Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by ritchie58

  1. Sorry to hear you still think you may be infected. The new site at immunet.com has no malware submission page, just one for False Positives. There is a email address that users could submit malware samples to, but to be honest I'm not sure if this address is still being routinely monitored anymore. With that said, you could use this email address if you'd like to still give it a shot: submit@samples.immunet.com Before sending the samples put them all in a folder, compress the folder using a program like 7zip and use a password to encrypt it, add that as an attachment to the email. As the email header type: Virus Samples, so the tech immediately knows what it is. Include a description of the type of malware you think it is & the problems the malware is causing and any other pertinent data you can think of with the email, just don't forget to include the password so the folder can be unpacked.
  2. I've heard of GOG before myself. It's a gaming client. I would first suggest you report this as a False Positive at this link. http://www.immunet.com/false_positive You would need to obtain the SHA256 hash for the .exe for a proper FP report. If you contact the software developers I'm sure they can provide that vital information we need to white-list that executable. If you still currently want to use the gaming client and Immunet you can create a custom Exclusion rule for the executable. First open the UI & click on Settings -> Scroll down to Add New Exclusion & click on that -> you can either type in the file name manually or use the Browse feature -> once the file is typed in or located with the Browse button click on Add Exclusion -> click Apply. If you still run into conflicts with Immunet it may be necessary to create an additional Exclusion rule for the GOG software's entire Program Files folder as well. I hope you find this info helpful. Cheers, Ritchie...
  3. Hi Chame, Immunet's processes are hardened against outside sources being able to disable them easily. That is a security feature with the software. I'm still perplexed as to why the installer recognized version 0 as previously installed & seemed to get stuck there. That's weird! Obviously there never has been a version 0. It's like the installer couldn't recognize what previous version was already installed. That leads me to believe that maybe some .dll scripts related to the history files got corrupted some how during the Windows update. A plausible extrapolation. Your idea of creating a "Immunet Removal Tool", that would work with the newest 6 builds, to find and delete all Immunet files in case the normal uninstall goes wrong definitely has some merit! Great idea in my view actually! You should also add a new topic in the "Ideas" section of the forum regarding this. If you don't maybe I will but it's your idea so post in that section first if you so desire. I'd like to also commend you on the rather unorthodox fix you were able to conjure up but if it worked that's the most important thing! Way to go, I'm impressed! Best wishes, Ritchie...
  4. Sorry to hear Revo wasn't much help to you Chame. Usually that software is great at dealing with uninstalling stubborn programs or finding left over files from a botched uninstall. Since no other user, thus far, has reported the same issue I believe this to be an isolated, anomalous occurrence. I think it really wasn't a good idea at all to just start manually deleting stuff, especially in the registry. Do you use any type of system imaging or did you, by any chance, create a bootable Win 10 emergency recovery CD or USB device that will write over any corrupted Windows Operating System files or re-install any missing ones? If not, I'm at a loss as to what to try next. Maybe it might be that you'll have to re-format your OS unfortunately.
  5. Microsoft did make some significant changes with the KB4503293 update but why it affected Immunet like that remains a mystery. If Immunet's built in uninstaller is not present might I suggest you use a good third-party uninstaller package like Revo Uninstaller. The free version will work adequately if you have a 32bit system but I would suggest using the fully functional free trial of the Pro version if you have a 64bit system. The Pro version better supports 64bit systems. https://www.revouninstaller.com/revo-uninstaller-free-download/ Never used Revo before? Not to worry, there are some great tutorial videos on Youtube you can view before using the software. Just type in Revo Uninstaller in Youtube's search bar. Also, it might not be a bad idea if you first enter Safe Mode ("without Networking") before using the uninstaller. You will have to install Revo first before entering Safe Mode of course. Here's a link to a Microsoft Knowledge Base article that explains how to enter Safe Mode with Win 10 if you're not sure how that's done. https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode Regards, Ritchie...
  6. Wow! Something went wrong there! What Windows 10 Update file(s) are you referring to? KB??? To view these recent update files first click on Update and Security -> scroll down & select Windows Update -> click on Advanced Options -> click on View your update history. We do take any conflict with any Windows Update files "very seriously!"
  7. I haven't heard back if this idea is actually in any sort of development phase so far. So, at the moment, your guess is as good as mine as to what sort of infrastructure change would take place if this new version ends up being rolled-out ParaiDarkHero.
