Lynx

Johnny,

As I pointed before and what was confirmed by ctrlaltdelete:

Most likely the information Windows shows in Windows Security Center is wrong. It's a known issue with Windows XP

… and not only with XP' date=' as far as I know...

Again , despite I personally never encountered such issue with security packages I did what Jim and ctrlaltdelete suggested in the past concerning different system problem(s)

Therefore, please try step-by-step instruction posted by ctrlaltdelete

It must not harm your system, but you may consider creating System Restore Point prior to the procedure

Cheers!

Thanks for the reply, JohnnySokko

My apologies for not following instructions

Don't worry, as I can see from your latest 2 posts you did follow

...Would your instruction have been considerably different had you been aware that I have Windows XP and not Windows 7? If yes, what should I do differently?

No, regarding “considerable differences”

As I mentioned not having the system details – folder & Reg. Entries names can vary

Then the instruction posted was based on old one that was offered by the developers & experienced users here long ago, so to speak - “before the Win7 era”

The new one was never published

...But! I did performed few successful Clean Uninstalls on Win 7 as well, using the same steps described (considering the differences mentioned)

Now, if that is XP below is what to check in the 1st place:

Folder: C:\Program Files\Emsisoft Anti-Malware

Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Emsi Software GmbH

Devices: Those were shown specifically for XP, and intentionally since you've mentioned AVG, which is in place here on XP

- Please check the above

- question: have you been successful with temporarily removing AVG with the respective Utility referred and then reinstalling AVG? (see below about the reply by JWC here)

- As for Windows Security Center – again as I mentioned before - that one is disabled & I cannot care less about it, since it provides false & confusing information. You may have all Security there stated as recognized & valid but they may not work at all ... and you never know (useless stuff!)

=======

Finally, if you've checked and cleaned all and still suspecting that there are EAM leftovers I may ask JWC to interfere.

He posed the reply regarding WMI/WBEM and we had a discussion re: the matter

I personally used the technique in the past few times, but honestly, that never involved any security I've tested. At the same time, I do not have any doubts about his experience, therefore his input will be highly appreciated

Cheers!

I just tested this and it works fine

Indeed

and sure

Read the Please read before posting section and we can make more useful suggestions/solutions.

, which was suggested in previous reply answering to the original poster

Cheers!

Hi again ,WayAce

I personally don't have any issues with disabling EAM's Guard with any options available

Can you please clarify the matter and provide some additional info?

My regards

Hi WayAce, welcome to the forum

Your message is not very clear. As I can see you are not using EAM

or I could be wrong , therefore:

Please follow the Rules requested

If you are not sure what "Bullguard" detected on a Right-Click - please send the detected items to Bullguard's developers.

At the same time, if you are saying that Bullguard detected something, but EAM did not - then use Submit new Malware

Sure you can scan sub-folders using EAM and send flagged items from the Detection List

Archives will be scanned by EAM/ or EEK unless you are using Custom Scan, where archives option is unchecked

My regards

Unfortunately you did not follow the instruction here & did not post any info about your system as required

… but we may try... Please ask if any questions

======= EAM clean uninstall =======

Usually it works fine using just Add/Remove from Control Panel

It may fail though if EAM is active (say performing an update)

Read the following, but keep in mind that the folder name for EAM (disk or Registry) can be different - that's all you have to change - like “ a-squared [Free]” or “Emsisoft Anti-Malware” whatever you have there

In addition if it's win7 x64 the software is installed into :

C:\Program Files (x86)\a-squared Anti-Malware

and respectively

the Registry you have to search for in win7 x64 is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\emsi software gmbh]

Considering all the above...

1) go Start > Run > type: “services.msc” (no quotes)

2) Find “Emsisoft Anti-Malware 5.0 – Service”

3) Stop it if it's running

4) Reset it to “Disabled”

5) Reboot

Open a DOS box and navigate to the program folder, e.g:

> CD c:\program files\a-squared\

- Uninstall the service:

a2service.exe /uninstall a2antimalware

(note: parameter "a2antimalware" has to be confirmed by the developers)

- Unregister the context menu if it is present:

Regsvr32 a2contmenu.dll -u (or a2contmenu64.dll)

- Reboot

- Delete the program folder: c:\program files\a-squared\

- Open "Regedt32" and delete the key: HKLM\Software\Emsi Software GmbH\a-squared\

======= AVG clean uninstall =======

As above, it should be fine using Add/Remove, but you may consider invoking special Remover by AVG.

