Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by Lynx

  1. Johnny,

    As I pointed before and what was confirmed by ctrlaltdelete:

    Most likely the information Windows shows in Windows Security Center is wrong. It's a known issue with Windows XP
    … and not only with XP' date=' as far as I know...

    Again , despite I personally never encountered such issue with security packages I did what Jim and ctrlaltdelete suggested in the past concerning different system problem(s)

    Therefore, please try step-by-step instruction posted by ctrlaltdelete

    It must not harm your system, but you may consider creating System Restore Point prior to the procedure


  2. Thanks for the reply, JohnnySokko

    My apologies for not following instructions
    Don't worry, as I can see from your latest 2 posts you did follow :)
    ...Would your instruction have been considerably different had you been aware that I have Windows XP and not Windows 7? If yes, what should I do differently?
    No, regarding “considerable differences”

    As I mentioned not having the system details – folder & Reg. Entries names can vary

    Then the instruction posted was based on old one that was offered by the developers & experienced users here long ago, so to speak - “before the Win7 era”

    The new one was never published

    ...But! I did performed few successful Clean Uninstalls on Win 7 as well, using the same steps described (considering the differences mentioned)

    Now, if that is XP below is what to check in the 1st place:

    Folder: C:\Program Files\Emsisoft Anti-Malware

    Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Emsi Software GmbH

    Devices: Those were shown specifically for XP, and intentionally since you've mentioned AVG, which is in place here on XP

    - Please check the above

    - question: have you been successful with temporarily removing AVG with the respective Utility referred and then reinstalling AVG? (see below about the reply by JWC here)

    - As for Windows Security Center – again as I mentioned before - that one is disabled & I cannot care less about it, since it provides false & confusing information. You may have all Security there stated as recognized & valid but they may not work at all ... and you never know (useless stuff!)


    Finally, if you've checked and cleaned all and still suspecting that there are EAM leftovers I may ask JWC to interfere.

    He posed the reply regarding WMI/WBEM and we had a discussion re: the matter

    I personally used the technique in the past few times, but honestly, that never involved any security I've tested. At the same time, I do not have any doubts about his experience, therefore his input will be highly appreciated


  3. Hi WayAce, welcome to the forum

    Your message is not very clear. As I can see you are not using EAM

    or I could be wrong , therefore:

    Please follow the Rules requested

    If you are not sure what "Bullguard" detected on a Right-Click - please send the detected items to Bullguard's developers.

    At the same time, if you are saying that Bullguard detected something, but EAM did not - then use Submit new Malware

    Sure you can scan sub-folders using EAM and send flagged items from the Detection List

    Archives will be scanned by EAM/ or EEK unless you are using Custom Scan, where archives option is unchecked

    My regards

  4. Unfortunately you did not follow the instruction here & did not post any info about your system as required

    … but we may try... Please ask if any questions

    ======= EAM clean uninstall =======

    Usually it works fine using just Add/Remove from Control Panel

    It may fail though if EAM is active (say performing an update)

    Read the following, but keep in mind that the folder name for EAM (disk or Registry) can be different - that's all you have to change - like “ a-squared [Free]” or “Emsisoft Anti-Malware” whatever you have there

    In addition if it's win7 x64 the software is installed into :

    C:\Program Files (x86)\a-squared Anti-Malware

    and respectively

    the Registry you have to search for in win7 x64 is:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\emsi software gmbh]

    Considering all the above...

    1) go Start > Run > type: “services.msc” (no quotes)

    2) Find “Emsisoft Anti-Malware 5.0 – Service”

    3) Stop it if it's running

    4) Reset it to “Disabled”

    5) Reboot

    Open a DOS box and navigate to the program folder, e.g:

    > CD c:\program files\a-squared\

    - Uninstall the service:

    a2service.exe /uninstall a2antimalware

    (note: parameter "a2antimalware" has to be confirmed by the developers)

    - Unregister the context menu if it is present:

    Regsvr32 a2contmenu.dll -u (or a2contmenu64.dll)

    - Reboot

    - Delete the program folder: c:\program files\a-squared\

    - Open "Regedt32" and delete the key: HKLM\Software\Emsi Software GmbH\a-squared\

    ======= AVG clean uninstall =======

    As above, it should be fine using Add/Remove, but you may consider invoking special Remover by AVG.

