Gandalf41265

Member
  • Content Count

    34
  • Joined

  • Last visited

Community Reputation

1 Neutral

About Gandalf41265

  • Rank
    Member

Recent Profile Visitors

2749 profile views
  1. I just did a clean install on a customer. Windows 7 Pro. They prefer to use IE so I set it as the default browser, and saved there start up page. When I open IE, I get the home page tab and then a second tab opens and it says; Install free antivirus from Microsoft and enable recommended settings. It has a bunch of boxes you can check and uncheck. I cannot get it to go away. Whatever I check and "install" when I restart IE the page comes back. It is a legit MS webpage, but there is no way to stop it opening. I have scanned for hijackers but nothing turned up. Any direction you can point me in? Frank
  2. Here are the reports from the doctors server that the Tech here just ran- scan_160212-064643.txt FRST.txt Addition.txt
  3. Hi Folks, We have been frantically working on a Doctors server infected with Nestha and last night we discovered the server is running a program called CMS Harvester. It is running in Russian, and it appears to be data Mining folders and files. We are running the tools now to get you all a report, but in the mean time wanted to know if there was anything we needed to know about this and what we should be doing in the mean time. Thank you as always
  4. Thank you Kevin- In addition to the Nestha issue, we have discovered something called CMS Harvester running on the server. The program is in Russian. It appears to be data mining files and folders.
  5. I have passed this on to the technician in the field. Can anyone tell me how it got through so we can prevent it in the future?
  6. Good Morning gentlemen- Can someone tell me why Emsisoft does not detect and stop Win32.Nestha from getting on a system? And can anyone tell me how to sweep and remove it?
  7. Thanks you guys! This patch on Wednesday in Beta fixed all our issues- Tell Christian thank you for us. Appreciate the quick response on this fire. When will the patch be part of Stable update/
  8. Ok guys and gals- I have clients all over the state that are crashing due to this issue. I am having to uninstall Emsisoft to get people back up and running. This is unexceptable and I need it fixed NOW
  9. Christian- That did no fix the OrthoTrac issue We would be able to allow a remote in access on this station if one of you wants to look at it
  10. Hey Fabian and Gang- Ran into a new issue last night and this morning with the update and reboot. We have multiple clients running Quickbooks, and OrthoTrac. All of our users of either of these software products stopped working last night/this morning. Uninstallation of Emsisoft was the only fix we were able to impliment. Every work station was whitelisted first which did not work, but an uninstall did. Any info on this or input would be appriciated. I have about 100 users being impacted with this. Thanks as always folks!
  11. Thank you as always Fabian. I did have to use the reset.bat but it worked after reboot. I did however notice that I could not move a "no risk" flagged item into quarantine?
  12. Thank you for the quick reply. So is the uninstall/reinstall method going to be the solution as of right now? Need to communicate to our technicians what to do when clients call in. Thanks.
  13. Hey Fabian- I am still having issues this morning and it is randomly popping up all over the map for us. Multiple clients and multiple users- If we uninstall and reinstall, will we be faced with the same issue again, or was there a patch added to updates? On all of these machines with the Major error start up message, I cannot access the dashboard, and the .bat file solution has not worked on any of them.
  14. This solution did not fix the original issue on that computer and since my post, I have 4 more that are doing the same thing. My clients are getting concerned and some are getting upset. Is there a fix for this coming or already in play?