GT500

Emsisoft Employee
  • Content count

    8445
  • Joined

  • Last visited

  • Days Won

    224

GT500 last won the day on June 10

GT500 had the most liked content!

Community Reputation

445 Excellent

3 Followers

About GT500

  • Rank
    Emsisoft Support
  • Birthday 10/22/1984

Contact Methods

  • Website URL
    https://helpdesk.emsisoft.com/

Profile Information

  • Gender
    Male
  • Location
    Fortville, IN, USA
  • Interests
    Computers, security, amino acids, fructose malabsorption, liberty, firearms, John Calvin, etc.

Recent Profile Visitors

44510 profile views
  1. GT500

    Using EEK?

    We prefer to do it that way rather than risk damaging someone's computer. If there's any possibility of that, then we'd rather have the customer in contact with one of our malware removal experts when it happens, that way we can assist them with getting it fixed.
  2. Just as a quick update to this, our developers are still trying to go over the memory dumps. Part of the stack trace was corrupted, which is making it difficult for them. It appears that something in a2service is getting stuck calling for a scan, however they haven't been able to figure out what yet. I'll let you know if our developers ask for more debug info.
  3. GT500

    Globeimposter 2.0

    There is no known way to decrypt files that have been encrypted by GlobeImposter 2.0 without first obtaining the private key from the criminals who made the ransomware. Unfortunately, since the private key is different for every infected computer, it makes it impossible to make a free decryption tool that could help people get their files back.
  4. GT500

    Using EEK?

    Some infections do alter system files, registry entries, etc. which can cause odd symptoms (or even boot failures) after removal. SFC and DSIM can repair a lot of those issues, and are not bad tools to turn to when there's an issue. That being said, if our scanner detects something that it thinks might be dangerous to remove, it won't remove it. Instead it will tell you that it couldn't be removed and advise that you seek removal support on our forums. You can also contact us via e-mail if you prefer.
  5. GT500

    Using EEK?

    Scanning from a bootable disk or USB flash drive (assuming that's what you were referring to) would mean the scanner doesn't have access to the registry, at least not without a lot of special work to get access to that registry. In addition to that, normal system file protection built in to the scanning and cleaning engines wouldn't really be very effective from a bootable environment. It's best to scan the system while the OS installed on the drive you're scanning is booted and running normally. Infections that can protect themselves from the scanner are extremely rare these days, and should be removed manually anyway (removing them can be dangerous).
  6. GT500

    Using EEK?

    The CD command changes directory. In the example "run" is the name of a folder, and you should substitute the name of the folder you want to switch to. The example does assume a certain level of understanding of how the Command Prompt and command-line programs work, so if there's ever anything you don't understand then please feel free to let us know and we'd be happy to assist you. When you run a2cmd.exe you need to specify what options you want to use. For instance, if you want to see the documentation for a list of supported command line parameters, you would run the following command: a2cmd.exe /? If you just want to scan all files on a specific drive (for example the F: drive), then you would run the following command (capitalization not required): a2cmd.exe F: If you want to scan a specific drive and also scan within archives (ZIP, RAR, 7z, etc), then you would run the following command: a2cmd.exe F: /a Here's the documentation displayed when you run a2cmd.exe /? (taken from the version bundled with Emsisoft Anti-Malware, which is almost identical to the standalone version of a2cmd.exe): a2cmd.exe [path] | [parameters] Scan types (can be used together): /f=[], /files=[path] Scan files. Full path to file or folder required /quick Scans all active programs and Spyware Traces /malware Good and fast result, but only important folders will be scanned /rk, /rootkits Scan for active Rootkits /m, /memory Scan Memory for active Malware /t, /traces Scan for Spyware Traces /fh=[handle] /pid=[PID] Scan file by handle. Process ID of the handle is required /b=[pointer] /bs=[size] /pid=[PID] Scan buffer. Buffer size and process ID are required Scan settings (used with scan types): /pup Alert Potentially Unwanted Programs (PUP) /a, /archive Scan in compressed archives (zip, rar, cab) /am Scan in mail archives /n, /ntfs Scan in NTFS Alternate Data Streams /cloud=[] If it is "1" then scanner will use cloud requests (defaul value is "1") /dda, /directdiskaccess Use direct disk access /l=[], /log=[filepath] Save a logfile in UNICODE format /la=[], /logansi=[filepath] Save a logfile in ANSI format /x=[], /ext=[list] Scan only specified file extensions, comma delimited /xe=[], /extexclude=[list] Scan all except the specified file extensions /wl=[], /whitelist=[file] Load whitelist items from the file /d, /delete Delete found objects including references /dq, /deletequick Delete found objects quickly /q=[], /quarantine=[folder] Put found Malware into Quarantine /rebootallowed Allows automatic OS restart, if this is required to remove found threads /s, /service Run scan via windows service and keep the engine loaded Malware handling (standalone parameters): /ql, /quarantinelist List all quarantined items /qr=[], /quarantinerestore=[n] Restore the item number n of the quarantine /qd=[], /quarantinedelete=[n] Delete the item number n of the quarantine Online updates: /u, /update Update Malware signatures /uf=<feed>, /updatefeed=<feed> Update from specified update feed Applicable only to standalone a2cmd package. /proxy=[proxyname:port] Proxy address and port number /proxyuser=[username] Proxy user name /proxypassword=[password] Proxy user password General commands: /?, /help Show help message Result codes: 0 - No infections were found 1 - Infections were found
  7. Try excluding the entire League of Legends folder from both scanning and monitoring, and see if that resolves the issue. Also, be sure the game is closed and then reopened after adding the exclusion, that way any hooks our Behavior Blocker has opened have a chance to be closed properly. If any part of the game runs on startup, then you may need to restart your computer before hooks can be completely closed.
  8. I have confirmed this behavior, and that it only happens when Windows Security Center integration is turned on in EAM. This means that it is more than likely a Windows Defender feature, and Windows Defender is probably intentionally suppressing that "Set up OneDrive" button when another Anti-Virus is protecting the computer. As for why it shows that action is needed on the Notification Area/System Tray icon when it won't show the button in the Windows Defender UI, that I don't know. Perhaps an oversight on Microsoft's part?
  9. FYI: When protection is turned on in Emsisoft Anti-Malware (EAM), protection is automatically disabled in Windows Defender (this is done automatically by Windows). You can circumvent this by going into the settings in EAM, selecting the Advanced category in the submenu at the top, and turning off Windows Security Center integration. After doing this you may need to restart your computer before it will completely take effect. It might be prudent to restart your computer by right-clicking on the Start button, going to Shut down or sign out, and selecting Restart from that menu to ensure that services fully restart when the computer does. Note: Turning off Windows Security Center integration will cause Windows Defender's protection to remain active while EAM's protection is active. This could cause performance issues in some cases.
  10. Was this happening before installing July updates, or did it start after Tuesday (July 10th)?
  11. I've received the memory dumps, and am downloading them. I'll let you know once someone has had a chance to look over them for me.
  12. GT500

    Bug in latest version 8750

    OK. If it happens again, then go ahead and post the logs, and I'll take a look at them.
  13. GT500

    Uninstallation causing boot failure

    Can you get us an export of the registry key in question?
  14. GT500

    Bug in latest version 8750

    Let's try getting a diagnostic log. The instructions and download are available at the following link: https://helpdesk.emsisoft.com/en-us/article/275-running-the-emsisoft-diagnostic-tool Logs from FRST might be helpful as well. There are instructions for downloading and running FRST at the following link: https://helpdesk.emsisoft.com/en-us/article/274-running-a-scan-with-frst