rescue-program on a cd) which removes rootkits not found by its regular scanner. Does EAM's Emergency Kit also do that?


    (I like the easy option of the USB stick better than the rescue-cd option.)

  4. PS:

    I see various download buttons on the download page for the Emergency Kit here: http://www.emsisoft.com/en/software/eek/

    One is shown on top of the page right under "Emsisoft Emergency Kit 3.0", and scrolling down there is one saying "Do-it-yourself Emergency USB stick." I suppose they are identical, so the first one can be send to a memory stick once you have it downloaded and saved on your pc? (I have saved it in my Download folder.)

  5. I suppose that a scan with the normal EAM scanner is the same as -or similar to- a scan with the Emergency Kid scanner. The latter only being for cases where a normal scan with EAM is not possible due to a malware infection so bad that Windows does not even start up normally anymore. Or some similar severe problem.


    The only difference being that the normal EAM scanner has more virus definitions, as they were added to it since the Emergency Kit was made.


    How is this?

  6. Thank you very much.


    I followed your instructions, and saw that Zemana.com was already in "Don't block" mode. I did click on the green "check" V when EAM showed a popup saying that it was blocking Zemana trying to make a connection.


    Because I saw it in the Log, I mistakenly thought it was still blocked. I didn't know that clicking on the green "V" meant "It's OK, don't block it."


    Good to know how to unblock something though, in case I would ever need to.  :)

  7. Thank you. 

    I installed the battery monitor you recommended, and it looks very nice. But it has no alarm when the charge reaches a pre-set %.

    I did not see any way to un-install it, as it did not appear in the programs list, nor in Revo-Uninstaller. I found it by typing "battery monitor" in the Start search bar (don't know what it's called) and removed it to the waste basket ("Prullenbak" in Dutch). But still it was fully functional on my desktop:

    So I mailed Julien, and this was his kind reply:


    If you want to uninstall my Battery Monitor gadget, right click on the Windows desktop, choose "Gadgets".
    In the window that shows up, there is a list of all your installed gadgets. Right click on mine, and select "uninstall".
    Julien MANICI


    This option was a total surprise to me, as I had not clicked on my desktop since I have Windows 7 (1 1/2 years). The last time was in Windows xp before I had the current laptop.


    SpyShelter recently flagged something from Realtek (audio) as a keylogger. I had SpyShelter send it to VirusTotal for me, and of the 42 AVs only one -Trend-Micro- had it as malware: a Trojan. Which I assume was a false positive, or something innocent. 


    But better a false positive by being extra cautious, than no detection when it is malware. Same in this OA case. ; )


    OA always shows up first asking me for allowance or not when I install a new program. After I allow it SpyShelter comes to attention, asking the same. As if it lets OA go first... a real gentleman-like behavior. : D


    PS: I already had "intercept loopback" un-checked. but for more Fun now checked "Notify me when programs are allowed to access the internet." Just for a while.  

  8. PS:

    I just had VirusTotal also scan 1.1.12, and the result was 0/41



    To have VirusTotal scan 1.1.12 I only found it again on CNET Download.com. On all other sites I looked they would download other versions -even though it said 1.1.12- but this time I had none of the problems I mentioned above. Maybe last time I did not un-check the extra add-ons carefully enough...

  9. I suppose you meant this following website?  http://www.exs-studios.com/

    Because when I click on the link you gave I get the 404 error message again.


    To try it out again, I un-installed 1.1.17 and installed 1.3.3 again. It does work on my Windows 7 (Home Premium), but with this error message appearing sometimes:

    It appears when the alarm sounds for example, when the battery reaches the 40% charge point. So it does work, but with this flaw. Reason I'm going to remove it again, and re-install 1.1.17. 


    I finally know how to find BatteryMonitor.exe to upload it to VirusTotal. For anyone still learning as I am how to find files:

    Start > Computer > Local Disk (C:) > Program Files (x86) > Laptop Battery Monitor > BatteryMonitor. 


    The result for Battery Monitor 1.3.3 on VirusTotal was 0 malware detections out of 42 AV tests results:

  10. I'm also using Windows 7 (Home Premium) and all 3 Battery Monitor versions I tried work. I also surf by default in the sandbox -Sandboxie- but installed this as usual outside of that on my hard disk.


    My apologies that my pc knowledge is limited, and that the following might be mostly superfluous.


    I had version 1.1.17 installed after I removed 1.1.12, and because OA had given that warning for 1.1.12 -and not for 1.1.17, I removed 1.1.17 and re-installed 1.1.12. I wanted  to upload BatteryMonitor.exe version 1.1.12 to VirusTotal, and then post the link to the analysis at your request.


    But that went not without some difficulties. This time I downloaded it first from hxxp://www.brothersoft.com/laptop-battery-monitor-43137.html

    That resulted in a mess, even though I ticked "Custom installation" and un-ticked all add-on options. OA again flagged it as a keylogger: 




    After the above had installed more OA popups appeared about things that had nothing to do with Battery Monitor it seemed to me, so -not knowing how to get rid of that- I re-set my laptop back using a backup made a few days ago.