    Basically, you need to know the latest version of AVG & have the latest installer in place and use the respective Tool as in http://www.avg.com/us-en/utilities

    When all that was done

    - Reboot

    -fire up

    Start > My Computer -> Right-Click -> Properties -> Device Manager > check “Show Hidden Devices”

    thumb_7219757EAM____AVG_Uninstall.png you must not see any of those now

    If so, you can start from scratch with your security setups … whatever you prefer

    My regards

  5. Hi JohnnySokko, welcome to the forum

    I am a long term user of AVG & EAM/Mamutu

    There were never conflicts whatsoever

    I'm always using only "onExecute" by EAM and if I need (sometimes) "onAccess" by additional AV"

    It is a matter of managing 2 AV solutions. Not sure what could go wrong in your case

    Anyway, both can be cleanly uninstalled

    I can post some links & instructions if you want

    My regards

    p.s. Do not pay any attention ever to what Windows Security center tells you - that is useless unneeded service that has to be disabled amongst of many other default useless MS Windows services

  6. Thanks for the reply, sly

    I plan to do an update before I scan.
    That (the update) is always necessary step prior to scanning, so you are doing correct thing
    What I like to do is update everything I have and then scan with all my programs off line, one at time of course. I do this because I like to turn off my antivirus while doing the other scans so that the antivirus will not interfere with the other scans. This is why I am wanting to know all this
    That is highly advisable having only one AV with real-time resident, but if you have some additional/on-demand scanners/AV solutions - you indeed must disable others during the scan by any given AV
    So it sound like you have answered my question that I will have no problem doing this with your program, if I understand you now.
    Thanks, if that helped & yes, I think you did get my points right
    I guess I should have added since my antivirus will be off while doing this is why I want to be disconnected from the internet.
    Disconnecting from Internet is not always necessary … unless you are advised by an expert in some circumstances when investigating pretty special cases of suspected infection

    My regards

  7. Thanks for the reply, sly

    As I said MalAware is a "cloud" one. EAM does not use "cloud"

    As for EAM free (or full edition) sure you can scan being off-line, but you most likely will miss the latest updates.

    Moreover the on-line updates will deliver not only signatures but new executable modules ("program updates" in your terms) when necessary

    When downloading EEK you will definitely get the latest executables available.

    The signatures are the "latest" as well, but still you have to update being on-line, since the Additional Signatures (Ikarus) are coming quite frequently.

    In both cases whether it's EAM or EEK if you miss 50 subsequent updates you will get full t3sigs.vdb (Additional Ikarus signatures), which is ~ 70-80MB alone not speaking of much rare event as an updates of the executable modules

    My regards

    p.s. re: quotes - just use "Add Reply" when you don't need quote

  8. Hi sly, welcome to the forum

    There is a mix of questions here ;) (don't get me wrong, please)

    When you are talking about a “cloud” scan – that is MalAware

    MalAware will scan only currently active processes. Sure it is using the very recent Signatures

    If the version and or signatures are not up-t0 date you will be prompted to download new Malaware & signatures

    As for the free edition of EAM (Emsisoft Anti-Malware) and /or EEK(Emsisoft Emergency Kit) you have to manage updates manually as frequent as you can ... only EAM full edition has auto-update feature

    EAM has to be installed ; EEK can be downloaded and used without installation (whether unsziped and being run from USB flash Stick or installed into separate folder on your hard drive)

    So basically , when you are using cloud - MalAware it is similar to running Quick type of Scan included in EAM/EEK

    ... but in all cases described you have to be on-line in order to update

    I hope the above makes it more clear, but definitely do not hesitate and ask if any further questions

    My regards

  9. Hi roynals, welcome to the forum

    This issue was discussed dozens of times in our old forum and lately in this new one

    Since Ikarus engine was introduced there were some improvements made already.

