• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by pallino

  1. What about error message below when booting with Win 10 dvd (created with media creation tool and used to install Win 10 on the same device before) to try to refresh windows? Error 0x0000428 The digital signature cannot be verified C/windows/system32/boot/winload.exe What can it be and how to solve it? After a win refresh shouldn't the laptop boot faster? If I boot from a AV boot cd/dvd, the HD Mbr is loaded before or after the dvd/AV on the dvd ? Does it help to boot from boot dvd to scan MBR and detect malware in mbr/vbr? Last question: before I repair/fix the MBR, do you want me to copy it for further analysis? Emsi mbrmastr is Win 10 compatible and does it copy the whole mbr/vbr (also if whith malware)? Is it a good program for this or what do uou recommend? Thank you P.S I run Fbar but AVZ could update but soon after starting running the standard script 2 a "problem caused the program to stop working correctly". I decided to (re) install Emsi IS (after refreshing win 10 and runnung fbar and AVZ). Soon after start, BSOD, windows is collecting infos (few seconds) and restarted. As far as I could see the ertor was in epp.sys. What's going on here??? FRST.txt Addition.txt
  2. On the weekend I decided to refresh windows 10. I used the dvd created with windows media tool some months ago when I updated from win 8.1 to win 10. I used thid dvd to install win 10 few months ago. When I booted from the dvd I got twice an error message. Error 0x0000428 The digital signature cannot be verified C/windoes/system32/boot/winload.exe I pressed F8 to fix it but nothung happrned ...onky a quick refresh of the same winfow. I then used another dvd created the same wsy on another laptop and refreshed windows. Unfortunately same long boot time with long black window. P.S. Repartitioning the hd doesn't "force " to create a new MBR? Or only a new FAT but not the VBR etc?
  3. If I boot from a AV boot cd/dvd, the HD Mbr is loaded before the dvd, correct? So to boot from cd doesn't really help too much to detect a MBR/Vbr infection, or? Imagine I have a unknown/ undetected MBR/VBR , what would be the safest way to reinstall? If I delete the partition booting from a DVD, create a new one, maybe 2 and reinstall windows should I be safe/ have deleted the malware? or -How would you proceed? -What programs would you use? I masking because this laptop has something since some time and if memory serves me, installing win 10 didn't help. This laptop was very fast and still is after boot.
  4. I had this slow boot since some months now, I tried many solutions, at the end also to change some boot options, to use more processors at boot, to safe boot etc...never had any improvement. The issue was there before any msconfig/boot changes. I really don't know what to do. Win 10 got installed not a long time ago. -Can you discard/exclude a malware cause? -Could it be a (unknown )bios/mbr/vbr infection? -If it's a bios infection there is nothing I can do, correct? -If it's a mbr/vbr, if I delete the partition, create a new one, maybe 2 and reinstall windows shoul I be safe/ have deletet the malware? -In other words, if I decide to reinstall windos (not preferred solution ) and I wanted to do it in the safest possible way, in a way with the lowest risk to keep any possible infections on the system, how would you recommend to do it? -What programs would you use? -How would you proceed? I ll then do it this weekend. -Last question before the weekend :if you boot your pc with a (AV) rescue disk, does the cd load before the HD mbr/vbr? . Thank you
  5. Hi Kevin, attached new logs...boot time still too long. what do we do now? thank you Fixlog.txt FRST.txt Addition.txt
  6. Hello Kevin, run the tool but unfortunately the boot time is still long. What can it be, what else can we do? thank you Addition.txt FRST.txt 2.7.2016_10.08.00-PM.7z
  7. Hello Kevin, attached the new logs. System still slow to boot. AVZ starts with 1. Searching for Rootkits and other software intercepting API functions >> Danger ! Process masking detected Are all entries safe? Thank you Fixlog.txt FRST.txt Addition.txt
  8. Hi Kevin, attached the new logs. Strange that the old FBAR logs showed many Zemana files after having uninstalled it *and rebooted many times). AVZ showed Zemana files since I uploaded the report before deleting Zemana. How does it look now? Do/did you find anything that can explain a slow boot up? Do you want me to upload the deleted files (I copied them and compressed/encrypted in case you need them)? thank you Fixlog.txt FRST.txt Addition.txt
  9. Hello Arthur, I had unchecked it before since it was blocking my internet access but didn't uninstall it. Great news, problem solved, Emsi is intalling correctly now! :-) I could update the databases too. No problem also to install beta updates and v. 11.0.0 6131. Thank you!
