alexanderG 0 Report post Posted December 8, 2011 Hi, Friend text-ed me this link and I'd like to share it here. Cxxxxx Dxxxxxx Pxxx Byapssed by Zeroaccess rootkit What setttings may be done in OA so that we are protected from this Zeroaccess rootkit? I am using OA Premium at the moment and will soon be in the free version if I can't renew. Any settings that we should adjust for protection? I refuse to believe that OA can't nail this one. OA Premium has really improved imho. Less pop-ups and seems lighter. Regards, Alex Quote Share this post Link to post Share on other sites
Fabian Wosar 390 Report post Posted December 8, 2011 OA detects the sample aigle uses just fine on all of my test boxes with default settings. I am not sure why aigle has different results but I will try to get the necessary information we need in order to reproduce the problem. Quote Share this post Link to post Share on other sites
alexanderG 0 Report post Posted December 8, 2011 Thanks and I saw your post at Wilders. Yeah!!!!! Quote Share this post Link to post Share on other sites
Nick 10 Report post Posted December 9, 2011 OA detects the sample aigle uses just fine on all of my test boxes with default settings. I am not sure why aigle has different results but I will try to get the necessary information we need in order to reproduce the problem. Well, did you choose Install Mode in the pop-up that appears immediately after having started the Flash installer? As far as I know the Online Help and both the Emsisoft Team and the Moderators on this forum strongly recommend to choose "Install Mode" for known and trustworthy installers, just to prevent that too many pop-ups may raise from Online Armor during the installation process - and that Flash installer is actually digitally signed. Quote Share this post Link to post Share on other sites
Fabian Wosar 390 Report post Posted December 9, 2011 Well, did you choose Install Mode when launching the Flash installer? Install mode requires trusting the application which essentially is a free ticket to let it do whatever it likes to do. So obviously that would kind of defeat the purpose and is the reason why both options must be enabled manually by the user. So obviously Install Mode wasn't used by aigle or me. When you take a look at the Wilders thread again you will see that I already posted an update there. Eventually one of our team was able to reproduce the bypass on his system. Once we had a test case to analyze it took a few minutes to come up with a workaround that we published via online update to all Online Armor users earlier this morning. Quote Share this post Link to post Share on other sites
alexanderG 0 Report post Posted December 9, 2011 Hi, Saw the thread there at Wilders and I see that an update is ready. Is is now as I write available? Regards, Alex Quote Share this post Link to post Share on other sites
Fabian Wosar 390 Report post Posted December 9, 2011 It has already been available for a few hours. Just run the online update inside OA to make sure you got it . Quote Share this post Link to post Share on other sites
alexanderG 0 Report post Posted December 10, 2011 Thanks and all are proud for Emsisoft!!!!!! Quote Share this post Link to post Share on other sites
alexanderG 0 Report post Posted December 10, 2011 With this update OA intercept the Zeroaccess rootkit even with default setting right? Quote Share this post Link to post Share on other sites
Fabian Wosar 390 Report post Posted December 13, 2011 With this update OA intercept the Zeroaccess rootkit even with default setting right? Correct . Quote Share this post Link to post Share on other sites