Basically, you need to know the latest version of AVG & have the latest installer in place and use the respective Tool as in http://www.avg.com/us-en/utilities

When all that was done

- Reboot

-fire up

Start > My Computer -> Right-Click -> Properties -> Device Manager > check “Show Hidden Devices”

you must not see any of those now

If so, you can start from scratch with your security setups … whatever you prefer

My regards

Hi JohnnySokko, welcome to the forum

I am a long term user of AVG & EAM/Mamutu

There were never conflicts whatsoever

I'm always using only "onExecute" by EAM and if I need (sometimes) "onAccess" by additional AV"

It is a matter of managing 2 AV solutions. Not sure what could go wrong in your case

Anyway, both can be cleanly uninstalled

I can post some links & instructions if you want

My regards

p.s. Do not pay any attention ever to what Windows Security center tells you - that is useless unneeded service that has to be disabled amongst of many other default useless MS Windows services

Thanks for the reply, sly

I plan to do an update before I scan.

That (the update) is always necessary step prior to scanning, so you are doing correct thing

What I like to do is update everything I have and then scan with all my programs off line, one at time of course. I do this because I like to turn off my antivirus while doing the other scans so that the antivirus will not interfere with the other scans. This is why I am wanting to know all this

That is highly advisable having only one AV with real-time resident, but if you have some additional/on-demand scanners/AV solutions - you indeed must disable others during the scan by any given AV

So it sound like you have answered my question that I will have no problem doing this with your program, if I understand you now.

Thanks, if that helped & yes, I think you did get my points right

I guess I should have added since my antivirus will be off while doing this is why I want to be disconnected from the internet.

Disconnecting from Internet is not always necessary … unless you are advised by an expert in some circumstances when investigating pretty special cases of suspected infection

My regards

Thanks for the reply, sly

As I said MalAware is a "cloud" one. EAM does not use "cloud"

As for EAM free (or full edition) sure you can scan being off-line, but you most likely will miss the latest updates.

Moreover the on-line updates will deliver not only signatures but new executable modules ("program updates" in your terms) when necessary

When downloading EEK you will definitely get the latest executables available.

The signatures are the "latest" as well, but still you have to update being on-line, since the Additional Signatures (Ikarus) are coming quite frequently.

In both cases whether it's EAM or EEK if you miss 50 subsequent updates you will get full t3sigs.vdb (Additional Ikarus signatures), which is ~ 70-80MB alone not speaking of much rare event as an updates of the executable modules

My regards

p.s. re: quotes - just use "Add Reply" when you don't need quote

Hi sly, welcome to the forum

There is a mix of questions here (don't get me wrong, please)

When you are talking about a “cloud” scan – that is MalAware

MalAware will scan only currently active processes. Sure it is using the very recent Signatures

If the version and or signatures are not up-t0 date you will be prompted to download new Malaware & signatures

As for the free edition of EAM (Emsisoft Anti-Malware) and /or EEK(Emsisoft Emergency Kit) you have to manage updates manually as frequent as you can ... only EAM full edition has auto-update feature

EAM has to be installed ; EEK can be downloaded and used without installation (whether unsziped and being run from USB flash Stick or installed into separate folder on your hard drive)

So basically , when you are using cloud - MalAware it is similar to running Quick type of Scan included in EAM/EEK

... but in all cases described you have to be on-line in order to update

I hope the above makes it more clear, but definitely do not hesitate and ask if any further questions

My regards

Hi roynals, welcome to the forum

This issue was discussed dozens of times in our old forum and lately in this new one

Since Ikarus engine was introduced there were some improvements made already.

For example in the past you can miss just 15 subsequent updated and you'd need to download whole Ikarus (Additional Signatures) database ~70MB

Now it's a lot better - the same will happen if 50 subsequent updates were missed.