  8. That removal tool would be useful for someone that has IT experience but I believe that a average computer user would have a difficult time trying to figure out how best to use the software since it relies on IP network traffic as a detection method. Since it seems to be freeware the URL link will remain. If it was a product you have to pay for your thread would have been deleted since that's not allowed on this forum.
  9. Free Download Manager is a legitimate software package however there are fake versions in the wild that can include malicious code. I would first confirm your copy is original by scanning the file using the site VirusTotal. https://www.virustotal.com/gui/home/upload Once you're "absolutely confident" your copy is not malicious here's instructions to add a custom Exclusion rule for the file. First open the UI & click on Settings -> Scroll down to Add New Exclusion & click on that -> you can either type in the file name manually or use the Browse feature -> once the file is typed in or located with the Browse button click on Add Exclusion -> click Apply. Cheers, Ritchie...
  10. Thanks for reporting this & "some great detective work on your part!" If disabling the ClamAV module alleviates the excessive CPU usage I would have to also concur that is "definitely" the culprit. We have had a few issues with ClamAV recently besides what you're now reporting. I would recommend you keep the ClamAV module (and updates for it) disabled until the devs can further look at this situation. As long as you keep the ETHOS & SPERO cloud detection engines enabled you don't entirely lose malware protection. In fact some folks normally like to use just the cloud engines to keep Immunet's use of system resources to a minimum. It has always been recommended if Immunet is to be used as a companion AV to another "paid" AV product to disable the ClamAV module. If you would like to also report this issue "directly" to the ClamAV devs here is a link for that. Use the Report A Bug option. https://www.clamav.net/contact Best wishes, Ritchie...
  11. As I mentioned in a previous thread to this topic I too use Win 7 but I'm not seeing this behavior myself Lemmoncurry. Are you using Immunet as a companion to another AV or security product? If so, did you create exclusion/exception/allow rules for the entire Program Files folders with both?
  12. Hi charlie909, did you check for corrupted, problematic, not needed drivers or see if any drivers needed updated like it was suggested in the article? The article also pointed out that this error can be caused by some rather serious hardware issues such as a failing hard drive or faulty memory modules. If you think Immunet might be responsible for this error you could check the Quarantine list to see if any files related to Windows Update is present. If so, let us know what the detection name(s) is/are right away! A screen shot of the Quarantine Details dialog data regarding these files (if any) could be very helpful. Regards, Ritchie...
  13. This subject has been brought up before in the past but I think it's still a great idea & I agree with you grumpygarf, it would be great if you could batch restore/delete files located in the Quarantine list!
  14. Hello Mike, we've been having some problems with the ClamAV module & folks encountering a number of False Positives recently. Have you tried to restore the file from Quarantine? Just click on the underlined word Quarantine located below the History tab on the UI -> see if you can find the file in the Details dialog box list and click on it -> select the Restore option. This will move the file to the Exclusion list. If you still encounter issues installing FF with additional Clam.Win detections or the file is not listed for restoration, in Settings, try disabling the ClamAV module altogether before installing. We do have a site for reporting False Positives here. http://www.immunet.com/false_positive You could also report this False Positive directly to the ClamAV team if you're so inclined. They do have their own FP reporting site here. http://www.clamav.net/reports/fp Cheers, Ritchie...
  15. Hi Mark, there seems to be some sort of problem with ClamAV quarantining seemingly legitimate files from a number of users of late. This is something the devs definitely need to look into ASAP! Sorry for the inconvenience this is causing. I would suggest you temporarily turn off the ClamAV module & updates for it for now until this issue gets resolved. With the holiday Memorial Day weekend it may not be until Tuesday before an Admin or Dev looks into this. P.S. - Great idea to submit this info to the ClamAV team directly. Thanks for that! Also, you can use Immunet's Restore feature to unlock those files if you need them now.
  16. Hi DmitriL, I too use Win 7 but am not seeing this behavior since I'm running Immunet as a companion AV to a different paid AV product without the ClamAV module enabled. If any of you want to experiment a bit, try temporarily turning off the ClamAV module and updates for it to see if that makes a difference. I know that's not the optimum thing to do but if we can determine if it's the ClamAV module doing this that will give the devs a good head start to find out the cause & fix this issue. Just don't turn off the ETHOS & SPERO cloud detection engines too or you won't have any protection at all!
