emsisoftrocks!

Member
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About emsisoftrocks!

  • Rank
    Member
  1. Hey Fabian! Thanks for the update! I just got back from a week in some trainings and had a chance to test out the beta updates. I have good news and bad news there! Good news is, significantly more infection traces were removed with the beta version! With the My Web Tattoo example, the traces were cleaned out completely!! There was bad news too though, I'm still getting errors cleaning up entries in Image File Execution Options. I've tested on a few Windows 8 machines and have steps to reproduce: Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Create a new key called adaware.exe Create a new string value called Debugger Set the string's contents to notepad.exe Run a2cmd.exe /t /d In this case, the 'infection' is found but there are errors trying to clean it up. I've attached a clean.log again (it's super long for some reason, but the error is at the bottom). Any ideas? Thank you!
  2. Hey Fabian! Sorry to trouble you. Any update or workaround by chance? Thanks
  3. Awesome, thank you!!! I am excited to hear back! Thank you Fabian!
  4. Hey all, I'm still seeing this happening consistently on my machines.. Are there any steps I could be taking to gather more logs or work around the issue? Thanks!
  5. Attached in multiple parts.. You'll need to download all nine and then remove the .zip extension (I couldn't upload .00# files), then open them with 7-Zip and then you'll see the ProcMon log. Whew -__-
  6. Sure. Yes, on these machines I am running from an Administrator command prompt. I've attached another log file as an example - this was from an Administrator command prompt on a Windows 8 x64 box, though I am not uniquely seeing this on Windows 8 but on many operating systems and machines. I will also attach a Process Monitor log for you that should show that this is not an permission / access issue. Been having problems uploading it though. I'm not sure why you weren't able to see what I'm seeing.. I had some luck I suppose and was able to reproduce it on the first try haha Any suggestions on where to go from here? Thank you!
  7. Hey all, Love your product!! I think your scanner is super awesome I've been using your command line scanner for a while but recently discovered a big bug, and was wondering if you could help me out. On a large number of machines, I've noticed that since the scanner started using the v8 engine it has stopped properly removing traces. Steps to Reproduce: - Go to http://mywebtattoo.com - Install the toolbar/adware thing - Download latest Emsisoft Emergency Kit or just the command line scanner (like from download5.emsisoft.com/a2cmd.zip) - Run a2cmd.exe /t /d (just some example, simple switches to repro) - Scanner will find around 11 traces but only remove 2 That's one case, but I'm seeing basically universally, adware type infections as well as some Trojans are being skipped. If I run the same scan with a copy of the v7 engine the removals work well. I've attached some example log files. Any ideas as to what's going on? Thanks!! Emsisoft rocks!