Fabian Wosar

Emsisoft Employee
  • Content Count

    4403
  • Joined

  • Days Won

    1

Everything posted by Fabian Wosar

  1. No file locations. There are certain registry keys though that will hold certain settings including the ones you mentioned. You may want to think about adding the a-squared folder inside your "My documents" folder as well since it is the default save location for scan sets and logs.
  2. The problem is most likely that your "explorer.exe" ended up infected by a virus and was therefore quarantined. You can fix it using the following steps: When you are looking at the empty screen press the following keys simultanously on your keyboard: CTRL ALT DEL. After that the Windows task manager should appear. Click on "File", "New task" to get a command prompt. Click on "Browse", browse to your a-squared directory and select "a2free.exe". After clicking "OK" a-squared should show up. Just restore the items from the quarantine. As soon as you have done that restart the PC by using the "Shutdown" menu of the Task Manager. It would help if you could give further details about the infections found. Preferably the name of the malware that was detected.
  3. The white list has actually two kind of entries: You can either whitelist malware names (which is done if you whitelist malware using the contextmenu of the scanner) or using file or directory names. If you whitelist a malware name you will never see a warning again from the scanner for that particular malware name, no matter what the name of the file is. If you whitelist a file or directory name the file or directory is not scanned so you will no longer trigger any kind of alerts no matter what malware is found inside of them. In your case you can't see files you have whitelisted since you simply haven't whitelisted any files but only malware names. To whitelist specific files you have to add them yourself without using the context menu of the scanner. By the way ... a-squared Anti-Malware 5.0 will have a completely reworked whitelisting feature.
  4. The detection of C:\Program Files\Microsoft Office\Visio10\1033\Visres.dll is most likely a false positive. Can you please submit the file using the submit function inside the a-squared Quarantine?
  5. Hi stringo71, your infections seem to reside inside the Windows System Restore folder. This folder is used by the System Restore feature of Windows. Therefore a-squared can't delete files there. The easiest way to get rid of the files is to temporarily deactivate the Windows System Restore. This will delete all System Restore points you have created in the past though. A step-by-step guide on how to activate and deactivate the Windows System Restore function in Windows XP can be found here: http://support.microsoft.com/kb/310405 Just deactivate the Windows System Restore feature, reboot and activate it again.
  6. Hi, thanks for your report. I can confirm that this is in fact a false positive. I removed the signature and published a revised signature update. It should be available within the next 5 minutes.
  7. If you miss more than 50 updates of the IKARUS engine (which equals about 3 days of updates) you will have to download the whole database again. While we agree that this design is not very low bandwidth friendly there is really nothing we can do about it. It's not our design, we just license the engine. IKARUS is working on an overhaul for their update system though. But as always we can't give any ETA when the new update system for IKARUS will be available.
  8. Usually you don't get any response. We ask for your contact details in case something was wrong with the transfer or if we need any more information about the files you submitted. But in general you won't get an answer.
  9. Die von uns verwendete IPC Methode basiert auf LPCs. Dieser Mechanismus ist zwar undokumentiert, allerdings im permanenten Windows-internen Gebrauch. Entsprechend würd ich es nicht unbedingt als "horrible" bezeichnen wollen . Interessant ist, wieso es da früher keine Probleme gab. Auf unserer Seite hat sich diesbezüglich nämlich nichts geändert.
  10. Die Alarm-Reduktionen oder der Paranoid Modus haben primär nichts damit zu tun ob Dateien überwacht werden oder nicht. Sie haben nur Einfluss auf die Anzahl der Meldungen die generiert werden. Ich würde Dir empfehlen die Standardeinstellungen beizubehalten. Ansonsten empfehle ich Dir an dieser Stelle einen Blick in die Hilfe oder alternativ in unser Tutorial. Prinzipiell werden immer alle Anwendungen überwacht. Die Anwendungen innerhalb der Liste im "Anwendungsregeln" Reiters sind nur Programme für die spezielle Regeln oder Ausnahmen definiert wurden. Dabei bedeutet "Ausgenommen", daß die Anwendung nicht beobachtet und vollständig von der Überwachung ausgenommen wurde. "Beobachtet" bedeutet, daß bestimmte Verhaltensweisen erlaubt, alle anderen aber weiterhin überwacht werden. Und "Blockieren" bedeutet, daß die Anwendung komplett blockiert wird. Diese Anzeige ist in Mamutu vorhanden. In a-squared Anti-Malware allerdings nicht. Ich werde Dein Feedback diesbezüglich einmal an die Entwickler weiterleiten.
  11. a-squared Free has no firewall integrated.
