• Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About sg09

  • Rank
  • Birthday 08/09/1985

Profile Information

  • Gender
  • Location
    Kolkata, India
  • Interests
    Ph.D in Chemistry. Also interested in malware research. My Blog:
  1. Thank you for your kind reply Arthur. Yes, the detection come back even if I quarantine it. Which is creating/re-creating those group policies, OS or the Security softwares? I reckon in my case the group policies have the 'safe' registry values, as the ask manger, folder options, CMD, regedit, run etc. are not disabled in my system. Shouldn't EEK understand which registry value is safe and which is not, rather than giving an alert for just its presence? Thank you again.
  2. Everytime I run a scan in my PC with EEK I find the same scan results (some suspicious registry entries). EEK do not find any other malware, nor does the installed security softwares (WSA, MBAM). I also ran scans with several other portable/online scanners and never found anything. Even with newly installed PC+freshly installed security software I find these results. So, I continued to ignore these results, although this time I choose to post this in the forum. As far as I understand from the scan results, the task manger, folder options, CMD, regedit, run etc. are disabled in my system, but this is untrue. Is this a FP detection? Installed Security Softs: Webroot SecureAnywhere AV, Malwarebytes AM, WinPatrol Plus, Windows Firewall, MCShield. I am running a genuine Windows 10 Pro 64 bit OS. -------------------------- Scan start: 01-06-16 9:19:49 PM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-21-2085203064-2389472976-1837661704-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-21-2085203064-2389472976-1837661704-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-2085203064-2389472976-1837661704-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-21-2085203064-2389472976-1837661704-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-21-2085203064-2389472976-1837661704-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) ------------------------------ scan_160601-211949.txt
  3. Thant's enough information for me Fabian. Thanks for telling..
  4. Why time to time EEK needs to update the entire package or ~80Mb of updates? Its really a pain for users with limited bandwidth and its the only reason I haven't recommend emsisoft to all my friends who have limited bandwidth. Will it be fixed in near future?
  5. Hi Lynx, I understand the priority of EAM over ECS. Well I am running a scan now and will submit log and info about packages in the email. Thanks for all your help.
  6. Hi Lynx, Thanks for your reply. I don't know what the problem with CLS is... In a deep scan with the said parameters, it crashes with or without the /s parameter. I submitted the crash report anyway. Should I start a new thread about that? About the present issue, I think next time I will perform scan from the GUI as so far that did not give any crashes. About /h parameter, It only causes one additional FP. And the last point is that, how should I send log to developers. Through email as described in method 3 of submitting FP? btw, About those packages I can only say where I got those, I have no idea how they were compiled.
  7. Hi Lynx, It is not riskware. I was running the scan today from commandline but that scan did not complete because of crashing. But it had already detected those stuffs. I am attaching that screenshot. Next time I will follow the other options and attach full log.
  8. There is a switch in command-line scanner, /s. This uses windows service during scanning. But what is the use of it when we can scan without it? Is that fastens the scanning process? or helps malware removal? If I am not wrong, at LUA, I can't use that switch but can continue scanning without it.
  9. Hi all, I have followed the method 1 for submitting FP as described here. FP was created in Dev C++ packages, Samsung PC Studio installer and MBR Guard executable. I have submitted those threats about a week ago by the way I said already. But those FPs have not been resolved yet. So I am in doubt if I should follow try the other 2 methods to submit FP too. Thanks in advance for your kind advice. With Regards Sujay
  10. Hi Lynx, Sorry for creating confusion. I am going to create a new thread. Best Regards
  11. Hi, I didn't wanted to open a new thread as there is a current thread with a general name. I encountered few FPs recently during on demand scan on Dev C++ packages. But submitting them according to step 1 here did not resolved the problem even after 7 days. So I have a doubt if that process is working at all or I have to follow either of the steps 2 &/or 3.