  10. I had Emsi and Zemana on my 3 systems since a while..never had problems and still don't have problens on the other 2 systems. I unistalled Zamana, Hmpalert and MB antiexploit. Same issues as before. The culprit was the ndis filter that was unchecked but not uninstalled. The doubt now is what blocked Emsi update/control panel before and mostly why is the boot time so long. -Were the logs clean, no sign of infections? Anything that can explain a slow boot up? Just to be sure. Thank you FRST.txt Addition.txt AdwCleanerS1.txt rk_BDB7.tmp.txt
  11. Hello Kevin, on the 21st of January I upgraded EMSI IS to the latest beta (V. updated from v. and restarted the pc as requested (windows 10). Emsi control panel disappeared as the icon close to the clock. I tryed to start Emsi but nothing happened nor changed. Following Arthur advice I disinstalled EMSI and after some issues (no network because of EMSI NDIS Driver) I managed to download and start installing the latest version. Unfortunately I couldn't complete the installation, "a major problem prevents application start.....". Installation is not blocked by Zemana (no alerts nor files in quarantine) nor by Voodooshield (disabled and also killed). Can you pls check the FBAR logs. I checked with Emsi before and nothing was found, nor by Tdsskiller, Roguekiller, Adwcleaner. The FBAR "old" logs are the ones created after the update of 21st, the other ones today after the unsuccessful installation of EMSI IS. What can it be? Thank you P.S. FYI, Boot time is long (but was like this also before issues with EMSI) Addition old.txt FRST old.txt FRST.txt Addition.txt TDSSKiller. rogue 29-1-16.txt AdwCleanerS1.txt
  12. Emsi IS uninstall doesn't starts, oprns the Emsi IS Uninstall window but then nothing happens. It worked in safe mode. Pc restarted 2x, staus bar tells me I m connected but control panel says no connections. Cannot download new internet connection. Run Emsi removal tool. Restarted 3x, still no internet connection... Found the culprit. .Emsi NDIS Protocol Driver...unchecked it in access point settings and now I can access internet. Downloaded Emsi IS and started to install it. After some seconds, the window disappeared. The icon was already created on desktop, double clicked it and got the following. Install window appeared and told me the pc is safe now but when I clicked to close the window it told me the install was not completed. then 2 error messages (see attached files).... Uninstalled, restarted 2x. Run Emsi clean..nothing found this time. Reinstalled. After it finishes installing all files and the icon on the desktop is created, the install windows disappears. After many minutes (4-5) a new window pops up and I can choose to join the AM network and to enable PUP. During this time a pop up informed me a service rimng was created followed 1 min later by another one statin it was deleted....(pls check attached pics) Then again the final window that tells me all was installed ans Ems is protecting me. If I click "finish installation" it tells me it still needs to finish all before. Than again, after again 4-5 minutes, the window "a major problem prevents application start....." To be on the safe® side and to save time I'll post the FBAR logs at the malware removal page. I uninstalled Emsi and Zemana, run Emsi clean and reinstalled Emsi. Same problems as before. Same after uninstalling also HMPro alert and MB antiexploit. Voodoshield always in disable/install mode. What's going on and what do you want me to do? thank you
  13. I didn't configure Malwarebytes Anti-Exploit to protect Emsi. I cannot see Emsi in the list of monitored programs. I disabled Malwarebytes Anti-Exploit and then killed it with Process hacker. Launched Emsi...still nothing visible....same after restarting the laptop (Malwarebytes Anti-Exploit disabled but in memory) It is not blocked by Zemana nor by Voodooshield. HMP alert is in free mode and shouldn't monitor it. Since I'm not sure Emsi is 100% functional I decided to test it with the Eicar test file. It was blocked but I'm not sure by what program. It wasn't Zemana, it detected it before and I terminated it. I also disabled fast start as suggested in another thread....nothing changed.... What do we do now?
  14. Unfortunately the icon is not visible in the System Tray. The only way to "see" Emsi Is is to check with Task manager where I see the 2 a2 .exes running. Pls find attached the 2 FBAR reports. Is Emsi protecting the system right now (without icon)? thank you Addition.txt FRST.txt
  15. Hello GT500, after starting my laptop I see: a2service.exe a2guard.exe After double clicking the icon on my desktop: a2service.exe a2guard.exe a2start.exe Emsi control panel is not visible....don't know if Emsi is updating, cannot change settings, dtart scans... With a2service and a2guard.exe is the system protected?
  16. I saw it and almost post there but then saw that you downloaded an older version and decided to open a new post since I downloaded the latest beta.
  17. Dear Emsi team, yesterday night I installed the latest beta of 21 January (V. updated v. and restarted the pc as requested (windows 10). Emsi control panel disappeared as the icon close to the clock. I tryed to start Emsi but nothing happened nor changed. Under start manager, Emsi seems to be active. Can you please check? Any already known solutions? thank you
  18. I have the same issue and agree with Beagle1957 and Jerky McDolerino.
  19. Would you be interested in replicating the test or couldn't you try to replicate it with samples of the same malwares? They won't probably be the exact same used by Effitas but could show how well Emsi EK can detect them.
  20. Elise, Thank you. We agree with your points but the doubt still remains: should Emsi Emergency Kit with standard settings detect all the tested malwares on an already infecred system ?
  21. Should Emsi Emergency Kit with standard settings detect all the tested malwares on an already infecred system ?
  22. Moved the question to the reviews page,
  23. Hello Elise, I just read the kast Mrg test...apparently Emsi emergency kit didn't detect many samples...was it because of standard settings used (then why don't you change them to detect these infections?)or because of variant ysed or why?