  12. Mir wäre auf Anhieb kein Schädling bekannt, der es mit Hilfe von Pipes oder IPC Mechanismen versucht aus einer Sandbox auszubrechen (wobei das nicht heißt, das dies prinzipiell unmöglich wäre). Ob dieses Settings noch evtl. andere Objekte betrifft, kann ich nicht sagen. Ich benutze Sandboxie nicht.
  13. Prinzipiell könnte man mal versuchen pauschal alle IPC Requests für Firefox und den IE zu erlauben: OpenIpcPath=firefox.exe,* OpenIpcPath=iexplore.exe,* Ist keine sondlich elegante Lösung, aber einen Versuch wäre es wert.
  14. The download available at FileHippo is signed as well: sigcheck v1.60 - sigcheck Copyright (C) 2004-2009 Mark Russinovich Sysinternals - www.sysinternals.com c:\users\administrator\downloads\a2FreeSetup (1).exe: Verified: Signed Signing date: 1:06 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Free Setup Product: a-squared Free Version: 4.5 File version: 4.5 MD5: 61c8facbf9d6d1233a8e3e9f5988cd35 SHA1: 6fdc843de2bf6e31ca4db3e4c07c16e8e2985f62 SHA256: 5d4288e80533d1116aec1da2d5b1abe543ba77ae9ff3948eb9908835eaa8b249
  15. We use embedded authenticode signatures. And in fact if I download the a-squared Free setup from our servers (http://download1.emsisoft.com/a2FreeSetup.exe) I do in fact have a file with a digital signature: sigcheck v1.60 - sigcheck Copyright (C) 2004-2009 Mark Russinovich Sysinternals - www.sysinternals.com c:\users\administrator\downloads\a2FreeSetup.exe: Verified: Signed Signing date: 12:54 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Free Setup Product: a-squared Free Version: 4.5 File version: 4.5 MD5: 61c8facbf9d6d1233a8e3e9f5988cd35 SHA1: 6fdc843de2bf6e31ca4db3e4c07c16e8e2985f62 SHA256: 5d4288e80533d1116aec1da2d5b1abe543ba77ae9ff3948eb9908835eaa8b249 As have all files included in the setup: c:\program files (x86)\a-squared free\a2cmd.exe: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Command Line Scanner Product: a-squared Version: 4.5.0.0 File version: 4.5.0.8 c:\program files (x86)\a-squared free\a2framework.dll: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared framework module Product: a-squared Version: 4.5.0.0 File version: 4.5.0.15 c:\program files (x86)\a-squared free\a2free.exe: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Free Product: a-squared Free Version: 4.5.0.0 File version: 4.5.0.21 c:\program files (x86)\a-squared free\a2freecontmenu.dll: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Free shell extension Product: a-squared Free Version: 4. 5. 0. 0 File version: 4. 5. 0. 1 c:\program files (x86)\a-squared free\a2freecontmenu64.dll: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Free shell extension Product: a-squared Free Version: 4. 5. 0. 0 File version: 4. 5. 0. 1 c:\program files (x86)\a-squared free\a2service.exe: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Service Product: a-squared Version: 4.5.0.0 File version: 4.5.0.31 c:\program files (x86)\a-squared free\a2upd.exe: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared replacement tool Product: a-squared Version: 4.5.0.0 File version: 4.5.0.2 c:\program files (x86)\a-squared free\a2update.dll: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared update module Product: a-squared Version: 4.5.0.0 File version: 4.5.0.23 c:\program files (x86)\a-squared free\engine.dll: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: Emsi Software GmbH Description: a-squared Engine SDK Product: a-squared Version: 4.5.0.0 File version: 4.5.0.41 c:\program files (x86)\a-squared free\t3.dll: Verified: Signed Signing date: 10:42 AM 9/2/2009 Strong Name: Unsigned Publisher: IKARUS Security Software Description: T3 Extended Virus Engine (EVE) Product: T3 Version: 1.1.72.0 File version: 1.1.72.0 c:\program files (x86)\a-squared free\unins000.exe: Verified: Signed Signing date: 12:58 PM 10/12/2009 Strong Name: Unsigned Publisher: n/a Description: Setup/Uninstall Product: n/a Version: n/a File version: 51.50.0.0 c:\program files (x86)\a-squared free\vdbupdate.dll: Verified: Signed Signing date: 9:51 AM 2/13/2009 Strong Name: Unsigned Publisher: Ikarus Software GmbH Description: vdbupdatedll Product: VdbUpdate Version: 1.32.6 File version: 1.32.6
  16. He may be a Windows 9x user and use the a-squared Anti-Malware 9x Edition which is currently at 3.5.0.37.
  17. We are currently investigating the problem. It will take a few days though.
  18. What could be more official than an official newsletter? Beside that since a few weeks now Windows 7 is listed as officially supported here.
  19. Das Thema hatten wir im alten Forum bereits. Folgende Ausnahmen sollten dafür sorgen, daß der Surfschutz funktioniert: OpenIpcPath=\RPC Control\mchIpca2_* OpenIpcPath=*\BaseNamedObjects*\mc2SWDIJ1 OpenIpcPath=*\BaseNamedObjects*\a2_* OpenIpcPath=*\BaseNamedObjects*\mch* OpenIpcPath=*\BaseNamedObjects*\AutoUnhookMap* OpenIpcPath=*\BaseNamedObjects*\Mutex*mAH* OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*mix* OpenIpcPath=*\BaseNamedObjects*\NamedBuffer*mAH*
  20. Do you use a proxy or any kind of anonymizer to connect to the internet?
  21. Please be more specific. The feature wasn't removed. So how could it return?