All Activity

This stream auto-updates   

  1. Past hour
  2. Hi All, I recently had a ransomware attack, my company's file server has been encrypted recently by Nemesis Ransomware Virus. Is there any possibility I can decrypt the files? Also,can you please suggest the best anti-virus software for file servers?
  3. Aditi started following Nemesis Ransomware
  4. Aditi joined the community
  5. Durew started following Emsisoft Anti-Malware is the most expensive security solution in Brazil
  6. Seems to be about average here. (Netherlands)
  7. Today
  8. dssol joined the community
  9. PanPancerny joined the community

  10. R. J. Scanlan

    R.J. Scanlan replied to R.J. Scanlan's topic in Help, my PC is infected!

    FRST.txt scan_170628-125413.txt Thanks for your help so far. I would like to/must start again please Kevin. At this point, after running FRST.exe and on getting to the end clicking on "fix" only elucidates a reply that everything should be in the same place; there is no "fix" so to speak. So it seems I need to return to the beginning. I am operating in safe mode on the crashed desktop computer. My messages to you come from my laptop. I am running a USB from the laptop to the desktop computer to transfer information etc. I have done the tasks again [in safe mode] on the desktop computer and ask that you create another fixlist.txt file for me please; and tell me exactly how and where [i.e. so that all the files, including fixlist.txt, are together somewhere; and where that should be] to save it on the crashed desktop computer via USB. I have not uninstalled EAM on the desktop computer yet as I do not understand how then I am going to run Emsisoft again after that, or do I somehow install another one on the desktop computer later; bearing in mind that I cannot access the internet on the desktop computer because of the Trojan? When do I uninstall EAM; before or after I paste in the new fixlist.txt file you send me? I do need an answer to these questions. I have saved all/each of the relevant files you need again together [as attached] to identical folders on "C" Drive and on the "desktop" of the desktop computer. The folders are: "FRST", "EEK", and "Downloads". Is this appropriate? I have been running Emsisoft and Kaspersky side-by-side on the desktop computer for many years without a problem; so I wonder that this has caused the infection now. I am avoiding having the desktop computer turn off at this stage as I suspect it may never start again. I look forward to your reply and answers to my questions, Cheers, R.J. Scanlan Addition.txt
  11. Ran the fix. Fixlog.txt

  12. need help with removal

    alandash replied to alandash's topic in Help, my PC is infected!

    Fixlog.txt

  13. Can't update EM for Server

    Peretz Stern posted a topic in Emsisoft Anti-Malware

    I’ve logged on to our file server for another matter and noticed that the icon is gray. Upon investigating, it seems that the application hasn’t updated despite is being set to update every 30 minutes. I’ve tried to update it via “update now” shortcut and received a could not connect message. I've unchecked SSL and found that it fails within 3-5 seconds. With SSL it fails after a minute or so. I've uninstalled and reinstalled the software. Six (6) days is a long time to be without an update.
  14. Peretz Stern started following Can't update EM for Server
  15. Peretz Stern joined the community

  16. R. J. Scanlan

    R.J. Scanlan replied to R.J. Scanlan's topic in Help, my PC is infected!

    OK. I have all of the bits together in one folder. Am now running emsisoft emergency kit scan on desktop computer in safe mode. Is that it? I haven't found anything that says "fix" yet? I am afraid to turn the computer off.

  17. R. J. Scanlan

    R.J. Scanlan replied to R.J. Scanlan's topic in Help, my PC is infected!

    Tell me? How do I run FRST please?

  18. R. J. Scanlan

    R.J. Scanlan replied to R.J. Scanlan's topic in Help, my PC is infected!

    I presume EAM is Emsisoft Anti-Malware? Do you want me to delete the whole program? How might I then use it?

  19. R. J. Scanlan

    R.J. Scanlan replied to R.J. Scanlan's topic in Help, my PC is infected!

    What is EAM? There is no EAM to uninstall on my program lists? Where might it be?

  20. R. J. Scanlan

    Kevin Zoll replied to R.J. Scanlan's topic in Help, my PC is infected!