  17. Hello TechRay, since these are FP's being generated by the ClamAV module might I suggest you report these directly to the ClamAV team instead for a faster possible resolution. They do have a FP reporting site at this link. http://www.clamav.net/reports/fp
  18. Hi guys, sorry to hear you're all having issues. Another bug with Win 10 rears it's ugly head yet again! Has any of you gentlemen seen any Windows Error messages when this occurs?
  19. Immunet did not encrypt your files. What you have actually done is allow ransomware to be installed on your computer! The file zoro4747 is known to be a ransomware installer. That's the reason for the encrypted files. The attachments you provided were deleted since they were extremely suspect since I encountered a possibly malicious cross-scripting attempt (thank you Anti-Exploit & NoScript!). "We do not allow genuine malware samples to be posted here so please do not re-post those attachments anywhere on this forum for the safety of other forum members!" I would suggest you enter Safe Mode with Networking & run a full scan of your OS drive to see if Immunet can clean your system. That probably isn't going to fix the files that are already encrypted by the malware however. That's why it's so important to "backup files you don't want to lose" on an external hard drive or USB device that's "ordinarily not connected" to the PC.
  20. Hi all, The newest build of Immunet has a new running process called cscm. Microsoft made some improvements as to how antivirus solutions can better protect their software from unauthorized intrusion. It's a fact that some malware has the capacity to disable the installed AV, usually through unauthorized code-injection methods. This added security protocol will make it much harder for malware to disable Immunet. For anyone that wants to read this Windows Dev Center article (thanks Wookiee) regarding this added security protocol click on this link. https://docs.microsoft.com/en-us/windows/desktop/services/protecting-anti-malware-services- Regards, Ritchie...
  21. Hi chatz, the devs must still be working on the issue. There have been recent reports of a couple of history data bugs that needs addressing and it does take time to roll-out a new bug fix build. Keep in mind, these history data bugs will in no way affect the malware protection provided by Immunet if anyone's worried about that. I'm sure Wookiee will add another thread to this topic if there's anything relevant to report.
  22. Hi Anders, The Microsoft Store recognizes Python as a legitimate application so I would concur that is definitely a False Positive. I don't think that exe. has been deleted, just quarantined. Have you looked in Quarantine and attempted to use the Restore feature for the executable? Just click on the underlined word Quarantine below the History tab on the UI. Find the exe. in the right side Details dialog box & click on it, then select the Restore option. Once restored that will automatically put the file in the Exclusion list and will no longer be scanned. If you continue to have issues another option would be to create an Exclusion rule with Immunet for Python's entire Program Files folder. Why python.exe got quarantined in the first place is something the devs will have to look at. We do have a False Positive reporting site so if you can find out the SHA256 hash of the exe. please submit that data here. http://www.immunet.com/false_positive Let us know if you continue to encounter problems with this app & Immunet. Regards, Ritchie...
  23. Hello Lito and thank you for your interest in Immunet! Immunet is totally free for home/personal use and for any "non-profit" charitable or educational organization. Immunet is not licensed for and should not be used for any "for-profit" business, service or organization. No support will be offered if it's discovered that Immunet is being used in such a manner. This info is included with the End User License Agreement (EULA) when first installing Immunet. Immunet is compatible with Windows security software. It is recommended that you create an allow/exception rule for Immunet's entire Program Files folder with Windows Security & create an Exclusion rule for Win Security's entire Program Files folder with Immunet. This helps avoid possible future conflicts between the two programs. With Windows Firewall both in-coming/out-going data allow rules should be created for Immunet's processes which are sfc.exe, iptray.exe & freshclam.exe (if using the ClamAV module). Immunet currently supports these Windows platforms. Windows 7, 8, 8.1, 10, Server 2008 R2, Server 2012 & Server 2016. I hope that answered your questions adequately. If you have any additional questions feel free to add another thread to this topic. Cheers, Ritchie...
  24. I did run some additional scans other than the scheduled scan and I couldn't seem to duplicate this behavior. The additional scans showed up with the Scan History and no other scan data inexplicably disappeared.
  25. With your newest threads and some research I performed I have doubts it's Ransomstopper that's causing a conflict with Immunet. I too use a daily scheduled flash scan and out of curiosity I checked my history files. There's listings for the last five days of scheduled scans with my UI. I'll run some additional scans to see if I can possibly replicate this behavior on my computer. I do use a different OS (Win 7 X64) so that might not prove anything if this is an issue solely with Win 10 but I'll give it a shot & let ya know.
  • Create New...