Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Gandalf41265

  1. I just did a clean install on a customer. Windows 7 Pro. They prefer to use IE so I set it as the default browser, and saved there start up page. When I open IE, I get the home page tab and then a second tab opens and it says; Install free antivirus from Microsoft and enable recommended settings. It has a bunch of boxes you can check and uncheck. I cannot get it to go away. Whatever I check and "install" when I restart IE the page comes back. It is a legit MS webpage, but there is no way to stop it opening. I have scanned for hijackers but nothing turned up. Any direction you can point me in? Frank
  2. Here are the reports from the doctors server that the Tech here just ran- scan_160212-064643.txt FRST.txt Addition.txt
  3. Hi Folks, We have been frantically working on a Doctors server infected with Nestha and last night we discovered the server is running a program called CMS Harvester. It is running in Russian, and it appears to be data Mining folders and files. We are running the tools now to get you all a report, but in the mean time wanted to know if there was anything we needed to know about this and what we should be doing in the mean time. Thank you as always
  4. Thank you Kevin- In addition to the Nestha issue, we have discovered something called CMS Harvester running on the server. The program is in Russian. It appears to be data mining files and folders.
  5. I have passed this on to the technician in the field. Can anyone tell me how it got through so we can prevent it in the future?
  6. Good Morning gentlemen- Can someone tell me why Emsisoft does not detect and stop Win32.Nestha from getting on a system? And can anyone tell me how to sweep and remove it?
  7. Thanks you guys! This patch on Wednesday in Beta fixed all our issues- Tell Christian thank you for us. Appreciate the quick response on this fire. When will the patch be part of Stable update/
  8. Ok guys and gals- I have clients all over the state that are crashing due to this issue. I am having to uninstall Emsisoft to get people back up and running. This is unexceptable and I need it fixed NOW
  9. Christian- That did no fix the OrthoTrac issue We would be able to allow a remote in access on this station if one of you wants to look at it
  10. Hey Fabian and Gang- Ran into a new issue last night and this morning with the update and reboot. We have multiple clients running Quickbooks, and OrthoTrac. All of our users of either of these software products stopped working last night/this morning. Uninstallation of Emsisoft was the only fix we were able to impliment. Every work station was whitelisted first which did not work, but an uninstall did. Any info on this or input would be appriciated. I have about 100 users being impacted with this. Thanks as always folks!
  11. Thank you as always Fabian. I did have to use the reset.bat but it worked after reboot. I did however notice that I could not move a "no risk" flagged item into quarantine?
  12. Thank you for the quick reply. So is the uninstall/reinstall method going to be the solution as of right now? Need to communicate to our technicians what to do when clients call in. Thanks.
  13. Hey Fabian- I am still having issues this morning and it is randomly popping up all over the map for us. Multiple clients and multiple users- If we uninstall and reinstall, will we be faced with the same issue again, or was there a patch added to updates? On all of these machines with the Major error start up message, I cannot access the dashboard, and the .bat file solution has not worked on any of them.
  14. This solution did not fix the original issue on that computer and since my post, I have 4 more that are doing the same thing. My clients are getting concerned and some are getting upset. Is there a fix for this coming or already in play?
  15. Hi guys- I noticed that this has been a post before and I have waded through a bunch of it but most of the information is long ago and out of date. This is a brand new Dell PC running windows 10. We just installed Emsisoft on it yesterday. She shut down last night, and just fired it back up and the message was up on her desktop. A major problem prevents application start.. Emsisoft Security can't connect to the service application. Please restart your PC and try again or contact support if the problem remains. I had the client reboot and it came up again so I told her to leave it and I would check into it. FYI, the Service is set to Automatic,and the updater is set to stable. All other settings are default. Thank you all so much for how hard you work to protect us......
  16. I do not know that information. If it was, could this be the cause I have been experiencing?
  17. Today around noon, I started receiving emails from clients at different companies. Here is a excerpt from one email, but is pretty much what all said. "Hey man. I just had my screen flicker or do something. After it came back I had a bunch of these errors. Never heard of some of this stuff. Wanted to pass along to you. I missed a gSync one as well. This happened yesterday too but not to this extent and it was different messages." I have attached 5 screen shots in this example. All of the clients had similar issues some were the same or a combination of these- I find it odd that it occurred multiple times across the state, and was wondering if you guys had any ideas. All of these machines have Emsisoft as the primary AV, and Malwarebytes as a back up.
  18. Yes, I used the Emsisoft uninstall tool. And yes I can get to safe mode, and no those two files will not delete from this clients computer. I have moved the files to another location, was able to install a new version and update it. And as of this morning, it is working fine. So, my initial issue is resolved other than wondering why these files were preventing a re-install and why they will not delete.
  19. Ok, Update I found 2 file extensions left over after the removal kit was run. They were in C: Program Files (x86)>Emsisoft>a2Hook32.dll- there were 2 of them. I renamed the folder, moved it to another location, and the re-install worked like a charm. I cannot delete these 2 files. Every time I try, it crashes.
  20. I have a client who got a pop up stating that Emsisoft could not connect to the service, and to reboot the computer and try again. Did that. Tried to launch, same message. Went into services and Emsisoft service was stopped. Turned it back on and attempted launch, pop said emsisoft files are corrupted, please uninstall and reinstall your product (or some such) I ran uninstall from programs and features and then downloaded a new copy. When I attempted to reinstall, pop up stated there was already another version installed, and to uninstall it, reboot, then run the installer again. I rebooted. Same message. Found the forum with the uninstall kit and ran it successfully. Downloaded a clean copy and attempted a reinstall and got a crash. So I started digging- Rkill found nothing Malwarebytes found nothing Roguekill found 4 pups Adw found some stuff- attached the log here- also attached a screen shot of the crash (multiple times now) Any help would be appreciated. Frank AdwCleanerS0.txt emsisoftcrash2.bmp
  21. I have a client computer running 12 different instances of Conhost.exe. None of the tools I have used will kill the processes or remove the infection- I suspect it is Trojan.Fake MS, but I cant isolate it. Any suggestions or proceedure? Thanks in advance. Frank
  22. *A new ransomware called TeslaCrypt was discovered by Fabian Wosar of Emsisoft that encrypts your files using AES encryption and then demands a ransom payment in order to decrypt your files. What makes TeslaCrypt different than other ransomware is its attempt to cash in on the $81 billion game market by placing a strong emphasis on encrypting video game related files. Unlike other ransomware that typically target images, documents, videos, and applications databases, TeslaCrypt also targets over 40 different video game related files. The game files being targeted belong to games such as RPG Maker, Call of Duty, Dragon Age, StarCraft, MineCraft, World of Warcraft, World of Tanks, and Steam. Got some press on BleepingComputers.... great job! http://www.bleepingcomputer.com/forums/t/570709/crypto-ransomware/?hl=%2Bcrypto+%2Blockers
  23. Have a client that has gotten this virus today on his computer. I understand you guys are involved in looking into this infection. Is there a course of action yet? This is my reference; http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/all-files-are-renamed-with-extension-as-ecc/17c6213d-75b0-4970-a064-9267cb88419c
  • Create New...