    Kaspersky is most likely intercepting the Trojan first and deleting it from memory before Emsisoft has a chance to detect it. When one detects something and takes action the other security software will not because there is nothing to detect. Another scenario is that KIS and EAM are in conflict. Reboot the system to Safe Mode and uninstall EAM.
  21. Yesterday

  22. R. J. Scanlan

    R.J. Scanlan replied to R.J. Scanlan's topic in Help, my PC is infected!

    You are too late! The Trojan has crashed the internet and email on my desktop where the infection is. I am on my laptop now. What now?

  23. need help with removal

    Kevin Zoll replied to alandash's topic in Help, my PC is infected!

    Got some stuff left to deal with. Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-134639683-2103454891-1955695026-1001\...\MountPoints2: {13c274de-c4f0-11e2-be66-806e6f6e6963} - "H:\TT.exe" HKU\S-1-5-21-134639683-2103454891-1955695026-1004\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-134639683-2103454891-1955695026-1005\...\Policies\Explorer: [NoViewContextMenu] 0 ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:47574 SearchScopes: HKU\S-1-5-21-134639683-2103454891-1955695026-1004 -> DefaultScope {355AFF09-EA2C-4AC6-B74C-2BE76AE1E7B9} URL = SearchScopes: HKU\S-1-5-21-134639683-2103454891-1955695026-1004 -> {355AFF09-EA2C-4AC6-B74C-2BE76AE1E7B9} URL = SearchScopes: HKU\S-1-5-21-134639683-2103454891-1955695026-1005 -> DefaultScope {355AFF09-EA2C-4AC6-B74C-2BE76AE1E7B9} URL = SearchScopes: HKU\S-1-5-21-134639683-2103454891-1955695026-1005 -> {355AFF09-EA2C-4AC6-B74C-2BE76AE1E7B9} URL = Toolbar: HKU\S-1-5-21-134639683-2103454891-1955695026-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-134639683-2103454891-1955695026-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File 2015-05-03 17:07 - 2015-05-13 11:08 - 0000133 _____ () C:\Users\Ash\AppData\Roaming\WB.CFG 2015-05-05 22:07 - 2015-05-05 22:07 - 0274045 _____ () C:\Users\Ash\AppData\Local\dsi1.dat 2015-05-05 22:07 - 2015-05-05 22:07 - 0161916 _____ () C:\Users\Ash\AppData\Local\dsi2.dat 2016-09-23 11:44 - 2016-09-23 11:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-05-24 23:32 - 2013-05-24 23:32 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-05-24 23:30 - 2013-05-24 23:30 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-05-24 23:30 - 2013-05-24 23:31 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-05-24 23:29 - 2013-05-24 23:30 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-05-24 23:31 - 2013-05-24 23:32 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log 2017-04-28 10:36 - 2017-04-28 10:36 - 0739904 _____ (Oracle Corporation) C:\Users\Ash\AppData\Local\Temp\jre-8u131-windows-au.exe AlternateDataStreams: C:\Users\Ash\Desktop\bunk bed 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\Ash\Desktop\guardianship.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] AlternateDataStreams: C:\Users\Ash\Desktop\signature.jpeg:3or4kl4x13tuuug3Byamue2s4b [81] Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  24. Kevin Zoll started following R. J. Scanlan

  25. R. J. Scanlan

    Kevin Zoll replied to R.J. Scanlan's topic in Help, my PC is infected!

    Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKU\S-1-5-21-2036737855-1592510443-1916522820-1001\...\MountPoints2: {b1957a76-8fa1-11e2-9a65-806e6f6e6963} - E:\autorun.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\lnj2x8cg.default -> Ask.com FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lnj2x8cg.default -> Ask.com FF Plugin: @microsoft.com/GENUINE -> disabled [No File] 2015-09-07 15:54 - 2015-09-07 15:54 - 48519888 _____ (Microsoft Corporation) C:\Users\Owner\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe 2012-10-02 13:15 - 2012-10-02 13:15 - 0612712 _____ (NVIDIA Corporation) C:\Users\Owner\AppData\Local\Temp\nvStInst.exe 2013-12-14 12:36 - 2013-12-14 12:36 - 44809728 _____ (Logitech, Inc.) C:\Users\Owner\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe 2014-05-12 08:27 - 2009-01-22 15:10 - 0244224 _____ (Thomson Reuters) C:\Users\Owner\AppData\Local\Temp\Risweb32.exe CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.79\delegate_execute.exe" => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\User\AppData\Local\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe" => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-2036737855-1592510443-1916522820-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File Task: {338B53FC-D00F-4C1C-996E-6E8C37CA3255} - \WPD\SqmUpload_S-1-5-21-2036737855-1592510443-1916522820-1000 -> No File <==== ATTENTION Task: {68A26E26-3DC5-4C4D-89BF-F8D94A5B12BB} - \GoogleUpdateTaskUserS-1-5-21-2036737855-1592510443-1916522820-1000UA -> No File <==== ATTENTION Task: {7715A9B4-D067-4697-A88D-E0760619FAAA} - \GoogleUpdateTaskUserS-1-5-21-2036737855-1592510443-1916522820-1000Core -> No File <==== ATTENTION Task: {EFD6ACC5-7D01-4774-A0FC-C9A108894A00} - System32\Tasks\{76F3F346-6DBB-4C4C-93DF-82CE57F216C3} => pcalua.exe -a C:\Users\Owner\Downloads\lide20lide30n670un676un1240uvst7031a_xpen\SetupSG.exe -d C:\Users\Owner\Downloads\lide20lide30n670un676un1240uvst7031a_xpen Shortcut: C:\Users\Owner\Documents\Scanlan\PhD\LeximancerProjects\Leximancer 3 Config.lnk -> C:\Documents and Settings\s310646\Leximancer-Desktop\Leximancer3Config.bat (No File) Shortcut: C:\Users\Owner\Documents\Scanlan\PhD\LeximancerProjects\Leximancer 3.lnk -> C:\Documents and Settings\s310646\Leximancer-Desktop\Leximancer3.bat (No File) Close Notepad. NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  26. Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. 2017-06-14 22:26 - 2017-06-14 22:41 - 00000000 ____D C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583 2017-06-05 19:06 - 2017-06-05 19:06 - 00000000 ____D C:\PFS9.6PE_TMP CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-1859121148-3297737988-798245751-1004_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\d_hen_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File Task: {009A5F0D-2DA9-44B6-A2A3-43B2BC86C63E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {02B012DA-7929-4E4E-8279-5C3C5B691CB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {0D115502-8943-4445-A192-CF379FC9BAD7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {29306902-F836-48FA-9E8F-1C70114EDDBA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3284DCB1-3182-4B95-A243-E1B547D8B1C9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {342252F4-2004-4BF6-8B90-7563C8B21CEC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {504597F3-8644-4F70-A673-7101E2BE69E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {894D167C-5C65-4907-9A8C-8E9F5067FC9F} - \WPD\SqmUpload_S-1-5-21-1859121148-3297737988-798245751-1004 -> No File <==== ATTENTION Task: {9E5764F5-DDE1-477A-8817-D42578B8BA4D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {A0D07939-409B-4409-82FE-F078BE0A6668} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C5A95ED7-F259-4D55-BAA5-159FAB629E01} - \WPD\SqmUpload_S-1-5-21-1859121148-3297737988-798245751-1001 -> No File <==== ATTENTION Task: {CE0E0E10-4C9E-423C-94FE-F0D40E2CCBA0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {DBCD8EFD-260A-4493-AAE0-C04545DA5192} - \WPD\SqmUpload_S-1-5-21-1859121148-3297737988-798245751-1011 -> No File <==== ATTENTION Task: {E09AB2D2-B65D-4B94-9F96-BB9475659087} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [251] C:\WINDOWS\TEMP\_ir_sf_temp_0 C:\WINDOWS\TEMP\_ir_sf_temp_1 F:\Users\David_Admin\AppData\Local\temp\searchprotector.exe C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{E7B72F44-8204-42D5-8DB6-A609B3698D2A}\{CDF00FAA-65ED-4215-A4D0-EDAA9994F65B}\{B639BC47-FAE6-483A-BE73-F16B8F4E5161}\IFA2.exe C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{E7B72F44-8204-42D5-8DB6-A609B3698D2A}\{CDF00FAA-65ED-4215-A4D0-EDAA9994F65B}\{B639BC47-FAE6-483A-BE73-F16B8F4E5161} C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{E7B72F44-8204-42D5-8DB6-A609B3698D2A}\{CDF00FAA-65ED-4215-A4D0-EDAA9994F65B} C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{E7B72F44-8204-42D5-8DB6-A609B3698D2A} C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{59BDD013-15C8-4E4D-A383-9C5E30D52EA2}\IFA2.exe C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{59BDD013-15C8-4E4D-A383-9C5E30D52EA2} C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{A9F02E8A-BC32-4CB5-AB6B-F815101B7E09}\IFA2.exe C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C}\{A9F02E8A-BC32-4CB5-AB6B-F815101B7E09} C:\Windows\Temp\{0DAE4005-BC0C-4E11-BEC3-5914B3F1090C} C:\Users\David\AppData\Local\Temp\NVI2_29.DLL Close Notepad. NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version.
  27. Thanks Arthur.
  28. This morning I connected to the Sydney server. C:\Windows\system32>nslookup google.com Server: 25.0c.01a8.ip4.static.sl-reverse.com Address: 168.1.12.37 Non-authoritative answer: Name: google.com Address: 216.58.203.110 C:\Windows\system32>nslookup update.emsisoft.com Server: 25.0c.01a8.ip4.static.sl-reverse.com Address: 168.1.12.37 Non-authoritative answer: Name: update.emsisoft.com Address: 136.243.128.18 C:\Windows\system32>nslookup dl.emsisoft.com Server: 25.0c.01a8.ip4.static.sl-reverse.com Address: 168.1.12.37 Non-authoritative answer: Name: cds.z9k5w6b8.hwcdn.net Addresses: 205.185.216.42 205.185.216.10 Aliases: dl.emsisoft.com C:\Windows\system32>tracert update.emsisoft.com Tracing route to update.emsisoft.com [136.243.128.18] over a maximum of 30 hops: 1 62 ms 71 ms 67 ms 10.3.171.254 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 ^C C:\Windows\system32> I will now try your suggestions re number of connections and turning off ssl Made no difference. Still unable to update. Any more commands I can try while connecting to the Sydney server?