    But on that one I already had 1.1.17, so I un-installed it -Revo Uninstaller to make it a clean one- and re-installed 1.1.12, this time from http://download.cnet.com/Laptop-Battery-Monitor/3000-2094_4-10442542.html 


    Again here also I chose "Custom" etc., but then this appeared and I allowed it:

    Here I checked on-line and allowed it 


    No keylogger warning this time.


    In the mean time SpyShelter gave a popup, and I had it send me to VirusTotal:


    Before I had tried to upload BatteryMonitor.exe by first typing that in my search bar in Start to find it, but it might have been the installer -I wouldn't know how to find "BatteryMonitor.exe" in any other way due to my limited pc knowledge- but then this appeared: https://www.virustotal.com/file/analysis/failed/


    I hope that upload to VirusTotal through SpyShelter helped.


    PS: Maybe it is my Opera browser, but when I edit the above in the normal option I get a completely blank post. So I hit "Edit" again -and the post appears again- and then use the "Use Full Editor" mode and it appears after hitting "Submit Modified Post."

  11. I just received a reply:


    The software is ours but it doesn’t do any keyloggin/etc.
    Robert Muresan
    Technical Director, exosyphen studios



    I believe Robert. And with over 70.000 downloads so far for the 1.1.12 version since 2005 -from CNET Download.com alone- it would be known by now if it were a keylogger. 


    In the mean time I have installed it again -actually version 1.1.17- and I think the OA warning was a false positive. 


    I like this software because I learned that the best way to prolong the life of a laptop battery is to keep it charged at 40%. Since I only need the battery when I move my laptop from my living room to my bedroom -if I don't want to turn it off- I don't normally keep the battery in it, and just put it in when I'm about to walk with it, unplug the AC current, plug it back in once in the other room, and remove the battery again. This is seldom, as I usually sit with it in my living room.


    To keep it charged at 40% is easy with this battery monitor, as it can be set to sound an alarm when the battery reaches 40% charge, whether while discharging or charging. So when during charging I hear the alarm, I remove the battery which will have reached 40%, and I do the same in case I charged it over 40%. Then I use the laptop while the battery slowly discharges, and when the alarm sounds -at 40%- I remove the battery.


    I found out about this 40% business here for Lithium-ion batteries: http://batteryuniversity.com/learn/article/how_to_store_batteries

  12. It might be a false positive of course. This is what Battery Monitor 1.1.12 looks like: http://download.cnet.com/Laptop-Battery-Monitor/3000-2094_4-10442542.html


    There is a link on that page that leads to another page and link to this site: http://www.exosyphen.com/


    Also, there is this website which shows an almost identical battery monitor, probably made by the same people later: http://www.exs-studios.com/


    I emailed them trough the latter website -now 3 days ago- about OA reporting this as a keylogger, but no reply yet.

  13. It looks like the problem is solved. About a week ago some unusual things happened -laptop running hotter than normal, OA asking me for permission for things I had allowed a long time ago and had not been asked about since, then a BSOD.

    My AV scanners found no malware, but after a reboot I ended up with a black screen for minutes -only the cursor arrow showing in the center- and finally the message in the top left corner that the Bootmrg was missing...

    I ended up reformatting with the System Recovery DVDs, and have been working these last few days getting everything back to how it was before the problem started. The only difficulty left was the above posted OA problem.

    To give the info asked on the page the above given link directs to, I checked to see if I had SP1 on my Windows 7 Home Premium 64 bits. I didn't see it on the Windows update list. On intuition I checked for the latest updates, and found that it wasn't set to check automatically. Right after changing that 83 new Windows Security updates were downloaded and installed just a few moments ago. Immediately after a reboot OA worked fine. :D

  14. Hi!

    Right after re-starting my laptop an OA Alert popup appears, warning that a firewall is needed, and that is not starting up.

    Also, often in the OA Firewall Status windows -for the graphics- it says "There are no active interfaces."

    The only other AV I have is Avira and Malwarebytes.

    Any way to fix this?

  15. PS:

    catprincess, you gave me that advice I just remembered:

    "Alternatively, you can also use the Domain's list to block domain names which may be easier. You could for example enter *.facebook.com to block all such domains. There are some programs that interfere with the Domain's list block feature though; I believe the Chrome browser prevents it from working and also Trusteer Rapport so you may want to check it out on a test site first."


    Thanks again!

  16. Thank you both. My friend had added me to her contacts -or friends, I don't know the term- in her Facebook account by filling in my email address. But then she deleted it. This was months ago. I did get an email from FB, but kindly refused the offer to become a member too.

    Yet I agree that can hardly have been the reason for my laptop contacting FB.

    So maybe as suggested I was connected to a website with a FB link at those moments I saw those connections in OA. I don't remember.

    But I remembered I had blocked it before in OA, and never saw it again. Until I lost that blocking after re-installing OA recently. Yet it just came to me how I did it the previous time -if I remember well: I added www.*facebook.com to Do mains in OA and blocked it. I'll see what happens and report back here.

  • Create New...