At the same time, as Emsisoft developers stated several times they are working on it, but Ikarus developers are those who are responsible. Whether they (Ikarus) are going to make respective chages in the nearest future is currently unknown

My regards

Hi crisulici,

Please read previous posts here in this thread

It is better to create new request than reviving old threads

Then, you did not supply info about the initial blocking of PDF Software site that you are using

Anyway, if it's blocked by internal list/hpHosts – you can do:

a) simple thing – edit the rule and "allow" if you trust the site and the Software;

b ) apply to the owner(s)/ management of hpHosts providing info, which has a prove that the site is reliable and does not expose users to alleged dangers

Instead, you posted some links (spigot.com), which are again under suspicion by EAM Built in List / hpHosts and WOT

Furthermore, see http://www.urlvoid.com/scan/spigot.com as well

My regards

Thanks for the reply, huskersbig10

1) Problems with uninstalling/installing Java and the detections of “3 trojans from Java ” as in your initial post are separate issues; As a matter of fact uninstalling was not mentioned at all We cannot see from here what Java(s) are present there. Cleaning Java cache before rescanning – that's what was written above;

2) descriptions provided by you and the statement that “... trojans did something with my system...” leading us to nowhere, since we don't have any info about your system.

Therefore I'm strongly suggesting following the advice above and post into “Malware Removal” section;

3) reports from EEK and OTL are needed in order to provide an expert with some preliminary information about your system. Then, further steps will be advised accordingly ... including proper installation of Java;

4) Both mentioned Utilities can be run from USB stick (as per instruction);

5) Update EEK (important) , disable all real-times of additional security and run the scan;

6) Attach all required log files there;

7) Finally,

... all the other av's and also emsisoft ant-malware program haven't brought up a conflict window...

you may not have any “conflict window” displayed.

When the security is overdone,the system may misbehave so badly that the symptom can be similar to having malware (or hardware issues). That's not a matter to discus this at the moment though

My regards

Thanks for the reply, Drake

Please try to set output for the log file explicitly as in my example (/log=F:\Log.txt)

It seems like I was able to reproduce the crash now when using "!!Log.txt" as you stated

getting the same

2.6 Message       : Unable to create directory.

Most likely that's a problem

When running my test I copied the parameters string as in your post,... but then edited the last bit automatically

My regards

Hi Drake, welcome to the forum

I ran the latest CLS v 5.1.0.3 after reading your post using the set of parameters as in your example

There were no crashes. See images below. I had to post the screen output in 2 parts

The log file created attached as well.

All test suspects were perfectly deleted (scanned using full EAM afterwards)

The only small question is the strange output as highlighted in the “_part_#2” image … I've never seen that before. At the same time the log file does not contain such “mysterious” output string

I hope that developers can explain the meaning

My regards

p.s. Did you have a prompt for sending crash report to the developers with your e-mail & comments?

Usually you should have the said option. If so, it is better to send the report straight to Emsisoft team

Hi huskersbig10, welcome to the forum

1st, from you description it is not clear whether the the security stated at the right like Avira, Bitdefender, Spybot etc. have their real-time resident turned on

If so definitely the scan will run at least 2-3 times longer than necessary

You have to disable any other residents, basically having only one AV solution with the resident guard.

In addition to long scans where “on-Access” of other AV solutions are active you may face different conflicts and clashes

Then, without providing (attaching) saved scan report it's not possible to tell what was flagged and respectively give any advice.

You can submit flagged entries to the developers

If it is Java cache that was flagged – pleas clean it prior to scanning – there is a bug, where EAM False Positively flagging Java cache

In order to clean Java cache please use steps described here

Finally, if you are not sure and you are prompted to consult the experts then visit “Malware Removal” section of the forum

Create new case and follow this instruction

My regards

Hi XcntrK , welcome to the forum

I'm sure the developers will reply ASAP

Meanwhile please send e-mail (Sales/Licensing:) as in Contact Us and or use Life Support (see the bottom of the referred page; choose "sale" from the drop-down list and leave a message.