  29. changement de carte mère

    kathrin replied to francisdu54's topic in French Support - Assistance Française

    Bonjour francisdu54, Oui votre licence sera encore valable. Nous ne supportons plus win 8, comme Microsoft ne le supporte pas non plus. Mais il n'y a pas de problème pour Windows 8.1. Ça reste la même licence. Cordialement Kathrin
  30. Guten Tag Alexander, Die Übersetzungen werden immer erst zur Veröffentlichung der Stable-Release aktualisiert. Da Sie den Beta-Updatefeed nutzen werden Sie jeden Monat für ein paar Tage nicht übersetzte Einträge finden, bis das finale Update der Stable-Release veröffentlicht werden. Die Übersetzungen werden zum Ende des Monats eingepflegt werden. Mit freundlichen Grüßen Kathrin
  31. Максим joined the community
  32. cma6 started following Blocked site

  33. Blocked site

    cma6 posted a topic in Emsisoft Internet Security

    EIS is blocking as a malware site ABROK.EU but others are telling me that there is nothing wrong with the site. What is the basis for EIS "XYZ is a known malware site"?

  34. need help with removal

    alandash replied to alandash's topic in Help, my PC is infected!

    Everything seems to be back to normal, haven't had any error messages

  35. need help with removal

    alandash replied to alandash's topic in Help, my PC is infected!

    Scan_170627-145633.txt FRST.txt Addition.txt
  36. True. I can't be certain if or when that behavior would change, however the suggestions has been passed to our management in the past for them to consider. Correct. The link is still accessible from the bottom of the license details screen, so it isn't gone completely.
  37. That's normal, and it's nothing to worry about. Basically the code signing requirements for certain system files are much stricter than for anti-virus software, and anti-virus software (ours included) will attempt to inject a DLL file into every running process in order to open hooks to those processes to monitor them, so when EIS injects its DLL file (in this case a2hooks32.dll) into a running process that has stricter code signing requirements you'll see that error message in the Event Viewer.
  38. That would depend on how their server is configured. That is odd, since we use the WinINet API to connect to our servers, which is the same API that Internet Explorer uses. That being said, there are plenty of cases where applications that use WinINet can't connect to their servers even when Internet Explorer can.
  1. Load more activity