    For example in the past you can miss just 15 subsequent updated and you'd need to download whole Ikarus (Additional Signatures) database ~70MB

    Now it's a lot better - the same will happen if 50 subsequent updates were missed.

    At the same time, as Emsisoft developers stated several times they are working on it, but Ikarus developers are those who are responsible. Whether they (Ikarus) are going to make respective chages in the nearest future is currently unknown

    My regards

  10. Hi crisulici,

    Please read previous posts here in this thread

    It is better to create new request than reviving old threads

    Then, you did not supply info about the initial blocking of PDF Software site that you are using

    Anyway, if it's blocked by internal list/hpHosts – you can do:

    a) simple thing – edit the rule and "allow" if you trust the site and the Software;

    b ) apply to the owner(s)/ management of hpHosts providing info, which has a prove that the site is reliable and does not expose users to alleged dangers

    Instead, you posted some links (spigot.com), which are again under suspicion by EAM Built in List / hpHosts and WOT



    Furthermore, see http://www.urlvoid.com/scan/spigot.com as well

    My regards

  11. Thanks for the reply, huskersbig10

    1) Problems with uninstalling/installing Java and the detections of “3 trojans from Java ” as in your initial post are separate issues; As a matter of fact uninstalling was not mentioned at all We cannot see from here what Java(s) are present there. Cleaning Java cache before rescanning – that's what was written above;

    2) descriptions provided by you and the statement that “... trojans did something with my system...” leading us to nowhere, since we don't have any info about your system.

    Therefore I'm strongly suggesting following the advice above and post into “Malware Removal” section;

    3) reports from EEK and OTL are needed in order to provide an expert with some preliminary information about your system. Then, further steps will be advised accordingly ... including proper installation of Java;

    4) Both mentioned Utilities can be run from USB stick (as per instruction);

    5) Update EEK (important) , disable all real-times of additional security and run the scan;

    6) Attach all required log files there;

    7) Finally,

    ... all the other av's and also emsisoft ant-malware program haven't brought up a conflict window...
    you may not have any “conflict window” displayed.

    When the security is overdone,the system may misbehave so badly that the symptom can be similar to having malware (or hardware issues). That's not a matter to discus this at the moment though

    My regards

  12. Thanks for the reply, Drake

    Please try to set output for the log file explicitly as in my example (/log=F:\Log.txt)

    It seems like I was able to reproduce the crash now when using "!!Log.txt" as you stated

    getting the same

    2.6 Message       : Unable to create directory.

    Most likely that's a problem

    When running my test I copied the parameters string as in your post,... but then edited the last bit automatically :)

    My regards

  13. Hi Drake, welcome to the forum

    I ran the latest CLS v after reading your post using the set of parameters as in your example

    There were no crashes. See images below. I had to post the screen output in 2 parts



    The log file created attached as well.

    All test suspects were perfectly deleted (scanned using full EAM afterwards)

    The only small question is the strange output as highlighted in the “_part_#2” image … I've never seen that before. At the same time the log file does not contain such “mysterious” output string

    I hope that developers can explain the meaning

    My regards

    p.s. Did you have a prompt for sending crash report to the developers with your e-mail & comments?

    Usually you should have the said option. If so, it is better to send the report straight to Emsisoft team

  14. Hi huskersbig10, welcome to the forum

    1st, from you description it is not clear whether the the security stated at the right like Avira, Bitdefender, Spybot etc. have their real-time resident turned on

    If so definitely the scan will run at least 2-3 times longer than necessary

    You have to disable any other residents, basically having only one AV solution with the resident guard.

    In addition to long scans where “on-Access” of other AV solutions are active you may face different conflicts and clashes

    Then, without providing (attaching) saved scan report it's not possible to tell what was flagged and respectively give any advice.