It may happen that in order to solve the problem you'll need to provide some info, which cannot be posted here into the open forum anyway

My regards

Hi Catherine,

As ctrlaltdelete stated the licenses have to be in the list

I've never seen 30 days trial and the full license in the list at the same time, meaning if you purchased the Software and entered the respective key (coupon number) there should not be 30 trial anymore

As an example:

That's what is present here currently here

In order to clarify the situation - you may post the similar image

Note: please hide personal info (e-mail) as in the the image above

My regards

Hi AXE,

You should not expect any problems running EAM on Win7 x64 (I'm talking about current v5 stable or beta).

Moreover , as far as I know and tried - it is allowed to use the same account on 2 computers.

The only thing to consider – you should not use account on both PCs simultaneously

So,

- switch off the old PC that will be "junked" in the nearest future (if I got you correctly);

or

- disable the Guard and service;

or

- you can temporarily uninstall EAM from your old PC

... whatever you choose

Then, install EAM on Win7 using your current account details

Sure, in case you encounter any issues just ask and the developers and users will help

Cheers!

Hi laneon,

Few things to consider – please do never ever set any security to automatically quarantine and/or remove suspects – those could be False Positives (FPs), therefore set it to “Alert” only as H_D correctly suggested – and that's the only option I am using with any security.

So, if you are confident that the flagged items are malware you can quarantine.

If not, you have at least 3 ways to submit the flagged items

Unfortunately the [sticky] about that was removed from this forum

Then, I may say, that the link, H_D provided is for “New Malware”, which is “... a file or files not recognized by Emsisoft Anti-Malware...”, ... but was flagged by different security

As far as I got from your post EAM flagged the items - that is different to “New Malware” mentioned

You case is definitely unusual and very interesting, because I personally never encountered anything like that, meaning.... if items were flagged by EAM (again – important) and were placed into Quarantine - EAM never failed to recover those from quarantine after discovering that it was an FP after the subsequent update (tested many times by me)

It would be nice and appreciated if you submit to the developers what was(is) quarantined or detected.

- Use Right-click from the Detection List when items are flagged;

- You can Submit from Quarantine;

- or you can send items by e-mail to the developers

My regards

p.s. {added} You can attach saved quarantine list here

The only thin I can think about currently (speculation ) ... it could be Java Cache - There is a bug in EAM where it will flagged Java Cache (which are FPs). The only way is to clean Java cache before any type of scanning, but anyway, before you provide info it is hard to give you a certain answer. Cheers!

Hi AXE,

If you tried all suggestions discussed in replies #2-#12 re: shutdown issue and that didn't work, then please follow the advice by H_D in his last reply #17

In addition, see “Please read before posting!» at the top of the section and provide all info requested by the developers as in Announcement: Information to include in your support requests

My regards

Hi Guys,

Sure it may be a difference between separate & bundle license

From the initial post it's not clear what was (or intended to be) purchased

Definitely, what you said is correct, speaking about:

- “license would start it's own countdown when first used...”

- “the countdown for the bundle”

- and “clock starts ticking” if separate licenses were purchased, where you have those 10 months mentioned

As a suggestion: it would be nice if the developers will include such info (unless I missed it) & whatever was changed, since the similar questions were asked dozens of times already

Cheers!

Hi Noobie,

Here is one of the answers by the developers that I found using Search

When purchasing a new license, you'll get a coupon code that must be used within 10 months

That answer was given quite a while ago, but as far as I know the policy haven't changed since

My regards

Thanks, Fabian

Greetings all,

Recently (I think starting with EAM v5.xxx.14 or 15 ) I found this misleading message

EAM always was and is set to “onExecution” only (& paranoid mode, if that matters)

Usually, when scanning, I'm disabling additional AV resident if any, and respectively its “onAccess” feature

At the same time if I leave the latter active (as is) the above message is displayed, which I never encountered before

I do understand that the file in question is scanned by both AV's, but what does it mean that an additional AV (AVG in this case) is trying “to start” potential suspect ?

It would definitely will not start / execute(?) it...

My regards