    You can submit flagged entries to the developers

    If it is Java cache that was flagged – pleas clean it prior to scanning – there is a bug, where EAM False Positively flagging Java cache

    In order to clean Java cache please use steps described here

    Finally, if you are not sure and you are prompted to consult the experts then visit “Malware Removal” section of the forum

    Create new case and follow this instruction

    My regards

  15. Hi XcntrK , welcome to the forum

    I'm sure the developers will reply ASAP

    Meanwhile please send e-mail (Sales/Licensing:) as in Contact Us and or use Life Support (see the bottom of the referred page; choose "sale" from the drop-down list and leave a message.

    It may happen that in order to solve the problem you'll need to provide some info, which cannot be posted here into the open forum anyway

    My regards

  16. Hi Catherine,

    As ctrlaltdelete stated the licenses have to be in the list

    I've never seen 30 days trial and the full license in the list at the same time, meaning if you purchased the Software and entered the respective key (coupon number) there should not be 30 trial anymore

    As an example:

    thumb_9747234Licenses.pngThat's what is present here currently here

    In order to clarify the situation - you may post the similar image

    Note: please hide personal info (e-mail) as in the the image above

    My regards

  17. Hi AXE,

    You should not expect any problems running EAM on Win7 x64 (I'm talking about current v5 stable or beta).

    Moreover , as far as I know and tried - it is allowed to use the same account on 2 computers.

    The only thing to consider – you should not use account on both PCs simultaneously


    - switch off the old PC that will be "junked" in the nearest future (if I got you correctly);


    - disable the Guard and service;


    - you can temporarily uninstall EAM from your old PC

    ... whatever you choose

    Then, install EAM on Win7 using your current account details

    Sure, in case you encounter any issues just ask and the developers and users will help


  18. Hi laneon,

    Few things to consider – please do never ever set any security to automatically quarantine and/or remove suspects – those could be False Positives (FPs), therefore set it to “Alert” only as H_D correctly suggested – and that's the only option I am using with any security.

    So, if you are confident that the flagged items are malware you can quarantine.

    If not, you have at least 3 ways to submit the flagged items

    Unfortunately the [sticky] about that was removed from this forum

    Then, I may say, that the link, H_D provided is for “New Malware”, which is “... a file or files not recognized by Emsisoft Anti-Malware...”, ... but was flagged by different security

    As far as I got from your post EAM flagged the items - that is different to “New Malware” mentioned

    You case is definitely unusual and very interesting, because I personally never encountered anything like that, meaning.... if items were flagged by EAM (again – important) and were placed into Quarantine - EAM never failed to recover those from quarantine after discovering that it was an FP after the subsequent update (tested many times by me)

    It would be nice and appreciated if you submit to the developers what was(is) quarantined or detected.

    - Use Right-click from the Detection List when items are flagged;

    - You can Submit from Quarantine;

    - or you can send items by e-mail to the developers

    My regards

    p.s. {added} You can attach saved quarantine list here

    The only thin I can think about currently (speculation :)) ... it could be Java Cache - There is a bug in EAM where it will flagged Java Cache (which are FPs). The only way is to clean Java cache before any type of scanning, but anyway, before you provide info it is hard to give you a certain answer. Cheers!

  19. Hi Guys,

    Sure it may be a difference between separate & bundle license

    From the initial post it's not clear what was (or intended to be) purchased

    Definitely, what you said is correct, speaking about:

    - “license would start it's own countdown when first used...”

    - “the countdown for the bundle”

    - and “clock starts ticking” if separate licenses were purchased, where you have those 10 months mentioned

    As a suggestion: it would be nice if the developers will include such info (unless I missed it) & whatever was changed, since the similar questions were asked dozens of times already


  20. Greetings all,

    Recently (I think starting with EAM v5.xxx.14 or 15 ) I found this misleading message


    EAM always was and is set to “onExecution” only (& paranoid mode, if that matters)

    Usually, when scanning, I'm disabling additional AV resident if any, and respectively its “onAccess” feature

    At the same time if I leave the latter active (as is) the above message is displayed, which I never encountered before

    I do understand that the file in question is scanned by both AV's, but what does it mean that an additional AV (AVG in this case) is trying “to start” potential suspect ?

    It would definitely will not start / execute(?) it...

    My regards

  • Create New...